back to article Say what you will about self-driving cars – the security is looking 'OK'

Car hacking wizards Charlie Miller and Chris Valasek have turned their attention to autonomous vehicles – and reckon the security is surprisingly good. The duo, who work for General Motors’ robo-automaker offshoot Cruise, told this year's Black Hat USA conference on Thursday while self-driving vehicles are much less hackable …

Anonymous Coward

"the security is looking 'OK'"

Just don't try buying / selling the car secondhand:

https://www.theregister.co.uk/2018/08/09/connected_car_legal/

3
0
Silver badge
Facepalm

"Know where every tree, curb and stop sign is"

Good thing none of that ever changes then.

8
1

Re: "Know where every tree, curb and stop sign is"

It doesn't all change at once, though.

1
0
Silver badge

Re: "Know where every tree, curb and stop sign is"

Damn. Can we do anything to curb this illiteracy?

1
0
Silver badge

Re: "Know where every tree, curb and stop sign is"

It doesn't all change at once, though.

Sure it does. Never have road construction where you live?

2
0
Silver badge

I have changed to a new car with more self driving capability and it's fun, it's also a fun party trick to demonstrate it to people but it is actually easier to drive yourself than it is to monitor it doing the driving.

4
0
Silver badge

Security is "OK"

Since when is "OK" an acceptable level of security on a potential murder weapon? I would like something with better security than "OK" please. (Preferably no remote connectivity at all to begin with, it's a massive attack surface that is completely and utterly unnecessary)

2
1
Silver badge

Boot full of IT kit

So if there is the equivalent of a small server farm in an "autonomous" taxi boot, where will the passengers luggage go on the pick up from the train, airport etc?

.. Without even addressing issues such as how do the "infirm" (be it age, illness, disability, whatever) get their luggage into a cab without human help if they are physically incapable of lifting a 10 kg suitcase?

.. And where will a wheelchair go / customer get in from wheelchair (some wheelchairs fold down, most do not)

.. as someone who has to "ferry around" disabled relatives a lot I'm all too aware of how much space wheelchairs & other kit take up, and the human assistance often needed for disabled people to get in / out of car (even simple things like them finding seat belt fastening impossible)

.. Obv, a digression from the tech, but it's just another tech "advance" that is treating the disabled as invisible.

.. Ironically a disabled relative, would be an ideal customer for fully autonomous car, if it was disability friendly, as they currently rely on me (or other family members) to take them places or disability friendly taxis if we are unavailable

5
0
Silver badge

Re: Boot full of IT kit

Erm, different markets there. People who need help with wheelchairs or luggage are orthogonal to the question of who drives them.

My infirmity is my eyesight. I think I'd be reasonably safe (though not legal - despite holding a full, clean licence) driving in good conditions, but lethal in the dark and wet. No problem lugging a heavy load. The fact that self-driving doesn't solve every problem doesn't mean it's not a potentially-excellent solution for some disabilities.

3
0
Silver badge

@tiggity

People with physical disabilities already have problem coping with normal cars. There are models that can be modified specially for them, but a wheelchair-bound person will never drive a Ferrari.

When autonomous cars have the self-driving and security parts down pat, it will be time to worry about models that can be adapted for the disabled.

1
0
Silver badge

Re: @tiggity

>>wheelchair-bound person will never drive a Ferrar<<

If enough of them have the readies I'm sure market forces will kick in at Maranello.

1
0
Anonymous Coward

Re: Boot full of IT kit

Can you please remove the word "kit" out of your jargon library? I realize it's a plea to the entire country but I have an assclown here in the states that has adopted it as part of his vocabulary and it just makes it obvious that he doesn't have an original thought since he's just quoting everything from El Reg. At least if we can get him to stop using the word it will seem like he's done the actual research to backup his ridiculous position.

0
4
Silver badge

Re: Boot full of IT kit

Au contraire mon anonymous ami, referencing KIT in an article on autonomous cars seems about spot on to me. Good morning Michael!

3
0
Anonymous Coward

Re: Boot full of IT kit

It's a prototype. It will be a lot smaller once it gets into production. My new car has 500GFLOPS of processing power in the main unit. I don't even know where it is physically located in the car.

That level of compute power would have put it top of the supercomputer league table till 1997, and would have needed a large room to house it.

2
0
Bronze badge
Headmaster

Re: Boot full of IT kit

That would be the Knight Industries Two/Three Thowsand or KITT

depending on wether you are from the 80s original set or the reboot

0
0
Bronze badge

Ooopsie

"The other serious weak point is external communications. Autonomous vehicles are going to be updating their code, neural network models, and other datasets daily"

This seems to me a very bad idea. The idea that one can hack autonomous vehicle software together using whatever demented development "technology" is currently popular, then fix any problems in production is almost certainly going to lead to injuries, deaths, and enormous manufacturer financial liabilities. Good for lawyers. Not so good for those who share the road with these things.

The phrase "Blue Screen of Death" has a different meaning when the software in question can actually kill people. I think a more measured approach with few and VERY carefully controlled updates will prove to be necessary.

4
0
Silver badge

Re: Ooopsie

When the US had a manned space flight program, the Shuttle, the code was locked down far in advance and subjected to all sorts of testing to make sure that it wouldn't do anything unexpected in off-nominal conditions. This was around 18 months in advance so If you wanted changes, you were SOL unless you wanted to get bumped to the next available flight.

Updating software daily would be fraught with problems. As time goes by there are more and more hardware revs to deal with and testing needs to be done on all of them to insure that nothing breaks, like the brakes. The same could go for map sets. Roads change daily. Not "a" particular road, but plenty in a given region which means that a car fitted out with sensors to re-map streets and highways will be very busy 24/7 in addition to adding new data. Getting cm accurate data on just London will be a massive project and construction there is constant and ever changing. A car could be "looking" for curbs and trees, but there is a load of construction barriers instead to confuse things. That would be a problem if you were using an autonomous taxi to make it back home after a late night with the lads and frustrating if you had to wait 45 minutes for your ride to show up in the first place on a busy Friday night.

1
0
Silver badge

Entertainment systems...

Why would they be related to the self driving at all...

They don't need any connection to the rest of the car.

Grumble mumble....

2
0

Re: Entertainment systems...

But generally, nowadays, cars have integrated infotainment systems, which do.

0
2
Bronze badge

Re: Entertainment systems...

Which gets to a key point: even when talking to a bunch of professional hackers, the people working on these things aren't applying basic security thinking.

No thanks. No thanks until we go a month without an out-of-bounds bug being reported on El Reg. No thanks until we go a month without an article about how easy it is to spoof AI systems similar to the ones used in these cars. No thanks until we get some kind of demonstration (with a straight face) that the security in these systems does NOT completely break down when physical access is achieved. No thanks to IoT with one-ton objects that routinely travel at 60 mph.

At a societal level, I worry most about a system-wide breach that could have a million of these all turn into oncoming traffic at once. At a personal level, I don't want someone to decide that they are tired of what I have to say, so they bomb me with one.

No thanks.

2
0
Silver badge

Re: Entertainment systems...

Why does an infotainment system need a connection to the rear of the car...

If it has its own GPS chip then that covers basically everything it needs,

0
0
Silver badge

Re: Entertainment systems...

"At a societal level, I worry most about a system-wide breach that could have a million of these all turn into oncoming traffic at once"

Or, a way to command every car with a certain system to brake suddenly and brick itself. Imagine that during rush hour on the M25. The tail back would be epic and every highway service vehicle will be working all night to get the cars removed.

0
0
Holmes

Going awry...

"This means at the first sign that things are awry, the car can be remotely ordered to pull to the side of the road, shut down, and await pickup."

Okay, so all I have to do is make the car think something is "awry", and it will automatically pull over for the impending car-jacking. It is a design feature. Got it.

5
1
Anonymous Coward

"Audi’s forthcoming computer-controlled motor"

Coincidentally, I was having a social chat with someone from Audi just this week. No self-driving car from Audi for the time being. They have been doing tests and research with an A7 I think he said, but there are no plans to take this into production yet.

No electric Audis either. VWs all you want from 2020-ish but Audi are going the hybrid(!) way apparently. Diesel-electric hybrid to boot.

That's what I have been told anyway. I am not claiming he was right, though he should have a pretty good idea what's going on.

0
0
Silver badge

Re: "Audi’s forthcoming computer-controlled motor"

I'm a big EV advocate, but I have to admit that there are still some people that do need greater range or don't have easy access to charging on a regular basis. Switching VW to all electric is good PR for that brand given some issues they put themselves in the middle of. Audi can be their brand umbrella for ICEV and Hybrids until it makes sense to convert them to all electric as well.

0
0

Re: "Audi’s forthcoming computer-controlled motor"

No electric Audis? I'm afraid your informant is sadly misinformed. See here.

0
0
Bronze badge

Nothing that uses or connects to the net, cloud, VPN, whatever is secure. At least not for long. Second, as Tesla, BMW, Volvo & others recently found out in IIHS real world testing, self-driving cars are closer to being self-wrecking. And why haven't there been any real world testing done during inclement weather? The systems may work just fine in the Sonoran Desert at high noon in August, but what about Buffalo in February or Florida in March?

3
0

Things connected to the cloud can be secure, just depends on how they are designed and implemented.

And lots of real world testing has been done in various environments including day/night, hot/cold, rain, fog, etc.

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018