[SystemSafety] Hackers take over *control* of a car wirelessly

[Heath Raftery]

On 22/07/2015 3:44 AM, Martyn Thomas wrote:
> On 21/07/2015 18:27, Tom Ferrell wrote:
>> Stating the obvious, but isn’t there an aspect of this that goes
>> something like, “Just because we can doesn’t mean we should.” To me,
>> there is a fundamental engineering ethics question that comes into
>> play when people start talking about the ‘Internet of Everything.’
>> When someone postulates hooking two systems together that always
>> before have been physically separated, engineers have a moral
>> responsibility IMHO to inject themselves firmly and fully into the
>> benefits vs. risks discussion with a strong bias of when in doubt, don’t.
>
> That sounds like excellent advice, but if I'm happy to connect A to B
> and B to C, and you are happy to connect X to Y and Y to Z, whose fault
> is it when Peter connects one of (A,B,C) to one of (X,Y,Z) and something
> bad happens?

The general philosophical arguments are worth having, but doesn't this 
particular case offer a more direct argument?

If you're the one that connects cellular to CAN (via whatever paths 
already exist), you ought to be shot, stripped and jailed for gross 
negligence, *before* there's even an accident caused.

I'm flabbergasted that Chrysler could have released a vehicle where that 
electronic link even exists. No "great new feature"(TM) warrants such a 
gaping hole that would get every hacker from here to hell tapping away 
at the new door. There is zero evidence that anyone has ever designed a 
robust enough system that you could honestly connect the two and claim 
it safe.

All the "great new features" that are on the horizon can be achieved 
without making that link - updates over the air, Internet connected 
entertainment, vehicle location, etc. I see no excuse.

Heath