Re: [SystemSafety] Hackers take over *control* of a car wirelessly

From: Les Chambers < >
Date: Thu, 23 Jul 2015 07:51:30 +1000


Mike

I agree, it was a sweeping statement ... or more an impression gained from reading Ashlee Vance's biography of Elon Musk. I found Vance's account credible for the following reasons:

  1. Vance researched it thoroughly. He interviewed many people from Musk's personal and professional life. Halfway through its writing Musk caved in and agreed to cooperate even though his requests to "write footnotes" and edit content were refused.
  2. Vance bent over backwards to give a balanced account of Musk's adventures. There's a lot of good, some bad and much ugly in this story.

Given it was published for general consumption there is no detail on engineering process in Musk's companies, Space X and Tesla, but from a safety engineering point of view you can't help but gain the following impressions.

  1. All Musk companies operated (and may still be operating) under the constant threat of bankruptcy (situation normal for a start-up). The temptation to take shortcuts would have been huge (at least in the early days – and possibly still today).
  2. Eighty to one hundred hour work weeks are normal. New hires are warned that, "this is special forces territory". I tried this once for a year and discovered that you make dangerous design decisions late at night. After a year of this I turned into a gibbering idiot and took six months to recover. This leads me to my next point:
  3. Musk burns out his people. His turnover is high. The only people with the stamina to sustain this workload are probably 20 and 30 somethings who are learning on-the-job. You wonder what kind of design decisions they are making at midnight.
  4. Disagreeing with musk is career limiting, proving him wrong is fatal. He is not what you'd call a well adjusted kind of guy. Try establishing and running a consistent safety engineering regime in this kind of environment. Musk reacts very badly to being told he can't do something. That's pretty much what a safety authorities's job is. Any professional safety engineer would last microseconds in that kind of environment.
  5. Musk has achieved order of magnitude reductions in cost by bringing much of the design in-house. This means he is probably using designers with little background in what they are designing (there are some examples of this in the book), including what constitutes an unsafe design. The zeitgeist is, the establishment is bloated with too much cash, old, uncool and don't know what they're doing. In contrast we are younger, we are smarter, we are cooler, we can do it better. There's probably an element of truth in this but when it comes to safety engineering which, let's face it, can be boring as bat shit, you have to wonder if they're missing or ignoring something.

I'd recommend the book. It's a rattling good tale but it leaves you conflicted. On the one hand you can't help admiring Musk and what he has achieved in such a short time. He's probably a one in 100 year kind of guy. He's given the technology industry a good kick in the pants, created thousands of new jobs and moved space and road vehicle technology a few big steps into the future. Any capital invested in his companies has been very productive. It's also true that if you're going to make advances like this you've got a take risks. That is, drop your risk tolerance and be prepared to take casualties.  

That said I challenge you to read the book and ask yourself this question:

Would I want to be an astronaut sitting on top of one of Musk's rockets?

Right now MY answer would be NO! Taking casualties is fine as long as I'm not one of them. I'm content to be old and uncool. I'll leave that to the young and the fearless.  

Cheers

Les  

From: Mike Ellims [mailto:michael.ellims_at_xxxxxx Sent: Wednesday, July 22, 2015 7:07 PM
To: 'Les Chambers'; 'Matthew Squair'; 'Heath Raftery' Cc: systemsafety_at_xxxxxx Subject: RE: [SystemSafety] Hackers take over *control* of a car wirelessly  

Wow.  

> Tesla motors employs mostly twenty somethings, if Elon Musk's biography is any indication, I suspect they don't have much adult supervision.
 

That’s a pretty sweeping statement and given the number of employees (10,000+) probably isn’t completely correct. Tesla has actually been around for a while so the 20 and 30 something’s that started are now 30 and 40 something’s. In addition it may not be that relevant as age is only an indication of experience not of ability. I suspect that what they actually have is la bunch of 30 and 40 something’s heading up department with lots of 20 and 30 something doing the work. I don’t know about you but I suspect I was at my best somewhere between 30 and 50, most of the drive of a twenty something and just enough mistakes to make me careful.  

Tesla had its big security scare a few years back when the app interface got hacked and lead to a number of incidents with flashing lights and horns being beeps and unlocking of doors. Since then it seems to have upped its efforts on security. e.g.  

http://cleantechnica.com/2014/02/18/tesla-motors-snags-kristin-paget-apple/  

http://www.computerworld.com/article/2597937/security0/tesla-recruits-hackers-to-boost-vehicle-security.html    

From: systemsafety-bounces_at_xxxxxx Sent: 22 July 2015 04:06
To: 'Matthew Squair'; 'Heath Raftery'
Cc: systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Hackers take over *control* of a car wirelessly  

Dynamic updates to motor-vehicle functionality are a fact of life now. Tesla Motors is a "world leader" with this. Here is the release note list for the Tesla model S:

http://www.teslamotorsclub.com/showwiki.php?title=Model+S+software+firmware+changelog

All you need is a wireless net to get the job done in around 45 minutes. Theoretically you could probably do it with a mobile phone hotspot. I don't know if the model S as to be stationary for the upgrade to occur. Hope so.

Ethical discussions on whether or not this is a good thing are probably irrelevant. It's just happening all around us. Tesla motors employs mostly twentysomethings, if Elon Musk's biography is any indication, I suspect they don't have much adult supervision. It reminds me of the Battle of the Bulge where Hitler put kids in tanks who had never seen a tank battle. They had little concept of what was coming and no fear.

So if you don't like this trend you're probably old and uncool. Why shouldn't an auto be just like a mobile phone or your Windows laptop? What could go wrong???    

From: systemsafety-bounces_at_xxxxxx Sent: Wednesday, July 22, 2015 11:14 AM
To: Heath Raftery
Cc: systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Hackers take over *control* of a car wirelessly  

If someone can seriously think that updating hospital drug pump firmware via the interwebz is a 'good idea' I think there's minimal likelihood of a good flogging in the town square happening anytime soon.  

http://criticaluncertainties.com/2015/06/23/all-your-drug-pumps-are-belong-to-us/

Matthew Squair  

MSysEng, MIEAust, CPEng

Mob: +61 488770655

Email; Mattsquair_at_xxxxxx

Web: http://criticaluncertainties.com

On 22 Jul 2015, at 10:45 am, Heath Raftery <heath.raftery_at_xxxxxx

On 22/07/2015 3:44 AM, Martyn Thomas wrote:

On 21/07/2015 18:27, Tom Ferrell wrote:

Stating the obvious, but isn’t there an aspect of this that goes

something like, “Just because we can doesn’t mean we should.” To me,

there is a fundamental engineering ethics question that comes into

play when people start talking about the ‘Internet of Everything.’

When someone postulates hooking two systems together that always

before have been physically separated, engineers have a moral

responsibility IMHO to inject themselves firmly and fully into the

benefits vs. risks discussion with a strong bias of when in doubt, don’t.  

That sounds like excellent advice, but if I'm happy to connect A to B

and B to C, and you are happy to connect X to Y and Y to Z, whose fault

is it when Peter connects one of (A,B,C) to one of (X,Y,Z) and something

bad happens?

The general philosophical arguments are worth having, but doesn't this particular case offer a more direct argument?

If you're the one that connects cellular to CAN (via whatever paths already exist), you ought to be shot, stripped and jailed for gross negligence, *before* there's even an accident caused.

I'm flabbergasted that Chrysler could have released a vehicle where that electronic link even exists. No "great new feature"(TM) warrants such a gaping hole that would get every hacker from here to hell tapping away at the new door. There is zero evidence that anyone has ever designed a robust enough system that you could honestly connect the two and claim it safe.

All the "great new features" that are on the horizon can be achieved without making that link - updates over the air, Internet connected entertainment, vehicle location, etc. I see no excuse.

Heath



The System Safety Mailing List
systemsafety_at_xxxxxx  

 <https://www.avast.com/antivirus> Image removed by sender. Avast logo

This email has been checked for viruses by Avast antivirus software. www.avast.com <https://www.avast.com/antivirus>  



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Wed Jul 22 2015 - 23:51:50 CEST

This archive was generated by hypermail 2.3.0 : Mon Feb 18 2019 - 10:17:07 CET