No connected car for me. thanks.

Story: A Deep Flaw in Your Car Lets Hackers Shut Down Safety FeaturesTotal Replies: 3
Author Content

Aug 21, 2017
10:26 AM EDT
Maybe this is why I still drive a 2005 vehicle with no GPS. It does have a black box though, but I don't think it is communicating - just storing telemetry data.

Aug 21, 2017
11:10 AM EDT
The owner's manual for my car puts it this way (paraphrased):

The computer keeps a history, for 10 (?--I think) seconds, of basic driver information, such as throttle position, brake pedal position, steering wheel position, and vehicle speed. In the event of airbag deployment, this information is stored immediately into non-volatile storage, in case later analysis is desired. A court may request the data through subpoena, or the manufacturer may request the data for automotive defect research; other interested parties may contact the manufacturer for further investigation.

(and I tip my hat to the manufacturer for being so frank about operator tracking, 12 years ago)

Aug 22, 2017
4:52 PM EDT
WiFi connected cars is not a good idea...

WiFi connected cars with the WiFi connection merged into the vehicle control system is even worse.

The article is like many of this type... short on details big on hype.

The CAN protocol is just like any other microcontroller to microcontroller protocol. The claim that this is a problem with the CAN protocol itself is like claiming that an exploit in MS Windows is actually a problem of the RS-232 protocol of the connected modem...

A vehicle control system needs to run in realtime with very little overhead or latency. So, placing crypto within the control system is a bad idea. These car manufacturers need to tell the consumers: "No. You can't have your entertainment interface directly connected to your cars control system." ... These systems need to be separate systems. ODBII access is usually only available inside the car. So, if thief opens the door... bye, bye car. But, that's been true for a long long time.

Aug 22, 2017
7:04 PM EDT
Remember GM's OnStar satellite system? My mother got this in a new Suburban about 12 years ago, and I warned her then.

"OnStar is theoretically possible to be remotely activated by malicious third parties or under government order. This activation would enable third parties to track the location of the car, along with the ability to listen to the contents of any conversations carried on by the occupants within the car without their consent. However, the FBI has been denied the ability to use this as it disables OnStar's safety features as determined by the Ninth Circuit Court of Appeals.[10] In its document of privacy practices, OnStar states that it is not possible for them to listen to or monitor conversations in a car without the knowledge of the occupant. The hardware is designed so that when an advisor calls into a car, a light flashes, a ring tone is heard, and the radio will mute.[11]

In 2011, OnStar said that it would start retaining all the information collected by the GPS and internal system so that it could be sold to third parties (possibly insurance companies).[12] Although this data is supposed to be “anonymized”, exactly what they mean by to anonymize GPS data remains unclear and is difficult to do.[13][verification needed] A few weeks later, after outcry from subscribers and privacy advocate groups, OnStar reversed the decision to continue collecting information from unsubscribed units."

"On July 30, 2015, Samy Kamkar introduced OwnStar - a small electronic device that could be concealed on or near a General Motors vehicle to interpose itself between the vehicle's OnStar link and the driver's OnStar RemoteLink app. In this classic man-in-the-middle attack, Kamkar, or any unauthorized user, could substitute his OnStar commands to locate, unlock, or start the vehicle. By August 11, General Motors had released upgrades to the OnStar server software and RemoteLink app to block such attacks.[15]"

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!