[SystemSafety] Hackers take over *control* of a car wirelessly

[Matthew Squair]

Mental note to self, do not give keys of nuclear reactor to Gen Y.

On Wed, Jul 22, 2015 at 1:06 PM, Les Chambers <les at chambers.com.au> wrote:

>  Dynamic updates to motor-vehicle functionality are a fact of life now.
> Tesla Motors is a "world leader" with this. Here is the release note list
> for the Tesla model S:
>
>
> http://www.teslamotorsclub.com/showwiki.php?title=Model+S+software+firmware+changelog
>
> All you need is a wireless net to get the job done in around 45 minutes.
> Theoretically you could probably do it with a mobile phone hotspot. I don't
> know if the model S as to be stationary for the upgrade to occur. Hope so.
>
> Ethical discussions on whether or not this is a good thing are probably
> irrelevant. It's just happening all around us. Tesla motors employs mostly
> twentysomethings, if Elon Musk's biography is any indication, I suspect
> they don't have much adult supervision. It reminds me of the Battle of the
> Bulge where Hitler put kids in tanks who had never seen a tank battle. They
> had little concept of what was coming and no fear.
>
> So if you don't like this trend you're probably old and uncool. Why
> shouldn't an auto be just like a mobile phone or your Windows laptop? What
> could go wrong???
>
>
>
>
>
> *From:* systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:
> systemsafety-bounces at lists.techfak.uni-bielefeld.de] *On Behalf Of *Matthew
> Squair
> *Sent:* Wednesday, July 22, 2015 11:14 AM
> *To:* Heath Raftery
> *Cc:* systemsafety at lists.techfak.uni-bielefeld.de
> *Subject:* Re: [SystemSafety] Hackers take over *control* of a car
> wirelessly
>
>
>
> If someone can seriously think that updating hospital drug pump firmware
> via the interwebz is a 'good idea' I think there's minimal likelihood of a
> good flogging in the town square happening anytime soon.
>
>
>
>
> http://criticaluncertainties.com/2015/06/23/all-your-drug-pumps-are-belong-to-us/
>
> Matthew Squair
>
>
>
> MSysEng, MIEAust, CPEng
>
> Mob: +61 488770655
>
> Email; Mattsquair at gmail.com
>
> Web: http://criticaluncertainties.com
>
>
> On 22 Jul 2015, at 10:45 am, Heath Raftery <heath.raftery at restech.net.au>
> wrote:
>
>  On 22/07/2015 3:44 AM, Martyn Thomas wrote:
>
>  On 21/07/2015 18:27, Tom Ferrell wrote:
>
>  Stating the obvious, but isn’t there an aspect of this that goes
>
>   something like, “Just because we can doesn’t mean we should.” To me,
>
>   there is a fundamental engineering ethics question that comes into
>
>   play when people start talking about the ‘Internet of Everything.’
>
>   When someone postulates hooking two systems together that always
>
>   before have been physically separated, engineers have a moral
>
>   responsibility IMHO to inject themselves firmly and fully into the
>
>   benefits vs. risks discussion with a strong bias of when in doubt,
> don’t.
>
>
>
>  That sounds like excellent advice, but if I'm happy to connect A to B
>
>  and B to C, and you are happy to connect X to Y and Y to Z, whose fault
>
>  is it when Peter connects one of (A,B,C) to one of (X,Y,Z) and something
>
>  bad happens?
>
>
> The general philosophical arguments are worth having, but doesn't this
> particular case offer a more direct argument?
>
> If you're the one that connects cellular to CAN (via whatever paths
> already exist), you ought to be shot, stripped and jailed for gross
> negligence, *before* there's even an accident caused.
>
> I'm flabbergasted that Chrysler could have released a vehicle where that
> electronic link even exists. No "great new feature"(TM) warrants such a
> gaping hole that would get every hacker from here to hell tapping away at
> the new door. There is zero evidence that anyone has ever designed a robust
> enough system that you could honestly connect the two and claim it safe.
>
> All the "great new features" that are on the horizon can be achieved
> without making that link - updates over the air, Internet connected
> entertainment, vehicle location, etc. I see no excuse.
>
> Heath
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>
>


-- 
*Matthew Squair*
MIEAust CPEng

Mob: +61 488770655
Email: MattSquair at gmail.com
Website: www.criticaluncertainties.com <http://criticaluncertainties.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20150722/b9b4268b/attachment.html>