User: Password:
|
|
Subscribe / Log in / New account

Linux and automotive computing security

Linux and automotive computing security

Posted Oct 10, 2012 20:26 UTC (Wed) by jimparis (guest, #38647)
In reply to: Linux and automotive computing security by drag
Parent article: Linux and automotive computing security

Idiotic? But your entertainment system is the screen where the rear-view backup camera gets displayed. You need the computer controlling the transmission to be able to tell the computer controlling the entertainment system to start displaying the camera feed. Now they're wired up. And I think you'll find that by the time you hit every use case (safety interlocks that prevent changing GPS coordinates while the car is driving, vehicular speed being to augment the GPS in tunnels, etc) you'll find that just about everything gets connected somehow.


(Log in to post comments)

Linux and automotive computing security

Posted Oct 10, 2012 21:26 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

"Back in my days" (tm) we'd just have placed a purely electric connection, i.e. "short these two wires if the reverse gear is engaged". No need for complex digital interface.

Linux and automotive computing security

Posted Oct 10, 2012 23:36 UTC (Wed) by martinfick (subscriber, #4455) [Link]

"Back in my day", people looked behind their cars before putting the car in reverse. I was shocked to be recently hit standing still in a parking lot by someone relying on their reverse warning and not bothering to look; the warning never went off.

I could not help but think of the modern Battlestar Galactica series when reading this article, I am now fairly convinced that I simly don't want such a network in my vehicle. If the authorities mandate it, I will just stick with my used cars for as long as I can (luckily 90s galvanizing makes that more of a possibility). I don't own a vehicle made this melenium and I don't plan to, they simply are less safe and full of BS that no one needs. Everytime I rent a car I am shocked at how poor the visibility is due to the large air bag filled columns pushed too far forward impeeding the view out the side of the windshield making a left turn a high risk acitvity (for me and anyone nearby). It's sad, but soon it will be mandated that we all drive tanks with nothing but a 7 inch screen to view the outside chaos of dead pedestrians left in our wake, and the media will brag about how much safer modern cars are than ever. :(

Linux and automotive computing security

Posted Oct 10, 2012 23:44 UTC (Wed) by jimparis (guest, #38647) [Link]

> "Back in my day", people looked behind their cars before putting the car in reverse. I was shocked to be recently hit standing still in a parking lot by someone relying on their reverse warning and not bothering to look; the warning never went off.

I was referring to the rear-view cameras, which are kind of a necessity on some cars these days due to poor visibility... (see below)

> they simply are less safe and full of BS that no one needs. Everytime I rent a car I am shocked at how poor the visibility is due to the large air bag filled columns pushed too far forward

I think many of the visibility problems stem from pushing to get better gas mileage. Vertical spaces like windows keep getting smaller. Accordingly, some of the technological "improvements" like rear-view cameras are to try to counteract those problems. It's not (necessarily) just some cranky designer having a bad day.

Linux and automotive computing security

Posted Oct 11, 2012 3:39 UTC (Thu) by ncm (subscriber, #165) [Link]

According to report from inside the automotive industry, what drives the trend to reduced visibility is the desire by female buyers (who now have a predominant influence on new-car purchase decisions) to feel less "exposed". In other words, car makers are making everyone, including buyers, less safe so as to be perceived by buyers as safer.

Linux and automotive computing security

Posted Oct 16, 2012 12:18 UTC (Tue) by wookey (subscriber, #5501) [Link]

Reduced visibility due to thicker A pillars is due to more stringent crash testing/requirements. 'NCAP tests' in Europe. And a god NCAP rating really does help sell cars. But it also makes them heavier and harder to see out of. The steadily improving motor vehicle injury stats have been coming at the expense of those outside (pedestrians, cyclists, motorcyclists) for some time now. At least in Europe TPTB have finally understood that trying to improve the numbers by simply discouraging those other modes is counter-productive in so many other ways (obesity, congestion, noise, expense and general public realm issues), but rowing back from 50 years of 'the car is king' thinking and development is hard to do. Visibility, crash ratings and excessive tech in cars are just small parts of a much wider issue.

I've been holding on to my 1997 pre-ECU vehicle for a while now, despite its relative inefficiency, hoping to get something with free software in it so I had a least a chance of keeping some control over quality. It looks like it'll have to last at least a few more years before I can actually buy anything I might consider acceptable. But there are at least signs of useful progress in this sphere.

Linux and automotive computing security

Posted Oct 11, 2012 14:42 UTC (Thu) by ortalo (subscriber, #4654) [Link]

That's too late.
Even if you can avoid the security/safety issue in your car (which I doubt you will be able to), you will not be able to avoid it in the next place where embedded (computer) systems (security) will raise concerns (tubes, trains, planes, houses, nuclear industry, chemical industry, ... put your favourite risk here ...). It's even possible that the automotive industry is not specifically "in advance" on this topic...

The problem is taking seriously into account computer security. I had hoped in the 90s that maybe this could be done before computing invaded everything. It seems I was wrong. [1] So now, what do we do to change that state of fact (before even your old no-computer car really gets unusable)?
Switching to Linux may be an improvement.

But note that if I had the choice now, I would switch to OpenBSD. Not because of the technical quality, but because of the design target.
(Unless Linus and other developpers of the kernel clearly upgrade the priority for security of course.)

PS: Another practical idea but intended for cars manufacturers: offer brand new cars to all linux kernel developers. Now. And for BSDs devs too (come on, that business is not *so* in crisis). Let's remember them that was what Digital did 20 years ago to get Linux on its Alpha CPU.

[1] In the meantime, in my opinion, security only seriously expanded to the gaming industry and to some extent the media/telco. industry. What an irony!

Linux and automotive computing security

Posted Oct 19, 2012 12:53 UTC (Fri) by JEFFREY (guest, #79095) [Link]

"You don't want [CAN bus] in [your] vehicle."

You'd really shudder to know that CAN bus is also used in SCADA/DCS systems that operate dangerous boilers, refineries, and power plants.

Linux and automotive computing security

Posted Oct 19, 2012 13:59 UTC (Fri) by Jonno (subscriber, #49613) [Link]

CAN itself is no worse than Ethernet, except for speed and packet length limitations. On the contrary, it offers several benefits over plain ethernet, such as built-in QoS and a much lower cost to deploy.

The difference is that there are several standard abstraction layers built on top of ethernet which provides additional features, including some security features. Unfortunately these abstraction layers are way to complex to run on the 20 kHz, 8 bit system with 64 kB RAM you typically see in a sensor, leaving you the options of raw ethernet, raw CAN, or raw RS-232 for connectivity.

When given those choices, using CAN is usually a pretty good option, you just have to remember its limitations and design your application protocol with security in mind, as you wont "inherit" any from the underlying protocol, like you do with TCP/IP. (Though that is probably true anyway, as the security features of TCP/IP are quite limited).

Linux and automotive computing security

Posted Oct 15, 2012 14:14 UTC (Mon) by drag (guest, #31333) [Link]

> Idiotic?

Yes.

> But your entertainment system is the screen where the rear-view backup camera gets displayed.

Personally I have learned to turn my head.

> You need the computer controlling the transmission to be able to tell the computer controlling the entertainment system to start displaying the camera feed.

You can have data that goes one way.

For example it's very common in industrial applications dealing with potentially high voltage to use 'light connectors' to join disparate electrical systems. Basically you just have some infrared transmitters on one side and a infrared sensor on another and thus you can transfer information without a direct electrical connection.

So it's very possible to have a properly functioning gauges and other devices without the ability for any attacker, no matter how determined or skilled, to use your entertainment system to subvert your automobile remotely.

> And I think you'll find that by the time you hit every use case (safety interlocks that prevent changing GPS coordinates while the car is driving,

Idiotic safety controls. If I had something like that on my car I would just turn the GPS off and use my cell phone and google maps, or other equivalent. I don't need anti-features in my car. Driving is hard enough without having to fight my car for control.

> vehicular speed being to augment the GPS in tunnels, etc) you'll find that just about everything gets connected somehow.

Only if it is designed by moronic engineers.

Linux and automotive computing security

Posted Oct 15, 2012 14:18 UTC (Mon) by fuhchee (guest, #40059) [Link]

"... optical isolation ..."
"So it's very possible [to do one-way communication]"

The second does not follow from the first. The need for two-way communication comes from application requirements, and can be implemented at the physical level with wires, wireless, two unidirectional optical isolators, whatever.

Linux and automotive computing security

Posted Oct 15, 2012 16:37 UTC (Mon) by bronson (subscriber, #4806) [Link]

> Personally I have learned to turn my head.

Check out the new 2012/2013 models. Crash and fuel economy requirements have made deck heights very high and D-pillars very wide. Rearward visibility is suffering mightily.

Linux and automotive computing security

Posted Oct 16, 2012 8:54 UTC (Tue) by njwhite (guest, #51848) [Link]

>> And I think you'll find that by the time you hit every use case (safety interlocks that prevent changing GPS coordinates while the car is driving,
> Idiotic safety controls. If I had something like that on my car I would just turn the GPS off and use my cell phone and google maps, or other equivalent. I don't need anti-features in my car. Driving is hard enough without having to fight my car for control.

I quite agree. I don't know why people want this sort of thing in their cars. Indeed this article in general just made me not want to ever get a car built in the last 10 years. Of all activities, something as dangerous as driving is something I would be least comfortable reducing my control over. Is the only option for those of us who value control in driving now kit cars and antiques?

Linux and automotive computing security

Posted Oct 18, 2012 18:12 UTC (Thu) by TRauMa (guest, #16483) [Link]

Dont worry so much, all these driving helpers are a transient state anyway. Soon you'll just enter your car and relax while it will do all the driving, and even if you would be tempted to drive yourself it would be a bad idea because most lanes on the highway will be closed to human drivers due to security reasons.


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds