Two well-known former car hackers who were hired by GM’s Cruise Automation have a simple solution for bolstering security in the age of car connectivity: ditch as much technology as you can afford to.
“If you don’t need something, take it out,” Cruise Automation Principal AV Security Architect Chris Valasek said at a presentation at the Black Hat USA security conference last week. The fewer connections there are to a vehicle’s core computer hardware, he and his colleague Charlie Miller posit, the fewer the potential avenues of attack.
In autonomous vehicles, they say, this means that automakers can forget about Bluetooth, as occupants won’t need hands-free calling anyway. The radio, too, can be omitted as a majority of consumers will opt to listen to their phones, and sophisticated, integrated infotainment systems can be replaced by pared-down tablets isolated from the core systems in the car.
This is all rather common sense, yet as automakers have gradually begun to offer more connectivity features in automobiles, those features generally haven’t been made appropriately isolated from the vehicles’ core functions. Valasek and Miller rose to prominence in 2015 after hacking a Jeep Cherokee by reprogramming its control software using the internet, and their hack could have been configured to spread to other Cherokees on the road. News of the hack ended up leading to the recall of some 1.4 million Fiat Chrysler products, including certain Jeep Cherokee and Grand Cherokees, Dodge Challengers, Chrysler 200s, and Ram pickup and chassis cab trucks.
(Source: Yahoo! Finance)
Comments
Yep. Just isolate Bluetooth, digital radio and any other ancilliary systems (like infotainment) which are non-essential to operating the car on to separate on-board computers, incapable of sending any information or data to the ECM or Engine Management computers. Job done.
Obviously car manufacturers are mechanical engineers, not electronic engineers with in depth understanding of Internet communication protocols, or any wireless protocols for that matter. Time to catch up boys and girls.
You are wrong! Just removing any radio communications is enough to comply with security needs. The rest of the AV can keep its electronics as they are. Oh, remove the OBD2 port from the interior, too!
No. I’m right. I didn’t want to go into networking communications in depth without putting the rest of the room to sleep so I paraphrased.
Ever had a problem where one computer won’t talk to another computer?? It’s easy to make that happen.
By the way accessing the onboard OBD2 port implies you have ‘physical access’ (you’re in it) to the vehicle – that’s not what the article is talking about. It’s talking about “wireless” access and control, say where a vehicle driving alongside yours is accessing the vehicle driving control systems via Bluetooth or wireless.