[SystemSafety] Hackers take over *control* of a car wirelessly

Matthew Squair mattsquair at gmail.com
Wed Jul 22 03:14:16 CEST 2015


If someone can seriously think that updating hospital drug pump firmware
via the interwebz is a 'good idea' I think there's minimal likelihood of a
good flogging in the town square happening anytime soon.

http://criticaluncertainties.com/2015/06/23/all-your-drug-pumps-are-belong-to-us/

Matthew Squair

MSysEng, MIEAust, CPEng
Mob: +61 488770655
Email; Mattsquair at gmail.com
Web: http://criticaluncertainties.com

On 22 Jul 2015, at 10:45 am, Heath Raftery <heath.raftery at restech.net.au>
wrote:

On 22/07/2015 3:44 AM, Martyn Thomas wrote:

On 21/07/2015 18:27, Tom Ferrell wrote:

Stating the obvious, but isn’t there an aspect of this that goes

something like, “Just because we can doesn’t mean we should.” To me,

there is a fundamental engineering ethics question that comes into

play when people start talking about the ‘Internet of Everything.’

When someone postulates hooking two systems together that always

before have been physically separated, engineers have a moral

responsibility IMHO to inject themselves firmly and fully into the

benefits vs. risks discussion with a strong bias of when in doubt, don’t.


That sounds like excellent advice, but if I'm happy to connect A to B

and B to C, and you are happy to connect X to Y and Y to Z, whose fault

is it when Peter connects one of (A,B,C) to one of (X,Y,Z) and something

bad happens?


The general philosophical arguments are worth having, but doesn't this
particular case offer a more direct argument?

If you're the one that connects cellular to CAN (via whatever paths already
exist), you ought to be shot, stripped and jailed for gross negligence,
*before* there's even an accident caused.

I'm flabbergasted that Chrysler could have released a vehicle where that
electronic link even exists. No "great new feature"(TM) warrants such a
gaping hole that would get every hacker from here to hell tapping away at
the new door. There is zero evidence that anyone has ever designed a robust
enough system that you could honestly connect the two and claim it safe.

All the "great new features" that are on the horizon can be achieved
without making that link - updates over the air, Internet connected
entertainment, vehicle location, etc. I see no excuse.

Heath

_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20150722/8c44d63d/attachment.html>


More information about the systemsafety mailing list