> They rebutted that individual cars are much easier to hack and after they are first used in a terror attack we will get the political will to fix the problem.
Was that meant to be a joke? Sure, they can establish a new standard that will apply to all the new car models coming out four years later. But who actually expects hundreds of millions of cars that are already on the market, to receive a software overall with a new architecture?
This is why it has always bothered me that almost no one seems to bring this problem to the forefront - certainly not carmakers. They're all too focused on how awesome self-driving technology will be and how it will save us from drunk drivers. Thus, disregarding the fact that once we have 100 million to 2 billion self-driving cars on the road, that will be a huge market for cyber criminals, from ransomware and cryptojacking (hello powerful GPU computer + free solar power charging!) to assassinations.
And before anyone says "how much harder it is to hack a car than a PC", consider the fact that most cars today aren't actually connected to the internet. And most of those that are, only have their entertainment systems connected to the internet. Self-driving cars will be able to receive OTA updates that will improve their engine, steering, and brake performance = the OTA software has access to everything.
Combine this level of access to the high level of recklessness in the name of profits carmakers seem to be showing today, when they advertise features such as "unlocking your doors through an app".
EFF's former chair and someone who worked on Google's Waymo, has some decent ideas about how to protect self-driving cars, if only carmakers would listen:
Airgapping was my first instinct too, but the problem is we're dealing with state-level actors. Airgapping doesn't work with them. They're patient, well funded organizations. Trying to rely on never having a single type of car (any of which could have a hundred thousand copies on the road) hacked is a fools errand.
We need ways of disabling autonomous devices and detecting when they get hacked, not trying to win an impossibly hard game.
The disabling system becomes another attack surface, and unless it is pretty independent, is itself disabled by a sophisticated attack. But scared as we are of external attack, allowing the government to shut off all cars is like letting Mubarak shut off the internet in Egypt. That's a bigger danger than foreign enemies in many countries.
Was that meant to be a joke? Sure, they can establish a new standard that will apply to all the new car models coming out four years later. But who actually expects hundreds of millions of cars that are already on the market, to receive a software overall with a new architecture?
This is why it has always bothered me that almost no one seems to bring this problem to the forefront - certainly not carmakers. They're all too focused on how awesome self-driving technology will be and how it will save us from drunk drivers. Thus, disregarding the fact that once we have 100 million to 2 billion self-driving cars on the road, that will be a huge market for cyber criminals, from ransomware and cryptojacking (hello powerful GPU computer + free solar power charging!) to assassinations.
And before anyone says "how much harder it is to hack a car than a PC", consider the fact that most cars today aren't actually connected to the internet. And most of those that are, only have their entertainment systems connected to the internet. Self-driving cars will be able to receive OTA updates that will improve their engine, steering, and brake performance = the OTA software has access to everything.
Combine this level of access to the high level of recklessness in the name of profits carmakers seem to be showing today, when they advertise features such as "unlocking your doors through an app".
EFF's former chair and someone who worked on Google's Waymo, has some decent ideas about how to protect self-driving cars, if only carmakers would listen:
http://ideas.4brad.com/disconnected-car-right-security-plan-...