Re: [SystemSafety] Hackers take over *control* of a car wirelessly

From: Mike Ellims < >
Date: Wed, 22 Jul 2015 10:06:40 +0100


Wow.  

> Tesla motors employs mostly twenty somethings, if Elon Musk's biography is any indication, I suspect they don't have much adult supervision.
 

That’s a pretty sweeping statement and given the number of employees (10,000+) probably isn’t completely correct. Tesla has actually been around for a while so the 20 and 30 something’s that started are now 30 and 40 something’s. In addition it may not be that relevant as age is only an indication of experience not of ability. I suspect that what they actually have is la bunch of 30 and 40 something’s heading up department with lots of 20 and 30 something doing the work. I don’t know about you but I suspect I was at my best somewhere between 30 and 50, most of the drive of a twenty something and just enough mistakes to make me careful.  

Tesla had its big security scare a few years back when the app interface got hacked and lead to a number of incidents with flashing lights and horns being beeps and unlocking of doors. Since then it seems to have upped its efforts on security. e.g.  

http://cleantechnica.com/2014/02/18/tesla-motors-snags-kristin-paget-apple/  

http://www.computerworld.com/article/2597937/security0/tesla-recruits-hackers-to-boost-vehicle-security.html    

From: systemsafety-bounces_at_xxxxxx Sent: 22 July 2015 04:06
To: 'Matthew Squair'; 'Heath Raftery'
Cc: systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Hackers take over *control* of a car wirelessly  

Dynamic updates to motor-vehicle functionality are a fact of life now. Tesla Motors is a "world leader" with this. Here is the release note list for the Tesla model S:

http://www.teslamotorsclub.com/showwiki.php?title=Model+S+software+firmware+changelog

All you need is a wireless net to get the job done in around 45 minutes. Theoretically you could probably do it with a mobile phone hotspot. I don't know if the model S as to be stationary for the upgrade to occur. Hope so.

Ethical discussions on whether or not this is a good thing are probably irrelevant. It's just happening all around us. Tesla motors employs mostly twentysomethings, if Elon Musk's biography is any indication, I suspect they don't have much adult supervision. It reminds me of the Battle of the Bulge where Hitler put kids in tanks who had never seen a tank battle. They had little concept of what was coming and no fear.

So if you don't like this trend you're probably old and uncool. Why shouldn't an auto be just like a mobile phone or your Windows laptop? What could go wrong???    

From: systemsafety-bounces_at_xxxxxx Sent: Wednesday, July 22, 2015 11:14 AM
To: Heath Raftery
Cc: systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Hackers take over *control* of a car wirelessly  

If someone can seriously think that updating hospital drug pump firmware via the interwebz is a 'good idea' I think there's minimal likelihood of a good flogging in the town square happening anytime soon.  

http://criticaluncertainties.com/2015/06/23/all-your-drug-pumps-are-belong-to-us/

Matthew Squair  

MSysEng, MIEAust, CPEng

Mob: +61 488770655

Email; Mattsquair_at_xxxxxx

Web: http://criticaluncertainties.com

On 22 Jul 2015, at 10:45 am, Heath Raftery <heath.raftery_at_xxxxxx

On 22/07/2015 3:44 AM, Martyn Thomas wrote:

On 21/07/2015 18:27, Tom Ferrell wrote:

Stating the obvious, but isn’t there an aspect of this that goes

something like, “Just because we can doesn’t mean we should.” To me,

there is a fundamental engineering ethics question that comes into

play when people start talking about the ‘Internet of Everything.’

When someone postulates hooking two systems together that always

before have been physically separated, engineers have a moral

responsibility IMHO to inject themselves firmly and fully into the

benefits vs. risks discussion with a strong bias of when in doubt, don’t.  

That sounds like excellent advice, but if I'm happy to connect A to B

and B to C, and you are happy to connect X to Y and Y to Z, whose fault

is it when Peter connects one of (A,B,C) to one of (X,Y,Z) and something

bad happens?

The general philosophical arguments are worth having, but doesn't this particular case offer a more direct argument?

If you're the one that connects cellular to CAN (via whatever paths already exist), you ought to be shot, stripped and jailed for gross negligence, *before* there's even an accident caused.

I'm flabbergasted that Chrysler could have released a vehicle where that electronic link even exists. No "great new feature"(TM) warrants such a gaping hole that would get every hacker from here to hell tapping away at the new door. There is zero evidence that anyone has ever designed a robust enough system that you could honestly connect the two and claim it safe.

All the "great new features" that are on the horizon can be achieved without making that link - updates over the air, Internet connected entertainment, vehicle location, etc. I see no excuse.

Heath



The System Safety Mailing List
systemsafety_at_xxxxxx
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus




_______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxx
Received on Wed Jul 22 2015 - 11:07:09 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST