Re: [SystemSafety] Hackers take over *control* of a car wirelessly

From: Les Chambers < >
Date: Wed, 22 Jul 2015 13:06:17 +1000


Dynamic updates to motor-vehicle functionality are a fact of life now. Tesla Motors is a "world leader" with this. Here is the release note list for the Tesla model S:

http://www.teslamotorsclub.com/showwiki.php?title=Model+S+software+firmware+changelog

All you need is a wireless net to get the job done in around 45 minutes. Theoretically you could probably do it with a mobile phone hotspot. I don't know if the model S as to be stationary for the upgrade to occur. Hope so.

Ethical discussions on whether or not this is a good thing are probably irrelevant. It's just happening all around us. Tesla motors employs mostly twentysomethings, if Elon Musk's biography is any indication, I suspect they don't have much adult supervision. It reminds me of the Battle of the Bulge where Hitler put kids in tanks who had never seen a tank battle. They had little concept of what was coming and no fear.

So if you don't like this trend you're probably old and uncool. Why shouldn't an auto be just like a mobile phone or your Windows laptop? What could go wrong???    

From: systemsafety-bounces_at_xxxxxx Sent: Wednesday, July 22, 2015 11:14 AM
To: Heath Raftery
Cc: systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Hackers take over *control* of a car wirelessly  

If someone can seriously think that updating hospital drug pump firmware via the interwebz is a 'good idea' I think there's minimal likelihood of a good flogging in the town square happening anytime soon.  

http://criticaluncertainties.com/2015/06/23/all-your-drug-pumps-are-belong-to-us/

Matthew Squair  

MSysEng, MIEAust, CPEng

Mob: +61 488770655

Email; Mattsquair_at_xxxxxx

Web: http://criticaluncertainties.com

On 22 Jul 2015, at 10:45 am, Heath Raftery <heath.raftery_at_xxxxxx

On 22/07/2015 3:44 AM, Martyn Thomas wrote:

On 21/07/2015 18:27, Tom Ferrell wrote:

Stating the obvious, but isn’t there an aspect of this that goes

something like, “Just because we can doesn’t mean we should.” To me,

there is a fundamental engineering ethics question that comes into

play when people start talking about the ‘Internet of Everything.’

When someone postulates hooking two systems together that always

before have been physically separated, engineers have a moral

responsibility IMHO to inject themselves firmly and fully into the

benefits vs. risks discussion with a strong bias of when in doubt, don’t.  

That sounds like excellent advice, but if I'm happy to connect A to B

and B to C, and you are happy to connect X to Y and Y to Z, whose fault

is it when Peter connects one of (A,B,C) to one of (X,Y,Z) and something

bad happens?

The general philosophical arguments are worth having, but doesn't this particular case offer a more direct argument?

If you're the one that connects cellular to CAN (via whatever paths already exist), you ought to be shot, stripped and jailed for gross negligence, *before* there's even an accident caused.

I'm flabbergasted that Chrysler could have released a vehicle where that electronic link even exists. No "great new feature"(TM) warrants such a gaping hole that would get every hacker from here to hell tapping away at the new door. There is zero evidence that anyone has ever designed a robust enough system that you could honestly connect the two and claim it safe.

All the "great new features" that are on the horizon can be achieved without making that link - updates over the air, Internet connected entertainment, vehicle location, etc. I see no excuse.

Heath



The System Safety Mailing List
systemsafety_at_xxxxxx


The System Safety Mailing List
systemsafety_at_xxxxxx Received on Wed Jul 22 2015 - 05:06:38 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST