back to article 'Plane Hacker' Roberts: I put a network sniffer on my truck to see what it was sharing. Holy crap!

"Plane Hacker" Chris Roberts has called for countries to pressure manufacturers into improving the lamentable state of transportation security. Cars are turning into computers on wheels and airplanes have become flying data centres, but this increase in power and connectivity has largely happened without designing in adequate …

Page:

  1. A Non e-mouse Silver badge

    Insurance Black Boxes

    One of my kids had one of these when they got their first car. After six months the insurance company cancelled the insurance saying they'd caught them doing over 100mph round a roundabout. We tried to get them to engage their common sense, but to no avail.

    Moral of the story: Don't trust those insurance black boxes.

    1. Def Silver badge
      Joke

      Re: Insurance Black Boxes

      ...saying they'd caught them doing over 100mph round a roundabout.

      ...saying they'd caught them doing around 100mph over a roundabout.

      FTFY

      I think I saw that video on YouTube. ;)

      1. Anonymous Coward
        Anonymous Coward

        Re: Insurance Black Boxes

        @Def; "I think I saw that video on YouTube. ;)"

        Did it have the Benny Hill music playing in the background?

      2. Cowboy Bob

        Re: Insurance Black Boxes

        FTFY

        I think I saw that video on YouTube. ;)

        This one happened near where I live, luckily no-one was hurt - incident happens around 1:10

        https://www.youtube.com/watch?v=ftQO_Ah77-w

        1. SoaG

          Re: Insurance Black Boxes

          Good on the 2 truck drivers for immediately blocking the road like that.

        2. PhilipN Silver badge

          Re: happens around 1:10

          Almost as shocking** was, earlier in the video, a Marty Wilde poster flashing past on the nearside verge.

          **Alright it wasn't, but you know what I mean.

          1. Michael Strorm

            Re: happens around 1:10

            @PhilipN; What a bizarre non-sequiteur, but well spotted anyway!

            Looks like he's performing at The Cresset, which is apparently a venue in Peterborough (which ties in with this video coming from Cambridgeshire Police). (#) Unfortunately, you've missed the show on Feb 17th, 2017, but he's apparently doing another in October this year.

            If you'd have told me thirty years ago I'd have been able to look up this sort of thing online from a barely legible poster I'd also seen online, I'd have been utterly gobsmacked!

            (Also, I was surprised to find out that Wilde is almost 80, but then, he was famous in the late 1950s which is sixty(!) years ago).

      3. NBCanuck

        Re: Insurance Black Boxes

        "...saying they'd caught them doing around 100mph over a roundabout.

        FTFY

        I think I saw that video on YouTube. ;)"

        I know exactly the video to which you referred. Good launch, but kinda failed to stick the landing.

    2. Anonymous Coward
      Anonymous Coward

      Re: Insurance Black Boxes

      Once upon a time, somebody I know triggered the speed limiter in their car. The speed limiter was badly designed, as it caused a backfire and thus damaged the Mass Airflow Sensor. The Service Manager commented that the MAF Sensor failure was logged in the ECU while the car speed was 178 kmh. Somebody I know replied that the data logging must have been significantly delayed until the car had slowed down, since the backfire actually occurred at the speed limiter, well north of 200 kmh.

      1. DropBear Silver badge

        Re: Insurance Black Boxes

        The ECU probably doesn't go bananas at the very first bad reading from the MAF; by the time it decided "yep, it's definitely gone, time to log a fault" likely some time passed, hence the speed change...

      2. Wensleydale Cheese Silver badge

        Re: Insurance Black Boxes

        "The speed limiter was badly designed, as it caused a backfire and thus damaged the Mass Airflow Sensor. "

        I had similar with a car which had an LPG conversion. When using LPG, the rev limiter could trigger a backfire, damaging a seal somewhere, resulting in a distinct performance drop until the next time I visited a garage to get it fixed.

        The rev limiter was way too easy to trigger in first gear, so I ended up running it on petrol in town traffic, and using the much cheaper LPG only on motorways.

    3. The Man Who Fell To Earth Silver badge

      Surveillance Capitalism

      We live in a Surveillance Capitalism system. Government piggybacks on it, and taxes it, so will only engage in cosmetic limitations of it.

    4. Dazed and Confused Silver badge

      Re: Insurance Black Boxes

      > saying they'd caught them doing over 100mph round a roundabout.

      I've just got insurance for my son which requires a black box. The cost difference is over £1000.

      On his first trip with it they logged him doing just over 40 in a 30 zone and included the location. It's a bloody great dual carriage way which has a 50 limit all the way down it.

    5. LucreLout Silver badge

      Re: Insurance Black Boxes

      Moral of the story: Don't trust those insurance black boxes.

      Entirely predictably, they're causing traffic chaos on the roads. There must be 15 or 20 cars near me with apology notices in the rear window explaining they have to go slow because of the box. Unfortunately, the people behind are too often afraid to overtake, thus leading to everyone on the road being stuck behind some little boy in a Corsa/similar, going nowhere near the speed limit, and braking /cornering as though the whole car was made of eggshells.

      1. EUbrainwashing

        Re: Insurance Black Boxes

        My son has driven with a black box for 4 years plus. The speed and time of day are the only metrics they use and his insurance has consistently been more competitive with this insurance co than any other quote. His driving style and braking reports are impossible to have a good report from, I have attempted to drive round the town like a tortoise and the subsequent report is absolutely not representative. The firm will not discuss the matter in meaningful terms but it matters not. My 21 year old is insured for £453.65 on a VW Fox this year with 4 years no claims. Hastings Direct. Smart Miles

  2. Steve Davies 3 Silver badge
    Big Brother

    So... who pays for the 3G/4G data connection?

    If all this data is being slurped who pays for the connection?

    If the slurp software can't phone home for a period does the car simply stop working?

    The ownership of the data is also questionable.

    Leasing is very popular which means that you don't own the car so slurping in IMHO out of your control. After all, the leasing company needs to know when to start billing you £1/mile once you have exceeded your miserly 4,000 miles a year that they give you in the lease don't they? /s /s /s

    If you own the car outright (bought upfront with cash and no finance) then IMHO, the data is yours. If you don't then holding title to the vehicle is not worth the paper it is written on.

    There are wider implications.

    I also see many similarities here with Windows 10 and the forced updates to non business users (even if there are ways around this, how many normal users would know how to block them?). MS are forcing changes on your computer. This could be construed as 'hacking' or Misuse and could be illegal.

    Then there are the appliances we all use at home. Increasingly these are 'connected' devices. Who do you sue if your device stops working because you have denied said appliance the ability to connect to your internet so it can 'phone home' at regular intervals?

    Lots of questions and very few answers. In the meantime, see Icon

    1. Remy Redert

      Re: So... who pays for the 3G/4G data connection?

      Ownership of maintenance data might be questionable, but location tracking and general usage information is very clear here in the EU. That belongs to whoever happens to be driving the car at any given time and cannot be collected or processed without explicit, informed consent. They also cannot claim it to be a condition of use (even in a leased vehicle) unless the data is absolutely required for the service they are delivering.

      EG, if you use the Onstar service, the company needs to have your location information when you press the button so they can help you or in the event of a crash. But there's no need to store that information.

      1. Prst. V.Jeltz Silver badge

        Re: So... who pays for the 3G/4G data connection?

        That belongs to whoever happens to be driving the car at any given time

        No it dosent. I own the company and hence the vans (and the drivers) .

        That data is mine!

        /devilsadvocate

        1. Sir Runcible Spoon Silver badge

          Re: So... who pays for the 3G/4G data connection?

          I really don't think you *own* the drivers.

        2. Wensleydale Cheese Silver badge

          Re: So... who pays for the 3G/4G data connection?

          "No it dosent. I own the company and hence the vans (and the drivers) ."

          Yes rhe vehicles are yours but take note of employee tracking laws.

          Could be tricky...

      2. Anonymous Coward
        Anonymous Coward

        Re: So... who pays for the 3G/4G data connection?

        From Nissan Leaf manual

        "Your agreement to the transmission and use of data by NISSAN can be provided in various ways. The vehicle is equipped with a “pop up” screen on the vehicle navigation system that will ask for your consent to this data transfer. A version of the following message will appear:“Pursuant to subscription agreement, your vehicle wirelessly transmits recorded vehicle data to NISSAN for various purposes, including NissanConnectSM EV Services services, product evaluation, research and development. By pressing OK, you consent to the transmission and use of your vehicle data. Refer to the Owner’s Manual or NISSAN Owner’s portal webpage for terms and details.”If you press [OK], your vehicle will transmit data as designed in connection with the vehicle telematics system. If you press [Decline] your vehicle will not transmit data. However, the telematics features referenced above, and perhaps others, will not be available to you. The vehicle’s static navigation system will remain operational, and you will be able to access your radio and climate controls. "

        I think NISSAN pays - there is no obvious monthly charge.

        1. Anonymous Coward
          Anonymous Coward

          Re: So... who pays for the 3G/4G data connection?

          The cost must be built into the price of the car.

        2. Alan Brown Silver badge

          Re: So... who pays for the 3G/4G data connection?

          "The vehicle is equipped with a “pop up” screen on the vehicle navigation system that will ask for your consent to this data transfer"

          Last time I drove one there was no other option but "yes" - this would constitute forced consent which is illegal under GDPR.

          Did Nissan make a change to all the _old_ installations?

          1. OVah2eze
            Go

            Re: So... who pays for the 3G/4G data connection?

            "The vehicle is equipped with a “pop up” screen on the vehicle navigation system that will ask for your consent to this data transfer"

            On an older leaf, it is not necessary to either agree or dissagree. Simply ignore the "pop-up" and press the key of the function you want, such as map, menu, or radio. Simple. Sadly, there is no way to disable the pop-up either, with a permanent "yes" or "no". Designed by a lawyer, methinks.

      3. JohnFen Silver badge

        Re: So... who pays for the 3G/4G data connection?

        "Ownership of maintenance data might be questionable"

        It shouldn't be. Any data generated by me and/or machinery that I own, is mine. That includes maintenance data, telemetry data, everything. Whether or not the law agrees with this stance is irrelevant to me.

    2. JeffyPoooh Silver badge
      Pint

      Re: So... who pays for the 3G/4G data connection?

      That's the actual question. Such a persistent and supposedly well used mobile data connection would normally cost at least $50 per month.

      If people don't want this, then dig around in the boxes, find the SIM Card (assuming / 90% odds), and yank it. Or find and unplug the cellular network antenna connector (replace it with a dummy load if you're feeling generous).

      Or, bonus points, hacked into their network to reach the internet, and then use your car and their "Cost Free" network to have unlimited free mobile (or home) internet.

      1. SamX

        Re: So... who pays for the 3G/4G data connection?

        I vaguely remember Amazon had a deal with mobile carriers to allow Kindle owners to download ebooks whenever they want, in whichever network they are in in. Device owner don't pay anything and I guess they get internet only for the white-listed Amazon website. Similar arrangement might exist for blackboxes.

        1. HPCJohn

          Re: So... who pays for the 3G/4G data connection?

          Amazon Kindle - the network is known as Whispernet.

        2. cycas

          Re: So... who pays for the 3G/4G data connection?

          I've still got one of the kindles with that deal. It gives access to the entire internet, not just amazon, for free ,anywhere it can find a signal of any kind.

          Admittedly, you are accessing on a kindle in black and white, so functionality is limited, but it was still a pretty good deal for the extra 20 quid I paid when it was new!

      2. JohnFen Silver badge

        Re: So... who pays for the 3G/4G data connection?

        "Such a persistent and supposedly well used mobile data connection would normally cost at least $50 per month."

        Not for this sort of thing -- vehicles use a different sort of system (still over the cell network) that has rather limited bandwidth and isn't paid for on a per-unit basis. I forget what the estimate for the per-vehicle cost was, but it wasn't significant.

    3. JetSetJim Silver badge

      Re: So... who pays for the 3G/4G data connection?

      The SIM used is highly likely to be filtered onto a special APN, either via a custom MNC, or by IMSI filtering. That APN *should* be configured to only allow access to specific car manufacturer/insurer servers (depending on who supplied it), and so the SIM should be useless for other purposes.

      When a manufacturer sticks these in the cars, they've normally negotiated a "zero-cost APN" with the operator, and so for the expected lifetime of the car (or perhaps just the warranty period) all usage of that SIM by the car will not cost a penny/cent.

      Now, in the case of a car manufacturer doing this, I'm sure permission for data capture is buried in the T&Cs of whatever "service" you've bought that requires this embedded SIM (e.g. proper traffic updates rather than the useless ones embedded in FM transmissions).

    4. Wayland Bronze badge

      Re: So... who pays for the 3G/4G data connection?

      " If you don't then holding title to the vehicle is not worth the paper it is written on."

      You don't hold the title to the vehicle. The 'log book' document specifically says THIS IS NOT PROOF OF OWNERSHIP. The DVLA own your vehicle, you are simply the keeper and the driver. Driving is illegal which is why the DVLA have to sell you a licence.

      1. YetAnotherLocksmith

        Re: So... who pays for the 3G/4G data connection?

        The DVLA doesn't own the vehicle, you plonker. Have you ever been to a scrap yard?

      2. JohnFen Silver badge

        Re: So... who pays for the 3G/4G data connection?

        "You don't hold the title to the vehicle. The 'log book' document specifically says THIS IS NOT PROOF OF OWNERSHIP."

        This must vary by state (or nation? I'm speaking from the US). In my state, you get a title to your vehicle that is specifically and legally proof of ownership.

        1. Sir Runcible Spoon Silver badge

          Re: So... who pays for the 3G/4G data connection?

          I can see where Wayland is coming from with that comment, but it doesn't cover vehicle use on private land - you don't need a licence for that, so driving *isn't* illegal without a licence.

          1. JetSetJim Silver badge

            Re: So... who pays for the 3G/4G data connection?

            >I can see where Wayland is coming from with that comment, but it doesn't cover vehicle use on private land - you don't need a licence for that, so driving *isn't* illegal without a licence.

            Perhaps he is about to mount a legal challenge to the Under 17 Car Club and other such organisations

      3. Medical Cynic

        Re: So... who pays for the 3G/4G data connection?

        "You don't hold the title to the vehicle. The 'log book' document specifically says THIS IS NOT PROOF OF OWNERSHIP. The DVLA own your vehicle, you are simply the keeper and the driver. Driving is illegal which is why the DVLA have to sell you a licence."

        It'ts not proof of ownership, as the owner of the car doesn't need to be registered at DVLA - just the person who keeps [and uses] it.

        The vehicle may be owned, eg, by a hire purchase company. You still keep and use it, but YOU don't OWN it until the finance is all paid off.

      4. Haurong Knubie

        Re: So... who pays for the 3G/4G data connection?

        No they don't, it's just a safeguard in case the holder is offering a car for sale that they don't actually own.

    5. werdsmith Silver badge

      Re: So... who pays for the 3G/4G data connection?

      After all, the leasing company needs to know when to start billing you £1/mile once you have exceeded your miserly 4,000 miles a year that they give you in the lease don't they?

      Yes, but they already have the tech to do that. They just read it off the dashboard when you return the car and bill accordingly.

  3. Anonymous Coward
    Anonymous Coward

    'Is it there to protect me or monitor me'

    We all know where this is going... The FaceBookCar surveillance economy!

    The question is whose fighting-back, including refusing to buy a 'spying' car.

    Smart-TV's are now almost ubiquitous in every store in the world. Choice???

    ~~~~~~~~~~~~

    https://www.theregister.co.uk/2018/02/14/connected_vehicles_data_and_privacy/

    https://www.bloomberg.com/news/articles/2018-02-20/the-car-of-the-future-will-sell-your-data

    https://www.bloomberg.com/news/articles/2018-02-20/crunching-car-data-for-cash-an-israeli-startup-takes-on-google

    1. Voland's right hand Silver badge

      Re: 'Is it there to protect me or monitor me'

      He should not be even asking the question. It is the latter and the sole purpose is to extract more money from him.

    2. Flywheel Silver badge

      Re: 'Is it there to protect me or monitor me'

      fighting-back, including refusing to buy a 'spying' car

      It'll be a case of one manufacturer doing it, they'll all start doing it. It reminds me of the handbrake issue - have you tried finding a car with a manual handbrake these days? No - they're nearly all electronic (and more fallible than manual ones)

      1. frankieh

        Re: 'Is it there to protect me or monitor me'

        and even worse, they are nowhere near as much fun for when you need to change direction quickly.

  4. david willis
    Megaphone

    Sleepwalking Into Disaster

    I guess the only way people will start taking cybersecurity seriously is when somebody does slam a full passenger airliner into the ground.

    My guess is they will not have been trying to crash it, in the same way it is unlikely somebody planned wannacry to take out the NHS.

    It will most likely be collateral damage caused by some other well meaning piece off software - think of the problems being caused by Stuxnet variants.

    That doesn't mean to say that there are not people who would crash the NHS or an airliner.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sleepwalking Into Disaster

      All they will do is ban laptops and gadgets from the flight, meaning we will need to buy new devices when we land....

      The scary thing is that all the security theatre they have is almost pointless and we are lucky only stupid people are willing to blow themselves up with a plane....

    2. Rich 11 Silver badge

      Re: Sleepwalking Into Disaster

      That doesn't mean to say that there are not people who would crash the NHS

      Several dozen of them are in Parliament, quivering with joy at the prospect of forcing the country into a hard Brexit.

      1. pɹɐʍoɔ snoɯʎuouɐ

        Re: Sleepwalking Into Disaster

        " quivering with joy at the prospect of forcing the country into a hard Brexit. "

        totally off topic, but now that were are to have brexit, then a soft brexit will amount to staying in the EU, but without having a voice, we will have to do everything the EU tells us to do, and the way the "negotiations " have been going a lot of it is going to be just out of bitterness, ... Its clear that the EU are playing hardball and will not agree reasonable terms, so a hard brexit it must be....

      2. Stu Mac

        Re: Sleepwalking Into Disaster

        Yaaaaaaawn. Even here? <sigh>

    3. Anonymous Coward
      Anonymous Coward

      Re: Sleepwalking Into Disaster

      > I guess the only way people will start taking cybersecurity seriously is when somebody does slam a full passenger airliner into the ground.

      Well, when it's an aircraft that doesn't really "hit home" (pun intended) for most people, as they don't fly very often.

      If some group does a co-ordinated strike using remotely-taken-over car or truck transport, that would likely give people more of a wake up call.

      That's not discounting your bug causing havoc thought either. That's also feasible.

      None of the above are good, and it's not a situation we should have sleepwalked into, which is your whole point I guess.

    4. FromTheRoot

      MH370 or others?

      Who says someone has not done caused a plane crash by programmatic means, already?

      What you think they would tell you if someone had?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019