TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here: paypal.me/SupportTMC

BT launches advisory service to prevent cyber attacks on connected cars

Discussion in 'Model S' started by thegruf, Apr 20, 2015.

  1. thegruf

    thegruf Member

    Joined:
    Mar 24, 2015
    Messages:
    944
    Location:
    UK
    BT (yup - that paragon of virtue) ethically hacking our cars ... now there's a (somewwhat terrifying) thought

    http://www.theinquirer.net/inquirer/news/2404828/bt-launches-advisory-service-to-prevent-cyber-attacks-on-connected-cars

    personally I think I'd rather let my kids loose on it, 10 minutes they'd probably be able to drive it from their Xbox :)

    More generally though, the more people that do this beneficially the better, before the cars get hacked for real
    Seem to remember even Elon was warned off putting Android in the cars.
     
  2. scottm

    scottm Active Member

    Joined:
    Jun 13, 2014
    Messages:
    1,289
    Location:
    Canada
    Q: Is it safe to wrap my model S in tin foil when not in use to prevent this kind of unwanted telemetry entry?
     
  3. CHG-ON

    CHG-ON Still in love after all these miles

    Joined:
    Jun 24, 2014
    Messages:
    2,766
    Location:
    Santa Cruz Mountains, USA
    Don't forget your own hat too!
     
  4. evme

    evme Member

    Joined:
    Jul 5, 2013
    Messages:
    616
    Location:
    NY
    Tesla who is from silicon valley has far more experience with software than other manufacturers. Though overall, the whole fear of hacking of cars is mostly overblown. There is also no issue of putting Android on the car, not only would it run in a sandbox, only apps approved by Tesla would be included. Even within the smartphone scene, most hacked devices are in China, where Google is banned so makes use ASOP and their own appstores which allow any app they want in. And even then, 50% of these make up paid SMS, while the other half just spam you. The only exploits that pose any threat to Android is ones which allow for rooting the device. And if you ever rooted a device, thee process is fairly annoying and usually involves re-flashing the bootloader through USB. Which would be completely impossible since at best Tesla would grant you MTP/PTP access via USB. And as I explained, even if you somehow managed to accomplish root, it still would not get you anywhere because it is sand boxed.
     
  5. thegruf

    thegruf Member

    Joined:
    Mar 24, 2015
    Messages:
    944
    Location:
    UK
    Sorry - going to have to pick that apart a bit

    Tesla who is from silicon valley has far more experience with software than other manufacturers

    I seriously doubt it, and I doubt even more you could evidence that claim.
    What they may have, is some more innovative thinking than established manufacturers.

    the whole fear of hacking of cars is mostly overblown

    I disagree, there has already been instances of unauthorised access to car's software. The classic of course is OBD remapping. Users and tuners may think this is fun, and many of us have done it, ahem, but to manufacturers it is a warranty nightmare and is a microstep between a good map and a destroyed engine or gearbox. So the manufacturers now encrypt the access, so the tuners work ways around it. Bear in mind that your Tesla is permanently connected to the internet either through mobile or wifi. You want to bet nobody can get in? TACC and other automated driving features just presents a significant opportunity for malicious endeavor.

    There is also no issue of putting Android on the car

    I recall reading that Google themselves advised against it

    And if you ever rooted a device, thee process is fairly annoying and usually involves re-flashing the bootloader through USB
    It's trivial to anyone with any experience whatsoever.

    Both IOS and Google's play store have had apps pulled when malware has been restrospectively discovered. They are not impervious to malicious code.
    Both companies also have vastly larger software teams than Tesla do.

    Bottom line is preventing malware and hacking is a constantly moving target, nothing is hack proof, there is a valid concern especailly about Tesla due to it always connected natrue, and any and all benign strategies should be employed to test it to uncover zero day weaknesses.

    Apart from our own safety can you imagine the field day the press would have if a Tesla did get hacked and the damage that would result to Tesla.
     
  6. LetsGoFast

    LetsGoFast Active Member

    Joined:
    Oct 13, 2014
    Messages:
    1,342
    Location:
    Virginia
    Having consulted with Ford, I don't doubt it, but I agree it is fundamentally impossible to prove.
     
  7. thegruf

    thegruf Member

    Joined:
    Mar 24, 2015
    Messages:
    944
    Location:
    UK
    I suspect you wont be able to share that with us - pity
     
  8. evme

    evme Member

    Joined:
    Jul 5, 2013
    Messages:
    616
    Location:
    NY
    In silicon valley, there are far more experiences programmers who manage far more critical systems. On top of that, do you think the one who decides the hardware and the ones who write the software are the same people? In silicon valley the process is far more integrated. Elon Musk himself comes from a programmer background.

    If you are remapping through OBD you already got physical access to the car. Physical access is not the same as remote access. Plus, why would anyone bother through the trouble of hacking a car? They are better off hacking a bank or a company, far more money in it.

    The only thing that I remember Google advising against was they wanted manufacturers to use Android Auto. It is same reason why Google advised against using Android for smart watches and told them to use Android Wear instead. So of course Google wants people to use their product instead of ASOP.

    It depends on the device, some devices remain unrooted till this day. If a manufacturer today decided to put an eFuse, it would be game over. But again today's rooting methods require physical access.

    Right, but they also have a large amount of apps that vary. And none of them bother to check the code, Google checks the code only through automated systems. Apple only checks if it violates their Terms of service. With the small amount of apps Tesla will deal with, they can check the codes manually.

    I can't iamgine someone writing malware for cars, and hacking them makes little sense unless you own the car. The issue of hacking is a form of paranoia, it is not as big of a deal as the media makes it out to be.
     

Share This Page