This kind of makes me want to go out and buy an old old car:


The researchers noted that their probing found flaws that could be exploited by an attacker to inject messages into a target vehicle's CAN bus – the spinal cord, if you will, of the machine – and engine control unit while the car was being driven. That would potentially allow miscreants to take over or interfere with the operation of the vehicle to at least some degree.

https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/

The idea someone else can hack my car on the road is about as scary as it can get.

jtk

Seen several articles like this over the last few years. Some were in reputable sources, others seemed like sensationalism. But it's a concern that's out there and people are investigating just how significant it might really be. One article talked about GM's OnStar system as a potential vector. Another talked about bluetooth. I'm no expert, but I think I know this much - if there is a pathway into any computer system, you've got a risk that someone will exploit it. If they have access, skills and motive.

Guess we'll see how this all shakes out.

Fred

Seen several articles like this over the last few years. Some were in reputable sources, others seemed like sensationalism. But it's a concern that's out there and people are investigating just how significant it might really be. One article talked about GM's OnStar system as a potential vector. Another talked about bluetooth. I'm no expert, but I think I know this much - if there is a pathway into any computer system, you've got a risk that someone will exploit it. If they have access, skills and motive.

Guess we'll see how this all shakes out.

Fred

Agreed. Luckily most people don't have the skill set needed to do things like that. But that are lots od script kiddies out there that have no qualms about hacking using other people's code. They don't really understand what they are doing but they can do some damage.

Security is always about the risk involved versus the gain involved.

It's the bikes as well, mine has a CAN bus electrical system.............Rod.

In response to this kind of potential risk, most, if not all of the manufacturers have installed firewalls in the systems. Some have even put a firewall on the physical port in the cabin that actually limits what can be plugged in there to specific tools. The dealers's tools will work, but many 3rd party tools will not work anymore. (Jeep did that with the Grand Cherokee as of MY18) This prevents nefarious code from entering maliciously from a 3rd party tool or application via that physical port. That's in addition to the steps I mentioned for the "over the air" risk.

I remember several years ago watching a show about modern big rigs. The maker can read the black boxes over the air and recommend oil change times etc to the dash. They use this to diagnose problems when called even before the truck makes it into the shop. They can also update the software for engine management and transmission over the air.
I believe Tesla has updated the onboard software several times over the air by cellphone connection. I do not believe the owner was ever asked if they wanted the changes.
I have to say that the internet and hackers are two things the scifi writers did not predict.
Bill D

...I have to say that the internet and hackers are two things the scifi writers did not predict.

You might want to check out William Gibson. He's the scifi author who invented the term "cyberspace", first used in his short story "Burning Chrome". It's about some freelance hackers and was published in 1982. Interestingly enough, the hacking software they used came from Russia.

They're all sensationalized and hyped. Almost anything you read about tech in mainstream media is purposely manipulated to instill fear in you and get you to keep tuning in to this garbage.

Remember the Jeep hacking thing a few years ago? All BS. I ended up working with a rather (in)famous hacker to see if there really was any way to do this remotely. Nope. Basically you had to have full physical access and do a lot of work just to inject simple things into the bus. Silly and useless.

Our BMW has the service connection in it also. We never paid for it after the free period, so it doesn't actually work. I once had a conversation with the service advisor assuring him that yes, I would add some anti-freeze, and that no, it was not worth an hour of driving (there and back) just to get it free from them.

(Jeep did that with the Grand Cherokee as of MY18)

And on the Wrangler with 2015. I can no longer use a programmer to change some settings. They left some open, like the ability to reprogram lockers, gear ratios, TPMS settings, and the like. But I can no longer change what they consider safety or reliability items, like I did with my 2013. In order to get around this, you can send your ECU to companies that will physically open and remove a chip, reprogram it, and put it back together. Then it becomes unlocked and you can change it all you want.

I remember several years ago watching a show about modern big rigs. The maker can read the black boxes over the air and recommend oil change times etc to the dash. They use this to diagnose problems when called even before the truck makes it into the shop. They can also update the software for engine management and transmission over the air.
I believe Tesla has updated the onboard software several times over the air by cellphone connection. I do not believe the owner was ever asked if they wanted the changes.
I have to say that the internet and hackers are two things the scifi writers did not predict.
Bill DAlmost every GE locomotive sold in the last 20 years has this function, but it comes at a price. GE can tell owner how locomotive is working, and what services are needed, and how soon.

Thanks for posting Jim. Pay no attention to “the experts.” So far we have seen OPM hacked, Equifax hacked, the Wannacry shutdown of most of Europe, NSA hacked, Facebook scandal and on and on.

It may not be an issue now (I agree the chances of some 19 year old hacker deciding to try to mess with your particular car are remote) but when we have millions of cars on the roads with wireless update capability some hostile nation state is going to put resources into looking at how to cause chaos through those connections in order to gain leverage. People are not taking this seriously enough.



This kind of makes me want to go out and buy an old old car:

https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/

The idea someone else can hack my car on the road is about as scary as it can get.

jtk