back to article Jeep breach: Scared? You should be, it could be you next

Other vehicles may be at risk from hacking following the Jeep Cherokee incident, according to one of the two researchers who pioneered the spectacular auto exploit. Renowned car security researchers Charlie Miller and Chris Valasek remotely hacked a Jeep Cherokee over a mobile network and found a way to control critical …

  1. captain veg Silver badge

    war driving

    "hack into vulnerable cars simply by knowing the the vehicle's IP address"

    Or just use a port scanner. A new take on war driving?

    -A.

    1. Anonymous Coward
      Mushroom

      Re: war driving

      Why bother going after a specific vehicle? Why not just disable the brakes on ALL of them.

      1. Anonymous Coward
        Anonymous Coward

        Re: war driving

        Fiat - making dodgy electrics since the 70s.

  2. Warm Braw

    This is so obviously stupid...

    >The Uconnect system allows motorists to start their engines, unlock doors or flash their headlamps via their computer or the Uconnect Access smartphone app from anywhere

    I cannot believe there isn't a huge e-mail archive somwhere within Fiat Chrysler of engineers pointing out how dangerous this could be and being successively overruled by ever higher echelons of management.

    1. Trigonoceps occipitalis

      Re: This is so obviously stupid...

      It was ever thus:

      The greatest test of an engineer is not his technical ingenuity but his ability to persuade those in power who do not want to be persuaded and convince those for whom the evidence of their own eyes is anything but convincing.

      Extract from "Plain Words" in The Engineer 2nd October 1959

      1. Danny 14

        Re: This is so obviously stupid...

        what the fucking fuck? Why did ANYONE think it was a good idea to network CRITICAL SYSTEMS to an external app? I mean seriously? Someones head should roll, unfortunately it will be some poor tech whose idea it was originally (ignoring all the engineers who said it was bad but wanted to be paid).

    2. Anonymous Coward
      Anonymous Coward

      Re: This is so obviously stupid...

      Re email archive: probably not.

      I expect the development of all of this was outsourced to some third party who near-sourced it to a bunch of poorly paid 22 year olds who've grown up thinking that being constantly connected to the internet is both a necessity and a right.

      They wouldn't understand how dangerous putting everything on a single insecure, publicly accessible network is, because they live their lives doing just that.

    3. Anonymous Coward
      Anonymous Coward

      Re: This is so obviously stupid...

      "I cannot believe there isn't a huge e-mail archive ..."

      Where have you worked? How easy would it be for your colleagues to find another job?

      I am familiar with one household UK name company making safety critical stuff where the kind of discussions you envisage have gone on.

      There is no email archive. The discussions, such as they were, were never formally recorded and were typicaly verbal, occasionally whiteboard. The discussions may as well never have taken place.

      The management made it very clear what they want. Discussion is not welcome, dissent is not tolerated, there is no need (or place) for an email audit trail. Orders are orders, whether written or not. Don't like it, find another job.

      http://www.academia.edu/288635/The_Ethics_of_Safety-Critical_Systems

      See also: Charles Haddon Cave, Leadership and Culture, Lessons from the Nimrod Review

      http://www.oilandgasuk.co.uk/templates/asset-relay.cfm?frmAssetFileID=3317

    4. Fungus Bob

      Re: This is so obviously stupid...

      "I cannot believe there isn't a huge e-mail archive somwhere within Fiat Chrysler..."

      Its not like they're going to admit it so some FCA employee will have to leak it. And even then, they won't admit it.

  3. Preston Munchensonton
    Terminator

    It's important to note that, in the case of the Jeep hacking, the vehicle wasn't reachable from the general Internet, only from within Sprint's network. Anyone just randomly connecting anything directly to the Internet gets exactly what they deserve.

    1. Anonymous Coward
      Anonymous Coward

      sure...

      No user on the Sprint nework runs a proxy server, do they?

    2. Dan 55 Silver badge
      Facepalm

      So am I to understand that you are reassured by attackers having go through the laborious process of buying a Sprint phone on PAYG or the nigh-on impossible task of pwning an Android phone on Sprint before pwning the Jeep?

    3. JeffyPoooh
      Pint

      "...only from within Sprint's network."

      Well that's a relief.

      As long as Sprint's data networks are not connected to the Internet in any way, shape or form.

      1. Preston Munchensonton
        Boffin

        Re: "...only from within Sprint's network."

        No, I'm not reassured, but the article is inaccurate. No, it's not a relief, but there is a measure of segregation that would prevent any random hacker from easily gaining access. I haven't seen this mentioned anywhere, but I know for other Sprint implementations over their CDMA and LTE networks, they use it as an extension of the MPLS service, so a general PAYG 3G/4G modem wouldn't even slightly help without a lot of social engineering to get the right authorizations in place.

    4. G.Y.

      and how many

      people have Sprint 'phone account?

  4. Amorous Cowherder
    Facepalm

    Skynet but not as we know it

    Why does everything have to be wirelessly connected? Why do we constantly have to be "jacked in" 24 hours a day? Skynet won't be T2s coming down and wiping out humanity, we'll simply join every gadget we have to every other gadget on the planet and then slowly wipe each other out with disabled brakes, exploding laptops and all manner of other exploits in various gadgets!

  5. Richard Taylor 2
    Mushroom

    I must say, those fire chaps seemed to be taking a terribly hard line in order to disable the hacked vehicle.

    1. Phil O'Sophical Silver badge
      Happy

      Budget cuts, there's no money to nuke it from orbit.

    2. oolor
      Coat

      That's the Italian mechanics. Fix It Again Tony and his crew.

  6. Snowy Silver badge

    Must do better.

    [quote]Fiat Chrysler Automotive – manufacturers of the Jeep Cherokee – were aware of the hack before it was demonstrated and had already released firmware patches for vulnerable vehicles.[/quote]

    Yes but if you keep quite about the problem how many cars are running the old firmware. A quick search shows that while the fix is relativity easy I can not see a recall to fix this problem.

    [quote] “To FCA’s knowledge, there has not been a single real world incident of an unlawful or unauthorised remote hack into any FCA vehicle,” Fiat Chrysler said.[/quote]

    They may as well have said "To FCA’s knowledge, no one is dead yet."

    1. Anonymous Coward
      Facepalm

      Re: Must do better.

      That's ok, I'm sure some nice white hat can just hack the new firmware into the cars as they drive by...

  7. ColonelClaw

    Why the hell connect cars to the net anyway?

    We seem to be currently going through a particularly daft period of digital evolution, where the common answer to the above question is "because we can".

    My TV packed up recently after 7 years of service (not great, if you ask me), so off I went to John Lewis to pick up a new one. I returned home with a shiny new Sony number, and very nice it looks too, incredible picture quality. But there's just one problem - it runs Android. Yup, a TV now runs an OS. What they didn't explain in the shop is that it takes about 45 seconds to start up from cold.

    Seriously, why? Who in their right mind thought it would be a good idea to make you wait for nearly a minute before a bloody TV has to boot up? And then once it's on you're bombarded with a completely crazy smorgasboard of an interface you have to navigate before it will allow you to watch a channel. And then when you do select a channel, it takes at minimum 10 seconds before you can see a live picture.

    But hey, the picture quality is amazing.

    1. Anonymous Coward
      Anonymous Coward

      Re: ...make you wait for nearly a minute before a bloody TV has to boot up?

      It's the same with oscilloscopes.

      In the old days we had to wait 30~60 seconds for the Cathode Ray Tube (CRT) to warm up, then with 1st-generation LCD products it was near instant-on, ... now we're back to waiting - this time for digital bootups. :-(

      1. Yet Another Anonymous coward Silver badge

        Re: ...make you wait for nearly a minute before a bloody TV has to boot up?

        My fsckign digital camera plays a 3second animated logo while you are waiting to take a picture.

      2. JeffyPoooh
        Pint

        Re: ...make you wait for nearly a minute before a bloody TV has to boot up?

        "...digital bootups."

        Must. Rebuild. OS. From. Scratch. Each. And. Every. Time.

        Even the damn Hibernate algorithm is daft...

        Must. Save. And. Reload. All 8GB of RAM. Image. Because I (the f'ing OS). Have. No. Idea. Which. Part. Is. In. Use.

        When I'm King, coder drones will be very well paid. At least those very few remaining that don't have their heads installed on pikes at the city gates.

    2. Triggerfish

      Re: Why the hell connect cars to the net anyway?

      Hell man I had someone at work tell me yesterday how Samsung smart TVS listen in on you, a couple of months ago they were thinking I was daft/paranoid saying I wouldn't go near a smart TV if I could find a dumb equivalent.

      Web 2.0 is boiling the frog for people on privacy, everything is now facebook connected whether it should be or not, and now its boiling the frog on the common sense of whether we need things connected, possibly tied in with the whole privacy thing again, how long before your movement stats are sold away?

      Keep turning up at this supermarket car park, sure the rivals would like to know and start sending you vouchers. I am short on sleep and may be getting a bit ranty, but I wish the marketing people who keep thinking this is a good idea and those who keep wanting to monetise us, when they ahve already taken the money for the product as well, would just fuck off.

    3. Yugguy

      Re: Why the hell connect cars to the net anyway?

      That's been the problem ever since we started making any kind of technology. Noone ever asks "should we"?

    4. Chronos
      Thumb Up

      Re: Why the hell connect cars to the net anyway?

      Have an upvote. Not nearly sweary enough but adequately, although in a slightly bland manner, reflects my feelings on the matter.

      Neither of my cars even have ODB - well, the Sportrak does but it's an advanced photonic system used in WWII: You short a link on the diag connector and a little man in the dashboard flashes out the fault codes, if any, on an Aldis lamp cunningly disguised as an EML. I'm quite happy with that, knowing that all the bits that make them go, stop, turn and dodge Nissans are connected to the controls either physically or hydraulically and I can examine, verify and rectify any of them without a proprietary interface plugged into a high-end laptop with a very expensive version of the little man in my dashboard at the keyboard.

      As for television and entertainment in general, now that Top Gear has gone ginger and they're allowing some fool to commit the ultimate sacrilege of remaking Dad's Army, I have a clear desk policy of fucks to give about televisions and similar nonsense.

      It's all related, of course. Modern motoring and broadcasting are squarely aimed at the lowest common denominator because that's where the bulk of "civilisation" sits these days. Soon they won't be able to scratch their arse without a smartphone app to tell them how, measure the efficacy of the act on the irritated orifice in question and upload that metric to Twitter along with a little carefully chosen politically correct anecdote about the event just in case anyone thinks anus scarification is discriminatory or the result promotes competitiveness.

      Bootnote: This commentard does not advise the unsupervised scratching of arses. This activity should only be undertaken under the advice of your family medical practitioner. If symptoms persist, please consult a healthcare professional.

  8. Richard Wharram

    CAN Bus

    Stands for Controller Area Network, not Car Area Network :)

    It's used in Lorries and Aeroplanes, not just cars.

    1. Anonymous Coward
      Coat

      Re: CAN Bus

      Is is used in busses? Is it called a BUS Bus?

      1. Yet Another Anonymous coward Silver badge

        Re: CAN Bus

        If it's used everywhere wouldn't it be an Omni bus?

        Then if it was used in a bus it would be an omnibus Omni bus.

        1. JeffyPoooh
          Pint

          Re: CAN Bus

          "...omnibus Omni bus."

          Philosophy 101 test: What town is the omnibus in?

          A: Clapham.

          I guess it's the most reasonable answer.

        2. Anonymous Coward
          Anonymous Coward

          Re: CAN Bus

          If you connected it to an io card in a mid1960s DEC PDP8 minicomputer (whose IO bus was sometimes called Omnibus) and put it on a Routemaster or similar you could have the Omnibus driving the OMNI bus on the omnibus.

          Bus error. Core dumped.

      2. Grivas Bo Diddly Harm
        Pint

        theodore - Re: CAN Bus

        Dreadful joke, but it didn't deserve a downvote - devalues the currency!

        Have an upvote on me just for balance.

        Cheers m'dear.

    2. perlcat

      Re: CAN Bus

      That's reassuring. I had thought that the builders of trucks and airplanes were more sane than auto manufacturers. My faith in universal corporate stupidity has been restored! Now I can sleep at night. Wait a minute...

      1. imanidiot Silver badge

        Re: CAN Bus

        @perlcat "That's reassuring. I had thought that the builders of trucks and airplanes were more sane than auto manufacturers. My faith in universal corporate stupidity has been restored! Now I can sleep at night. Wait a minute..."

        As mentioned CANbus itself (or one of the many competing "industry standard" layers running on top of this like FieldBus and the like) is not secured. Security comes from the implementation. In aviation that security is actually pretty well thought out. There is the option of having uni-directional links. Ports will SEND specific data but will not accept any input data. This means interference and cross-communication between systems is minimized. Without physical access to the main programming ports (usually on the electronics deck below the cockpit, only accessible from there) you're not going to get anything done. And then even if you DO have access you probably won't get much done as security and tamper protection is actually a thing in the aviation world.

        Unfortunately in the truck business the situation is not much better than in the car business. No-one in the industry has ever had to give a rats ass about security, they have never done it before so they are not going to start until forced to by the market or by the bodies piling up and the wrongful death suits flooding in.

        1. Nick Ryan Silver badge

          Re: CAN Bus

          CAN Bus is a great implementation given the age of the standard and the fact that it has to operate in an electrically horrible environment with as cheap as possible (e.g. as few a wires as possible and as little heavy duty shielding as possible - and often cheap wire as well). However as noted above, by other posters, it's not designed for security as it's just a relatively low level transport mechanism.

          To implement security in a CAN bus network you don't connect anything remotely insecure to the CAN bus network; it's that simple and is a simple method of implementing security. Unfortunately in this instance some numpty brain dead fool decided that a good feature would be "remote start", "remote control of lights" or similar utility functions which while not bad as such, their implementation would have to be extremely well thought out. In this case it's very clear that the implementation wasn't thought out at all and a relatively direct connection between the public Internet and an internal CAN bus device was established, most likely for ease of development and cheapness of implementation. What should have happened is that the public Internet device was connected solely to the CAN bus through a dedicated communication route, i.e. communicating with a CAN IO module that simply fired specific messages across the CAN network in response to the IO signals. The worst that could happen in this case is that the specific remotely enabled functions could be triggered and no more however it's plain that the Internet connected device is directly connected to the CAN bus network and can therefore send whatever CAN network messages it wants. Such as an implementation is flexible (in case UConnect want to add interaction with other systems), cheap to develop, implement and support but utterly, fucking stupid.

    3. Mage Silver badge
      Facepalm

      Re: CAN Bus

      There is no inherent security in CAN bus or Profi bus or RS485 or RS422 or USB or Token Ring, or Ethernet or any traditional industrial bus. The assumption was a separate system was used for any out of building communications. I've been pointing out the error in this since Token Ring and Ethernet and Internet arrived. With direct dialup connections we always configured that it hung up and rang back to pre-decided number for that account. That layer of security vanished with Internet.

  9. John Robson Silver badge

    There is some benefit to being able to remotely update firmware

    But I can't see all that much advantage over a dealer version.

    When you update the car firmware you also program the version number into the entertainment system - then it can notify you that there is new firmware available from your garage.

  10. AndrewDu

    "“The controls needed to drive the car should be completely isolated from any external facing system, so no Bluetooth, no Wi-Fi, no 3G, no attack surface at all,"

    Well precisely.

    But what even marginally-competent vehicle designer would ever think anything else? Why does it take a consultant?

    I imagine the government must be behind this; only with clout of that power would a manufacturer risk their reputation by implementing something so obviously insane. Or should we, like Napoleon, be careful to "never ascribe to conspiracy that which is adequately explained by stupidity"?

  11. Anonymous Coward
    Anonymous Coward

    Anyone remember the OJ Simpson chase?

    What if that Explorer had this system?

    1. Anonymous Coward
      Anonymous Coward

      Re: Anyone remember the OJ Simpson chase?

      Assuming it was nowadays, Google could send OJ targeted ads for better fitting gloves.

    2. MotionCompensation

      Re: Anyone remember the OJ Simpson chase?

      I'm sure Ford will release the Ford Internet Explorer soon, for backward compatibilty. They already have the Ford Edge.

    3. oolor

      Re: Anyone remember the OJ Simpson chase?

      The truck would be Found On Road Dead.

  12. Mr_Pitiful

    My new car does something odd

    I never gave the dealership my mobile number, just home landline

    Last year I went to Birmingham during the only real bit of icy weather

    at 5am, I got a text, warning of icy condition on the roads locally.

    The text said my reg number and was from from a number I didn't know

    I can only guess my car swipped my mobile number by bluetooth when connected to the handsfree system.

    What concerns me is that nowhere is there any mention of a mobile connection from my car or anything about mobile numbers. when I called the number it just said "Incoming calls not supported"

    1. Anonymous Coward
      Devil

      Re: My new car does something odd

      You could be right but there are loads of other ways of matching up you to your mobile number.

      For example, if you use Facebook or Google+, both of those are really, really keen for you to lodge your mobile number for "security reasons" - prove yourself to them, recovery codes etc. Nothing to do with linking you up. Chrome to Phone offers a similar hook up between your browser (and hence your PC and you) to your devices.

      Even your home phone number provides a link to you, that after jumping an index or two via joined up big data will get your mobile number.

      Combine that lot with GPS on your mobe plus bookmarks etc synching, bluetooth and wifi AP watching and you, along with the rest of us are pretty well pwned in a marketing sense.

    2. VinceH

      Re: My new car does something odd

      'when I called the number it just said "Incoming calls not supported"'

      Next time, bung the number into your search engine of choice. It might find the number listed on the relevant company's website, or maybe the search will lead you to one of the various sites dedicated to identifying the companies hiding behind non-geographic numbers (most especially those that make annoying sales calls).

      Either way, there's a chance you'll be able to identify the company that owns the number, and from that work out how they got it. As gerdesj says, it might not be what you initially suspect.

      1. John Brown (no body) Silver badge

        Re: My new car does something odd

        Some lovely explanations there. Using Occam's Razor, it's more likely the the car Bliutooth, which reads and stores the phone book, will also get the phone number of the connected phone. Once the car goes in for service, they probably scrape all the data they can from the systems. No Internet required.

        There doesn't seem to be any disclaimers on the service sheet you sign when taking the car in for service which allows them to read, store and use personal data from the car, nor is there any disclaimer that says they will update the on-board firmware which might change the car handling and not even tell you they did it to YOUR car. I wonder if the mechanics who do the firmware update even know what the fixes/changes are.

  13. W Donelson

    When they start hacking bicycles, then I will be worried °͜°

    (Personally)

    When they start hacking bicycles, then I will be worried °͜°

    Buses and tube trains are scary too, somewhat.

  14. JeffyPoooh
    Pint

    Who is paying the bill for the mobile data?

    Why would anyone pay for their vehicle to be connected?

    Stop paying the bill, problem solved.

    1. Anonymous Coward
      Anonymous Coward

      Re: Who is paying the bill for the mobile data?

      Stop paying the Bill is a good idea however my guess is that part of the Warranty conditions is that your car remains conneted (phoning home your driving details) 24/7/52. stop parying the bill or disable it and you are suddenly without any warranty.

      I can't see why your car needs to be connect to the internet. I'm in the market for a new car so I will be grilling the salesman about the connectivity.

      1. Mr_Pitiful

        Re: Who is paying the bill for the mobile data?

        Not me in my new car

        I've never been informed and unless they hide it in the lease fee, then I've no idea

        1. JeffyPoooh
          Pint

          Re: Who is paying the bill for the mobile data?

          "...hide it in the lease..."

          A lease should be based on the Time Value of Money equation, based on the explicitly disclosed terms, to the penny.

          I've done car leases four times in years gone by, and the numbers have always checked out with a financial calculator.

          Hiding extra charges in a lease would be called 'fraud'.

      2. mark 177
        Black Helicopters

        Re: Who is paying the bill for the mobile data?

        I'm not paying for 3G to Internet in my new Tesla Model S. Tesla pays. So I can't cancel.

        It does have its uses, like free software upgrades every now and then, enabling cool new features.

        But long before this story broke, I did have concerns about the system being hacked. On the Tesla, just about everything is electronic, so a hacker could have a field day.

  15. drone2903 in Kanuckistant
    Devil

    Police backdoor ?

    For years, the Police has been looking in a way to disable a speeding car to end hot chases quickly and safely.

    With all the other backdoors already in use by our fine govt, could that be it ?

    1. Danny 14

      Re: Police backdoor ?

      back to using the escort cosworth then.

      1. Yugguy

        Re: Police backdoor ?

        Indeed. XJ6 Jaguar XJRs are looking quite tasty now. 370bhp anyone and nary a wireless in sight.

    2. Yet Another Anonymous coward Silver badge

      Re: Police backdoor ?

      Trouble is the police are driving nice new fancy high end cars that are hackable.

      Who is going to be hacking who - you could save all the bother of stealing/driving the car and just sit at home playing scalextric with real police cars.

  16. Toastan Buttar
    Mushroom

    The IoTwLVoM

    The Internet of Things with Lethal Values of Momentum

    (Ford Pinto icon)

  17. theOtherJT Silver badge

    CAN bus? Do. Not. Want.

    Yet another reason for me to stick to driving old cars / bikes.

    1. Hollerith 1

      Re: CAN bus? Do. Not. Want.

      Yay for my trusty 2004 Ford Focus. Cheap, reliable, unconnected. What's not to like?

      1. annodomini2

        Re: CAN bus? Do. Not. Want.

        Your 2004 Ford Focus will still have CAN bus, no internet connection, but still CAN.

  18. Oli 1

    And hasnt the EU recently mandated all new cars are net connected to report accidents as of this or next year?

    No wonder the mobile networks are creaking at the seems...

  19. MJI Silver badge

    Perhaps I need to life extend my car.

    Well lets look, under 100,000 miles. Most spares available.

    Less than 3 grand for a galvanised chassis.

    Now can I make it last until I am too old to drive?

  20. Stevie

    Why the hell connect cars to the net anyway?

    Great question, but a better one is "why are the brakes connected to a computer that has a web interface?"

    Every time I think I've seen the apogee of automobile stupidity some idiotic designer comes along with an extra solid fuel booster and a zippo.

  21. AlanBrand

    Why the hell connect cars to the net anyway?

    I'll just carry on driving my '59 Morris Minor van without worrying about this idiocy.

    New cars would be a lot cheaper *and* reliable if they didn't have a bunch of worthless technological gadgetry.

  22. kenc

    Mixed Criticality

    If you think it's madness to have the car control system connected to the entertainment system because the risks are so obvious you should do a quick search for 'mixed criticality systems'. To reduce costs, they want the various systems to share one piece of hardware.

  23. Pascal Monett Silver badge

    "plugging directly into a car's network via a port under the dashboard"

    That's called cheating. The Golden Rule of Security is if you get physical access, there is no security.

    What should obviously be done is to totally separate the critical driving chips, bus and software from the infotainment part.

    The only reason that this has not been done is to save $3 on another chip and maybe $20 on the associated infotainment hardware bus.

    So, for less than $30 we have this stupid hacking nightmare.

    Somebody deserves to be taken out behind the shed and shot.

    1. John Brown (no body) Silver badge

      Re: "plugging directly into a car's network via a port under the dashboard"

      "So, for less than $30 we have this stupid hacking nightmare."

      What's the typical manufacturing run of a model before it changes significantly enough to change the bus? A million vehicles, all saving the the manufacturer $30 a pop while still keeping that price ending in the "magic" ...999.99

    2. annodomini2

      Re: "plugging directly into a car's network via a port under the dashboard"

      This $30 also gets amplified through the food chain,

      So $30 becomes $500 very quickly.

  24. Anonymous Coward
    Anonymous Coward

    Don't conflate 'computers' with 'connected computers'

    Computers in cars are usually a Very Good Thing. Fuel injection, emission controls, safety features, entertainment, etc.

    Having them haphazardly connected to the Internet is daft.

  25. Anonymous Coward
    Anonymous Coward

    ANY CAR

    That allows any sort of control via a "convenient smartphone app" should be avoided like the plague by any buyer with an ounce of sense.

  26. Florida1920
    Pint

    A smartphone app would be brilliant!

    Then, when you're too drive to drunk, you can take a cab and command your car to follow you home.

  27. td97402

    Hey! There should be an app for that!!

    No doubt some Chrysler VP or other thought himself technically savvy and had a little "eureka" moment. At the very next board meeting he explained his idea. Then the head of marketing chimed in and decided it would be insanely awesome in commercials to have someone unlock a car's door and start the engine from her cell phone while her husband and his buddy watched. The marketing guy got the insane part right. Anyway, the decision was made by the board and the engineers were directed to make it so. No discussion of the merits of the scheme at the engineering level ever occurred.

  28. Peter X

    Brakes

    Okay, so most of the bits about the hack I get. But I'm struggling with *why* the brakes are entirely electronic. Anyone know why?

    I appreciate that shutting down systems might prevent ABS from working, and if the engine is shutdown, then I guess the brake servo won't work. But I can't understand brakes not working at all. Seems like a huge design issue, and potential liability to the manufacturer... and that alone, I would have hoped, would have prevented them from using such a system.

    1. Neil Barnes Silver badge
      Holmes

      Re: Brakes

      At least in the UK, and I would suspect (but can't confirm) in the States, there are two systems which *must* have a mechanical connection that works in all circumstances: the brakes and the steering.

      That usually comes out as a direct shaft all the way from the steering wheel to the steering rack, and a hydraulic circuit from the pedal's master cylinder directly to the brake callipers - in fact, two independent circuits are mandated.

      Steering is easy, although most people are surprised about just how much muscular effort is required to turn the wheel at low speeds with no power assistance in most front-engined cars, but I have a certain distaste for the idea of, for example, self-parking systems: that implies a servo system that's significantly more powerful and could have nasty consequences if the electronics decided to do something you didn't expect - they're a step away from a basic feedback-controlled system.

      Brakes, on the other hand... an ABS system works by interrupting the pressure lines feeding the brake cylinders. An active traction system both interrupts and applies brake pressure independently of direct driver input. This is something with which I am not happy and I would much prefer to avoid driving a car so equipped - I've worked in electronics for far too long to expect things to work as designed forever.

      The problem is that both systems are, for different reasons and for different people, necessary. The steering assistance is required for financial reasons: front wheel drive cars are cheaper to build but make the front of the car heavy; many people would find driving, and particularly low speed manoeuvring difficult without it (though I prefer a much heavier control feel than is generally available these days). Auto parking? Why? What happened to learned skills?

      And the same really applies to skid/slip control systems: they're now on pretty much everything... and yet, a competent driver will never find himself in a position where either is required... so they're excess weight and excess cost and excess complexity, and encourage poor driving skills - because the brakes are like, magic, aren't they?

      And yet... these critical systems are designed so they can be updated (good design) without a direct electrical connection (stupid beyond measure) even though there is a mandated electrical connection directly to them.

      1. Vic

        Re: Brakes

        At least in the UK, and I would suspect (but can't confirm) in the States, there are two systems which *must* have a mechanical connection that works in all circumstances: the brakes and the steering.

        That's not *strictly* true.

        The steering requirement is that the steering continues to function within the (relaxed) maximum permissible input force after a complete failure of the electronic/electric system.

        That doesn't actually *require* a direct physical connection, although I don't know of a way to meet the criterion above without one. But then I'm not a car designer.

        I've no idea of the brake regulations - I've not looked them up, and I can't be arsed to do so today...

        Vic.

  29. Anonymous Coward
    Anonymous Coward

    Auto makers laughing all the way to the bank

    Infotainment systems are for the clueless and auto makers reap fortunes selling this garbage to the brain dead. Since almost no one in the auto business knows anything about auto security let alone Net security, it's no surprise at all that crims can unlock digital security systems, hack the vehicle's controls and more. Until all people responsible for these design defects are held accountable and punished for their negligence, insecure autos and IoT systems will be sold to the naïve.

  30. Anonymous Coward
    Anonymous Coward

    RE. Re. Re: Police backdoor ?

    Or robbers could exploit this to immobilize Police vehicles during a raid.

    This scares the hell out of me because it could also be used against *any* vehicle with the vulnerability which doesen't just include the vehicle mentioned.

    Many cars have DAB including mine (Hyu I10) and short of ripping out the in car audio system which is built into the frelling dashboard with a non standard interface so installing an aftermarket radio is not an option.

    I dread to think what nasty hacks could be done on slightly older cars using a variant of side channel attacks ie inserting fake clock pulses into the DAB signal to mess with badly shielded onboard networks.

  31. 404
    Childcatcher

    I reckon the only real question is:

    Did Fiat have the contract for Russia's new remote control medium tanks with the Playstation driving controls?

    I could see where a drone tank could be useful around the house, varmints and such.*

    *On a more serious note, just finished converting over to disc brakes on my 58 GMC stepside truck - those drum brakes.... well, the discs cut about 50'-75' off stopping distance off from 60mph to 0 panic brake. Helpful ;) I simply do not agree with the antilock brakes on my 08 GMC Canyon. I know and can predict responses to certain variables with regular old school brakes, antilocks not so much. There is a six inch strip of metal on the end of a bridge, right at the stop sign of a T intersection, if that fscker is wet, under normal braking pressure, they feel that wet metal strip, slide a bit, and activate. Most times you can get it stopped at the sign, sometimes you're in the intersection. Takes a different driving technique and I personally like to have control of my vehicle, not HAL.

    No electronics to speak of on that 58, unless you count the capacitor on the distributor, my thought was a nice headless sound system to dock my smartphone into. Why duplicate functionality if you carry the damnably useful thing around anyway?

    Sigh... Ya'll have a great day, I'm off to ghost a couple of backup primary IDE drives on an ancient KOMO router w/Windows 2000 and a sketchy WD 40GB IDE drive. Can't wait :|

  32. menotu

    AppleHeads need to be connected .. they panic if they don't know where the nearest Starbucks is../s

  33. Zippy's Sausage Factory

    SPY Car Act?

    Is that a Freudian slip?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like