back to article 'Plane Hacker' Roberts: I put a network sniffer on my truck to see what it was sharing. Holy crap!

"Plane Hacker" Chris Roberts has called for countries to pressure manufacturers into improving the lamentable state of transportation security. Cars are turning into computers on wheels and airplanes have become flying data centres, but this increase in power and connectivity has largely happened without designing in adequate …

  1. A Non e-mouse Silver badge

    Insurance Black Boxes

    One of my kids had one of these when they got their first car. After six months the insurance company cancelled the insurance saying they'd caught them doing over 100mph round a roundabout. We tried to get them to engage their common sense, but to no avail.

    Moral of the story: Don't trust those insurance black boxes.

    1. Def Silver badge
      Joke

      Re: Insurance Black Boxes

      ...saying they'd caught them doing over 100mph round a roundabout.

      ...saying they'd caught them doing around 100mph over a roundabout.

      FTFY

      I think I saw that video on YouTube. ;)

      1. Anonymous Coward
        Anonymous Coward

        Re: Insurance Black Boxes

        @Def; "I think I saw that video on YouTube. ;)"

        Did it have the Benny Hill music playing in the background?

      2. Cowboy Bob

        Re: Insurance Black Boxes

        FTFY

        I think I saw that video on YouTube. ;)

        This one happened near where I live, luckily no-one was hurt - incident happens around 1:10

        https://www.youtube.com/watch?v=ftQO_Ah77-w

        1. SoaG

          Re: Insurance Black Boxes

          Good on the 2 truck drivers for immediately blocking the road like that.

        2. PhilipN Silver badge

          Re: happens around 1:10

          Almost as shocking** was, earlier in the video, a Marty Wilde poster flashing past on the nearside verge.

          **Alright it wasn't, but you know what I mean.

          1. Michael Strorm

            Re: happens around 1:10

            @PhilipN; What a bizarre non-sequiteur, but well spotted anyway!

            Looks like he's performing at The Cresset, which is apparently a venue in Peterborough (which ties in with this video coming from Cambridgeshire Police). (#) Unfortunately, you've missed the show on Feb 17th, 2017, but he's apparently doing another in October this year.

            If you'd have told me thirty years ago I'd have been able to look up this sort of thing online from a barely legible poster I'd also seen online, I'd have been utterly gobsmacked!

            (Also, I was surprised to find out that Wilde is almost 80, but then, he was famous in the late 1950s which is sixty(!) years ago).

      3. NBCanuck

        Re: Insurance Black Boxes

        "...saying they'd caught them doing around 100mph over a roundabout.

        FTFY

        I think I saw that video on YouTube. ;)"

        I know exactly the video to which you referred. Good launch, but kinda failed to stick the landing.

    2. Anonymous Coward
      Anonymous Coward

      Re: Insurance Black Boxes

      Once upon a time, somebody I know triggered the speed limiter in their car. The speed limiter was badly designed, as it caused a backfire and thus damaged the Mass Airflow Sensor. The Service Manager commented that the MAF Sensor failure was logged in the ECU while the car speed was 178 kmh. Somebody I know replied that the data logging must have been significantly delayed until the car had slowed down, since the backfire actually occurred at the speed limiter, well north of 200 kmh.

      1. DropBear Silver badge

        Re: Insurance Black Boxes

        The ECU probably doesn't go bananas at the very first bad reading from the MAF; by the time it decided "yep, it's definitely gone, time to log a fault" likely some time passed, hence the speed change...

      2. Wensleydale Cheese Silver badge

        Re: Insurance Black Boxes

        "The speed limiter was badly designed, as it caused a backfire and thus damaged the Mass Airflow Sensor. "

        I had similar with a car which had an LPG conversion. When using LPG, the rev limiter could trigger a backfire, damaging a seal somewhere, resulting in a distinct performance drop until the next time I visited a garage to get it fixed.

        The rev limiter was way too easy to trigger in first gear, so I ended up running it on petrol in town traffic, and using the much cheaper LPG only on motorways.

    3. The Man Who Fell To Earth Silver badge

      Surveillance Capitalism

      We live in a Surveillance Capitalism system. Government piggybacks on it, and taxes it, so will only engage in cosmetic limitations of it.

    4. Dazed and Confused Silver badge

      Re: Insurance Black Boxes

      > saying they'd caught them doing over 100mph round a roundabout.

      I've just got insurance for my son which requires a black box. The cost difference is over £1000.

      On his first trip with it they logged him doing just over 40 in a 30 zone and included the location. It's a bloody great dual carriage way which has a 50 limit all the way down it.

    5. LucreLout Silver badge

      Re: Insurance Black Boxes

      Moral of the story: Don't trust those insurance black boxes.

      Entirely predictably, they're causing traffic chaos on the roads. There must be 15 or 20 cars near me with apology notices in the rear window explaining they have to go slow because of the box. Unfortunately, the people behind are too often afraid to overtake, thus leading to everyone on the road being stuck behind some little boy in a Corsa/similar, going nowhere near the speed limit, and braking /cornering as though the whole car was made of eggshells.

      1. EUbrainwashing

        Re: Insurance Black Boxes

        My son has driven with a black box for 4 years plus. The speed and time of day are the only metrics they use and his insurance has consistently been more competitive with this insurance co than any other quote. His driving style and braking reports are impossible to have a good report from, I have attempted to drive round the town like a tortoise and the subsequent report is absolutely not representative. The firm will not discuss the matter in meaningful terms but it matters not. My 21 year old is insured for £453.65 on a VW Fox this year with 4 years no claims. Hastings Direct. Smart Miles

  2. Steve Davies 3 Silver badge
    Big Brother

    So... who pays for the 3G/4G data connection?

    If all this data is being slurped who pays for the connection?

    If the slurp software can't phone home for a period does the car simply stop working?

    The ownership of the data is also questionable.

    Leasing is very popular which means that you don't own the car so slurping in IMHO out of your control. After all, the leasing company needs to know when to start billing you £1/mile once you have exceeded your miserly 4,000 miles a year that they give you in the lease don't they? /s /s /s

    If you own the car outright (bought upfront with cash and no finance) then IMHO, the data is yours. If you don't then holding title to the vehicle is not worth the paper it is written on.

    There are wider implications.

    I also see many similarities here with Windows 10 and the forced updates to non business users (even if there are ways around this, how many normal users would know how to block them?). MS are forcing changes on your computer. This could be construed as 'hacking' or Misuse and could be illegal.

    Then there are the appliances we all use at home. Increasingly these are 'connected' devices. Who do you sue if your device stops working because you have denied said appliance the ability to connect to your internet so it can 'phone home' at regular intervals?

    Lots of questions and very few answers. In the meantime, see Icon

    1. Remy Redert

      Re: So... who pays for the 3G/4G data connection?

      Ownership of maintenance data might be questionable, but location tracking and general usage information is very clear here in the EU. That belongs to whoever happens to be driving the car at any given time and cannot be collected or processed without explicit, informed consent. They also cannot claim it to be a condition of use (even in a leased vehicle) unless the data is absolutely required for the service they are delivering.

      EG, if you use the Onstar service, the company needs to have your location information when you press the button so they can help you or in the event of a crash. But there's no need to store that information.

      1. Prst. V.Jeltz Silver badge

        Re: So... who pays for the 3G/4G data connection?

        That belongs to whoever happens to be driving the car at any given time

        No it dosent. I own the company and hence the vans (and the drivers) .

        That data is mine!

        /devilsadvocate

        1. Sir Runcible Spoon Silver badge

          Re: So... who pays for the 3G/4G data connection?

          I really don't think you *own* the drivers.

        2. Wensleydale Cheese Silver badge

          Re: So... who pays for the 3G/4G data connection?

          "No it dosent. I own the company and hence the vans (and the drivers) ."

          Yes rhe vehicles are yours but take note of employee tracking laws.

          Could be tricky...

      2. Anonymous Coward
        Anonymous Coward

        Re: So... who pays for the 3G/4G data connection?

        From Nissan Leaf manual

        "Your agreement to the transmission and use of data by NISSAN can be provided in various ways. The vehicle is equipped with a “pop up” screen on the vehicle navigation system that will ask for your consent to this data transfer. A version of the following message will appear:“Pursuant to subscription agreement, your vehicle wirelessly transmits recorded vehicle data to NISSAN for various purposes, including NissanConnectSM EV Services services, product evaluation, research and development. By pressing OK, you consent to the transmission and use of your vehicle data. Refer to the Owner’s Manual or NISSAN Owner’s portal webpage for terms and details.”If you press [OK], your vehicle will transmit data as designed in connection with the vehicle telematics system. If you press [Decline] your vehicle will not transmit data. However, the telematics features referenced above, and perhaps others, will not be available to you. The vehicle’s static navigation system will remain operational, and you will be able to access your radio and climate controls. "

        I think NISSAN pays - there is no obvious monthly charge.

        1. Anonymous Coward
          Anonymous Coward

          Re: So... who pays for the 3G/4G data connection?

          The cost must be built into the price of the car.

        2. Alan Brown Silver badge

          Re: So... who pays for the 3G/4G data connection?

          "The vehicle is equipped with a “pop up” screen on the vehicle navigation system that will ask for your consent to this data transfer"

          Last time I drove one there was no other option but "yes" - this would constitute forced consent which is illegal under GDPR.

          Did Nissan make a change to all the _old_ installations?

          1. OVah2eze
            Go

            Re: So... who pays for the 3G/4G data connection?

            "The vehicle is equipped with a “pop up” screen on the vehicle navigation system that will ask for your consent to this data transfer"

            On an older leaf, it is not necessary to either agree or dissagree. Simply ignore the "pop-up" and press the key of the function you want, such as map, menu, or radio. Simple. Sadly, there is no way to disable the pop-up either, with a permanent "yes" or "no". Designed by a lawyer, methinks.

      3. JohnFen Silver badge

        Re: So... who pays for the 3G/4G data connection?

        "Ownership of maintenance data might be questionable"

        It shouldn't be. Any data generated by me and/or machinery that I own, is mine. That includes maintenance data, telemetry data, everything. Whether or not the law agrees with this stance is irrelevant to me.

    2. JeffyPoooh Silver badge
      Pint

      Re: So... who pays for the 3G/4G data connection?

      That's the actual question. Such a persistent and supposedly well used mobile data connection would normally cost at least $50 per month.

      If people don't want this, then dig around in the boxes, find the SIM Card (assuming / 90% odds), and yank it. Or find and unplug the cellular network antenna connector (replace it with a dummy load if you're feeling generous).

      Or, bonus points, hacked into their network to reach the internet, and then use your car and their "Cost Free" network to have unlimited free mobile (or home) internet.

      1. SamX

        Re: So... who pays for the 3G/4G data connection?

        I vaguely remember Amazon had a deal with mobile carriers to allow Kindle owners to download ebooks whenever they want, in whichever network they are in in. Device owner don't pay anything and I guess they get internet only for the white-listed Amazon website. Similar arrangement might exist for blackboxes.

        1. HPCJohn

          Re: So... who pays for the 3G/4G data connection?

          Amazon Kindle - the network is known as Whispernet.

        2. cycas

          Re: So... who pays for the 3G/4G data connection?

          I've still got one of the kindles with that deal. It gives access to the entire internet, not just amazon, for free ,anywhere it can find a signal of any kind.

          Admittedly, you are accessing on a kindle in black and white, so functionality is limited, but it was still a pretty good deal for the extra 20 quid I paid when it was new!

      2. JohnFen Silver badge

        Re: So... who pays for the 3G/4G data connection?

        "Such a persistent and supposedly well used mobile data connection would normally cost at least $50 per month."

        Not for this sort of thing -- vehicles use a different sort of system (still over the cell network) that has rather limited bandwidth and isn't paid for on a per-unit basis. I forget what the estimate for the per-vehicle cost was, but it wasn't significant.

    3. JetSetJim Silver badge

      Re: So... who pays for the 3G/4G data connection?

      The SIM used is highly likely to be filtered onto a special APN, either via a custom MNC, or by IMSI filtering. That APN *should* be configured to only allow access to specific car manufacturer/insurer servers (depending on who supplied it), and so the SIM should be useless for other purposes.

      When a manufacturer sticks these in the cars, they've normally negotiated a "zero-cost APN" with the operator, and so for the expected lifetime of the car (or perhaps just the warranty period) all usage of that SIM by the car will not cost a penny/cent.

      Now, in the case of a car manufacturer doing this, I'm sure permission for data capture is buried in the T&Cs of whatever "service" you've bought that requires this embedded SIM (e.g. proper traffic updates rather than the useless ones embedded in FM transmissions).

    4. Wayland Bronze badge

      Re: So... who pays for the 3G/4G data connection?

      " If you don't then holding title to the vehicle is not worth the paper it is written on."

      You don't hold the title to the vehicle. The 'log book' document specifically says THIS IS NOT PROOF OF OWNERSHIP. The DVLA own your vehicle, you are simply the keeper and the driver. Driving is illegal which is why the DVLA have to sell you a licence.

      1. YetAnotherLocksmith

        Re: So... who pays for the 3G/4G data connection?

        The DVLA doesn't own the vehicle, you plonker. Have you ever been to a scrap yard?

      2. JohnFen Silver badge

        Re: So... who pays for the 3G/4G data connection?

        "You don't hold the title to the vehicle. The 'log book' document specifically says THIS IS NOT PROOF OF OWNERSHIP."

        This must vary by state (or nation? I'm speaking from the US). In my state, you get a title to your vehicle that is specifically and legally proof of ownership.

        1. Sir Runcible Spoon Silver badge

          Re: So... who pays for the 3G/4G data connection?

          I can see where Wayland is coming from with that comment, but it doesn't cover vehicle use on private land - you don't need a licence for that, so driving *isn't* illegal without a licence.

          1. JetSetJim Silver badge

            Re: So... who pays for the 3G/4G data connection?

            >I can see where Wayland is coming from with that comment, but it doesn't cover vehicle use on private land - you don't need a licence for that, so driving *isn't* illegal without a licence.

            Perhaps he is about to mount a legal challenge to the Under 17 Car Club and other such organisations

      3. Medical Cynic

        Re: So... who pays for the 3G/4G data connection?

        "You don't hold the title to the vehicle. The 'log book' document specifically says THIS IS NOT PROOF OF OWNERSHIP. The DVLA own your vehicle, you are simply the keeper and the driver. Driving is illegal which is why the DVLA have to sell you a licence."

        It'ts not proof of ownership, as the owner of the car doesn't need to be registered at DVLA - just the person who keeps [and uses] it.

        The vehicle may be owned, eg, by a hire purchase company. You still keep and use it, but YOU don't OWN it until the finance is all paid off.

      4. Haurong Knubie

        Re: So... who pays for the 3G/4G data connection?

        No they don't, it's just a safeguard in case the holder is offering a car for sale that they don't actually own.

    5. werdsmith Silver badge

      Re: So... who pays for the 3G/4G data connection?

      After all, the leasing company needs to know when to start billing you £1/mile once you have exceeded your miserly 4,000 miles a year that they give you in the lease don't they?

      Yes, but they already have the tech to do that. They just read it off the dashboard when you return the car and bill accordingly.

  3. Anonymous Coward
    Anonymous Coward

    'Is it there to protect me or monitor me'

    We all know where this is going... The FaceBookCar surveillance economy!

    The question is whose fighting-back, including refusing to buy a 'spying' car.

    Smart-TV's are now almost ubiquitous in every store in the world. Choice???

    ~~~~~~~~~~~~

    https://www.theregister.co.uk/2018/02/14/connected_vehicles_data_and_privacy/

    https://www.bloomberg.com/news/articles/2018-02-20/the-car-of-the-future-will-sell-your-data

    https://www.bloomberg.com/news/articles/2018-02-20/crunching-car-data-for-cash-an-israeli-startup-takes-on-google

    1. Voland's right hand Silver badge

      Re: 'Is it there to protect me or monitor me'

      He should not be even asking the question. It is the latter and the sole purpose is to extract more money from him.

    2. Flywheel Silver badge

      Re: 'Is it there to protect me or monitor me'

      fighting-back, including refusing to buy a 'spying' car

      It'll be a case of one manufacturer doing it, they'll all start doing it. It reminds me of the handbrake issue - have you tried finding a car with a manual handbrake these days? No - they're nearly all electronic (and more fallible than manual ones)

      1. frankieh

        Re: 'Is it there to protect me or monitor me'

        and even worse, they are nowhere near as much fun for when you need to change direction quickly.

  4. david willis
    Megaphone

    Sleepwalking Into Disaster

    I guess the only way people will start taking cybersecurity seriously is when somebody does slam a full passenger airliner into the ground.

    My guess is they will not have been trying to crash it, in the same way it is unlikely somebody planned wannacry to take out the NHS.

    It will most likely be collateral damage caused by some other well meaning piece off software - think of the problems being caused by Stuxnet variants.

    That doesn't mean to say that there are not people who would crash the NHS or an airliner.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sleepwalking Into Disaster

      All they will do is ban laptops and gadgets from the flight, meaning we will need to buy new devices when we land....

      The scary thing is that all the security theatre they have is almost pointless and we are lucky only stupid people are willing to blow themselves up with a plane....

    2. Rich 11 Silver badge

      Re: Sleepwalking Into Disaster

      That doesn't mean to say that there are not people who would crash the NHS

      Several dozen of them are in Parliament, quivering with joy at the prospect of forcing the country into a hard Brexit.

      1. pɹɐʍoɔ snoɯʎuouɐ

        Re: Sleepwalking Into Disaster

        " quivering with joy at the prospect of forcing the country into a hard Brexit. "

        totally off topic, but now that were are to have brexit, then a soft brexit will amount to staying in the EU, but without having a voice, we will have to do everything the EU tells us to do, and the way the "negotiations " have been going a lot of it is going to be just out of bitterness, ... Its clear that the EU are playing hardball and will not agree reasonable terms, so a hard brexit it must be....

      2. Stu Mac

        Re: Sleepwalking Into Disaster

        Yaaaaaaawn. Even here? <sigh>

    3. Anonymous Coward
      Anonymous Coward

      Re: Sleepwalking Into Disaster

      > I guess the only way people will start taking cybersecurity seriously is when somebody does slam a full passenger airliner into the ground.

      Well, when it's an aircraft that doesn't really "hit home" (pun intended) for most people, as they don't fly very often.

      If some group does a co-ordinated strike using remotely-taken-over car or truck transport, that would likely give people more of a wake up call.

      That's not discounting your bug causing havoc thought either. That's also feasible.

      None of the above are good, and it's not a situation we should have sleepwalked into, which is your whole point I guess.

    4. FromTheRoot

      MH370 or others?

      Who says someone has not done caused a plane crash by programmatic means, already?

      What you think they would tell you if someone had?

      1. Danny 14 Silver badge

        Re: MH370 or others?

        problem is with brexit, in order to negotiate you must have something the other side wants. we have trade and thats about it. A hard brexit stance from the beginning would have been better as countries would simply sort deals under the table and make them official later. as of now 18 months has been wasted on talking about irish border.

        1. YetAnotherLocksmith

          Re: MH370 or others?

          If we do Brexit, what laws will allow the data that let's the car work cross into the EU from the UK?

          And during the 6 months of crisis and routing, will your car still work? (Trick question: no, because there won't be any fuel)

        2. Anonymous Coward
          Anonymous Coward

          in order to negotiate you must have something the other side want

          You provide a disproportionate amount of the EU's defense.

        3. mistersaxon

          Re: "wasted"

          The whole point about the Irish border is that the GFA was negotiated on the basis that we would be part of the EU and there's really no way around it without the Brexiters' magic unicorn powers. And that means there's no way round it. Brexit - ANY Brexit - trashes the GFA.

          Now clearly you don't care (though why not is a question you need to ask yourself seriously). But I believe that Brexit isn't worth restarting a war for. So let's just scrap it.

          What we SHOULD have done is used the referendum to make a credible threat of leaving and negotiated some more candy. Too late now - anyone with half a brain (most of the EU and at least 48% of the UK electorate) knows Brexit is a disaster waiting to happen. That bluff has already been called.

  5. Christopher Reeve's Horse

    Richard Feynman

    His story about safe cracking at Los Alamos is a perfect example of this kind of thinking. He was regarded as the security risk after announcing he could open an important safe at the high security site. The question of the safe not being fit for purpose failed to be addressed.

    1. DropBear Silver badge

      Re: Richard Feynman

      It's a mindset. If people cracking such safes would routinely come and go all around the place, the safe being unsafe would be self-evident and well understood. Seeing as how that's not the case, the safe used to be "fine" (sufficient against all actual threats, by virtue of there being hardly any) all the way until he showed up and proved it not so. The kind of people who think that reasoning like "it would still be fine if you hadn't messed with it" makes perfect sense tend to love to shoot the messenger, just so they can go back to "nobody capable to mount a credible threat left standing (that we can see), so we're perfectly safe again".

      That said, nobody ever will shake your hand and thank you for embarrassing them - and the unusually enlightened exceptions who do are incredibly few and far between; so if you plan on doing that sort of thing to someone, you better be damn sure that either they are definitely in that minority or that you're bulletproof, before you hand them a loaded gun and announce you pwned them...

      1. Giovani Tapini

        Re: Richard Feynman

        In the Feynman incident the safes were all using the shipped, default, and ubiquitous combination. Therefore a perfectly credible threat and its non-safety SHOULD have been self evident.

        It was also noted that there was a real spy sharing information at the time and therefore, at least to those with any sense, the additional difficulty in discovering safe combinations may have been useful

        The result, as discussed above, was shoot the messenger, and supress the story, not resolve the issue.

        1. JeffyPoooh Silver badge
          Pint

          Re: Richard Feynman

          GT noted, "In the Feynman incident the safes were all using the shipped, default, and ubiquitous combination."

          I've read about a half dozen books about this, including at least one by Feynman himself. They don't match your "all" claim as quoted above. He tells of several different approaches (brute search, birthdays, numerical constants, social engineering, etc.), not simply dialing in an unchanged default combination.

        2. Anonymous Coward
          Anonymous Coward

          Re: Richard Feynman

          Not quite; according to his autobiography - day to day safes he had worked out how to read off the last two numbers of the code by fiddling with the safe locks when open. But the big central safe was using the manufacturer default.

          1. YetAnotherLocksmith

            Re: Richard Feynman

            I could tell you many, many stories about that...

      2. JohnFen Silver badge

        Re: Richard Feynman

        "nobody ever will shake your hand and thank you for embarrassing them"

        Those people are misunderstanding the situation -- nobody is embarrassing them, they're embarrassing themselves.

    2. a_yank_lurker Silver badge

      Re: Richard Feynman

      A case of 'shooting the messenger' and not fixing the problem. The general problem with data logging and phoning home is it requires access to the network (same problem with IoT). Once you have a network connection the originating device can be discovered and hacked. Once hacked all sorts of nasty scenarios can play out, even if they are fairly rare. The best solution is to rethink the 'need' for many devices to have a network connection (including planes and cars). If some devices must have a network connection, limit the connection and access to underlying systems. (GPS has no need to access engine controls to be effective.)

      Many non-experts in security refuse to consider the implications of 'always on and connected' for security and safety. So they are satisfied with inadequate security, if any. And much like the safe, security is more theater than effective.

      1. Anonymous Coward
        Anonymous Coward

        Re: Richard Feynman

        As much as the media like to portay the multitude of malicious hackers out there, the vast majority of the people with the requisite skills to hack with ill intent (rather than just a money grab with malware) are probably not inclined to do so.

        Should they ever *become* inclined to do so is when investment in security tech will pay dividends. That film I'm not supposed to talk about just popped into my head for some reason.

        1. JohnFen Silver badge

          Re: Richard Feynman

          "the vast majority of the people with the requisite skills to hack with ill intent (rather than just a money grab with malware) are probably not inclined to do so."

          This.

          My circle of friends has a high percentage of people who know how to hack, and most are at least reasonably skilled at, and have the tools for, things like lockpicking as well. If any of them has every employed their skills with ill intent, I'm unaware of it.

      2. JohnFen Silver badge

        Re: Richard Feynman

        "The general problem with data logging and phoning home is it requires access to the network"

        That is a problem, but I think there's a more general problem that has nothing to do with the security of the communications link: data logging and phoning home means that you are trusting the entity collecting the data to use it properly and correctly. However, it's clear that such trust is very misplaced.

  6. Doctor Syntax Silver badge

    "Some insurance firms offer cheaper insurance to careful drivers, based on readings from telemetry devices and sensors."

    There's a GDPR case in the offing! Lawyers could get fat on the fine detail of that.

    1. Anonymous Coward
      Anonymous Coward

      How so when you are consenting to be monitored?

      1. fajensen Silver badge

        My passengers did not sign any consent thingie. My wife also didn't. Someone borrows the car, doesn't sign the consent form.

        1. Anonymous Coward
          Anonymous Coward

          >My passengers did not sign any consent thingie. My wife also didn't. Someone borrows the car, doesn't sign the consent form.

          Aren't they then driving without insurance? All the named drivers will have had to sign the consent form when the insurance was taken out.

          1. }{amis}{ Silver badge
            Holmes

            "Aren't they then driving without insurance?"

            I don't know about the R.O.W. but in the UK if you own a vehicle with fully comprehensive insurance you usually get what's called a third party extension, which allows you to drive pretty mutch any vehicle you are licenced for with 3rd party cover on your insurance.

            1. Red Ted

              Re: "Aren't they then driving without insurance?"

              I really would not recommend driving much on "3rd Party Only" insurance.

              It's a useful arrangement to allow you to get out of a logistical fix, but if you pang it, you're liable for the full cost of the damage to the car.

              1. Anonymous Coward
                Anonymous Coward

                Re: "Aren't they then driving without insurance?"

                I really would not recommend driving much on "3rd Party Only" insurance.

                It's a useful arrangement to allow you to get out of a logistical fix, but if you pang it, you're liable for the full cost of the damage to the car.

                -----------------------------------------------------------------------------------------------------

                Not with a standard policy. in this country.

                The insurance company is legally bound to insure if it said it would... and they all do, else they would not sell any policies.

                1. John Brown (no body) Silver badge

                  Re: "Aren't they then driving without insurance?"

                  "Not with a standard policy. in this country.

                  The insurance company is legally bound to insure if it said it would... and they all do, else they would not sell any policies."

                  In that case, the standard policy in "this country" doesn't do 3rd party only cover since by definition, "3rd party only cover" only covers the damage caused by the driver/car to the property of a 3rd party. Back before I drove a company car, I had my own rust bucket insured on the cheap for 3rd party, fire and theft only. If I caused the accident, 3rd party property damage would be covered, but not my old rust bucket. I would have had to pay for those repairs, or just scrap it.

                  1. Danny 14 Silver badge

                    Re: "Aren't they then driving without insurance?"

                    third party cover via fully comp is only via permission. It could be argued consent occurred when permission was sought and granted.

              2. John Brown (no body) Silver badge

                Re: "Aren't they then driving without insurance?"

                "It's a useful arrangement to allow you to get out of a logistical fix, but if you pang it, you're liable for the full cost of the damage to the car."

                It's a pretty small risk, albeit with a potentially high cost, but most people don't actually have accidents in cars. One or two in a lifetime maybe, but it's not, for the vast majority of people, a frequent enough occurrence to be worry about.

            2. Wensleydale Cheese Silver badge

              Re: "Aren't they then driving without insurance?"

              "I don't know about the R.O.W. but in the UK if you own a vehicle with fully comprehensive insurance you usually get what's called a third party extension"

              In various bits of Europe (Holland, Germany, Switzerland to my knowledge, maybe more), the legal minimum for insurance includes any driver.

            3. JohnFen Silver badge

              Re: "Aren't they then driving without insurance?"

              This is how my policy in the US works. Also, anyone I loan my car to is covered under my own liability insurance, except members of my own household.

            4. Clarecats

              Re: "Aren't they then driving without insurance?"

              "I don't know about the R.O.W. but in the UK if you own a vehicle with fully comprehensive insurance you usually get what's called a third party extension, which allows you to drive pretty mutch any vehicle you are licenced for with 3rd party cover on your insurance."

              No, it doesn't work that way where I live. Unless you are a motor dealer, you are insured for the car you own/ keep. Each vehicle and driver has to be specified for additional insurance on the policy.

              If you drive a van, you can't transfer your insurance to a car temporarily, because more passengers can fit in a car than a van.

              Being a named driver on someone else's policy does not count towards a no-claim bonus; and you can come out of a few years of 'named driver' and still be considered a first-time insured driver by a firm. This implies that the firm is more concerned about whether its premiums will get paid by the new paying customer.

          2. Anonymous Coward
            Anonymous Coward

            "Aren't they then driving without insurance? All the named drivers will have had to sign the consent form when the insurance was taken out."

            No.

            Any licensed driver who does not live with you and does not regularly and often drive the vehicle who drives the vehicle with your permission is covered by the insurance.

            Any person who lives with you and is listed on the insurance policy as an additional driver does not need to sign anything.

        2. 's water music Silver badge
          Trollface

          My passengers did not sign any consent thingie. My wife also didn't. Someone borrows the car, doesn't sign the consent form.

          Perhaps you (the policy holder) are now the data controller with the insurance co as your data processor. Naughty you, tracking your wife and friends

  7. werdsmith Silver badge

    Someone borrows the car, doesn't sign the consent form.

    They are anonymous.

    This would be the point of the insurance black box. If you lend someone the car and they blow your speed limits and corner like Max Verstappen then they are going to destroy your discount and the insurance company won't be able to assign any of the data to the borrower because they don't know who is driving. It all comes back to the policyholder, so it is up to them to manage the situation.

    1. Giovani Tapini

      wont be long until you have to log in to sit in the car

      passes the plausibility test.

    2. Anonymous Coward
      Anonymous Coward

      Someone borrows the car, doesn't sign the consent form.

      They are anonymous.

      --------------------------------------------------------------------------------------

      No, they are not.

      Location tracking data is surprisingly easy to link to an individual.

      1. werdsmith Silver badge

        Location tracking data is surprisingly easy to link to an individual.

        Not the point. The insurance company doesn't give a shit because the black box is assigned to the insured. They won't be trying to get hold the other driver's phone data because they don't need to and it's an expense they don't want.

  8. stiine
    Mushroom

    What about the Toyotas that get sold to the Middle East ...

    Well, for one thing, they usually get a pintle-mounted machine gun, and likely as not get blown up, so I don't see how keeping the ECU up-to-date is going to matter in the least.

    1. Anonymous Coward
      Anonymous Coward

      Re: What about the Toyotas that get sold to the Middle East ...

      That's just technical detail

    2. Anonymous Coward
      Anonymous Coward

      Re: What about the Toyotas that get sold to the Middle East ...

      Surprised they haven't had firmware updates to stop them from operating in sensitive areas, like DJI drones.

      1. Yet Another Anonymous coward Silver badge

        Re: What about the Toyotas that get sold to the Middle East ...

        You can hardly supply Toyota with a list of places in the middle East you plan on having a war in - they are Japanese, remember Pearl Harbour?

        DJI are Chinese, a trusted ally in the war on Canada

    3. Semtex451 Silver badge

      Re: What about the Toyotas that get sold to the Middle East ...

      Yes, built in Sat-phones may not be popular amongst this customer-base. At least they wouldn't be for long.

    4. Sir Runcible Spoon Silver badge

      Re: What about the Toyotas that get sold to the Middle East ...

      I thought you said 'pringle-mounted' and wondered if that would extend the range. /nerd

      1. Alistair Silver badge
        Windows

        Re: What about the Toyotas that get sold to the Middle East ...

        Awwww, Dammit Runcible, now I have to go out and buy snacks. And its about middle of Iraq hot out there ......

      2. Yet Another Anonymous coward Silver badge

        Re: What about the Toyotas that get sold to the Middle East ...

        I thought you said 'pringle-mounted' and wondered if that would extend the range. /nerd

        I thought you said 'pringle-mounted' and wondered if they had fitted machine guns to neds

        1. werdsmith Silver badge

          Re: What about the Toyotas that get sold to the Middle East ...

          It's really simple. If the car isn't going to work properly where you need it to work then you don't buy it.

      3. Korev Silver badge
        Coat

        Re: What about the Toyotas that get sold to the Middle East ...

        >I thought you said 'pringle-mounted' and wondered if that would extend the range.

        "Once you pop you can't stop"

  9. JeffyPoooh Silver badge
    Pint

    What exactly does he mean by this?

    Mr Roberts claimed, "I put a network sniffer on my truck to see what it was sharing. Holy crap!"

    By "network sniffer", he kind-of silently implies Ethernet and Wireshark. Which physical layer interface did he tap into? CAN bus? The OBDII socket (<- betcha)? Does he understand the basic difference between LAN (on-vehicle) and WAN (transmitted away)? Is this data he's found really being transmitted to an off-vehicle location? Did he tap it at the exact point of transmission back to Automobile OEM Spying-On-Customers HQ? Did he employ a Stingray on steroids to build a custom Man-In-The-Middle mobile data capturing system? Was the data encrypted, and he cracked it? How often is the location shared? How much data? Is it megabits per second?

    Isn't he the same guy that thought that he could take control of an airliner by accessing the In-Flight Entertainment system? He confused the GPS data, provided for the entertaining map display, with the ARINC 429 Busses which are clearly segregated. Unless he started pulling up floor boards and cutting into cables, then he was wrong in that case.

    And I suspect he's blowing smoke again.

    1. kain preacher Silver badge

      Re: What exactly does he mean by this?

      In your rush to make him look like a fool you show your lack of knowledge.

      "Which physical layer interface did he tap into? CAN bus? The OBDII socket (<- betcha)"

      Can bus is not a physical interface but a protocol. Some can bus networks can be accessed via blue tooth,wi fi, USB and Ethernet on cars. Accessing the OBII port allows you all kinds of access to the ECU and whats running on it.

      And yes you can use wire shark to sniff packets on the can bus.

      https://www.csselectronics.com/screen/page/reverse-engineering-can-bus-messages-with-wireshark/language/en

      https://canb.us/tutorials/Wireshark

      But there are also free packet sniffing tools for can bus. Available for Linux and windows

      1. Unicornpiss Silver badge
        Meh

        Re: What exactly does he mean by this?

        Well, if he's tapping the OBDII connector and exclaiming "Look at all the data that's being shared!", that would be just silly. Like breaking into someone's house by smashing a window with a brick, hiding behind the bedroom door to eavesdrop, then complaining that their intimate conversations are not secure. Just silly.

        I suppose it's possible Bluetooth or WIFI is being used, if there is some route from the entertainment/nav system to the vehicle's other buses. (like in the Jeep hack some years ago) If a BT connection is being used, the value of the data is pretty dubious unless you can actually control the vehicle. If you're just slurping GPS with BT, you're probably within sight of the vehicle anyway. If you're doing this over WIFI, I guess the question would be is the data available over a poorly-secured public IP, similar to someone that never changed the default settings on their router, or only if you've joined the LAN, which again, makes the range and relevance pretty low.

        So really there isn't enough data here to do more than raise other questions. We'd need to know what method was used to connect to the vehicle, and exactly what data is being shared, plus is this allowing control. Is it really that useful to view slurped data showing when the vehicle needs its next oil change? (maybe it would be if you could harvest the VINs of nearby vehicles) It would also be nice to know what brand of vehicle we're talking about here.

        1. kain preacher Silver badge

          Re: What exactly does he mean by this?

          "Well, if he's tapping the OBDII connector and exclaiming "Look at all the data that's being shared!", that would be just silly. Like breaking into someone's house by smashing a window with a brick, hiding behind the bedroom door to eavesdrop, then complaining that their intimate conversations are not secure. Just silly."

          infotainment systems like the ford sync 3 are connected to the ecu via can bus . They are also equipped with the ability to give you internet via cell network. SO what is being sen over the cell network back to the hive ?

        2. JeffyPoooh Silver badge
          Pint

          Re: What exactly does he mean by this?

          Unicornpiss skillfully summarized it thus, "...Well, if he's tapping the OBDII connector and exclaiming 'Look at all the data that's being shared!', that would be just silly..."

          Betcha that's exactly what he did.

          Based on his previous loopy claims about hacking an airliner via the in-flight entertainment system.

          1. Anonymous Coward
            Anonymous Coward

            Re: What exactly does he mean by this?

            +1. It does sound like the same sad bloke with "previous loopy claims about hacking an airliner via the in-flight entertainment system.". If not, it's sounding remarkably similar.

            Back then (2011? 2014?), there was very little hard evidence of what was actually claimed to have been seen, but when I did later find some allegedly definitive parts of the story, they showed what looked very much like a Solaris login screen as "evidence" [1] that he'd gained access to the on-aircraft network(s). And the audience lapped it up,especially the ones who were quietly delighted that this clown was diverting the audience from the real issues in safety-critical (and other) software and systems, and not just in aircraft.

            [1] See if you can find anything useful starting by searching for e.g. "For those who do not know, 747's are big flying Unix hosts. At the time, the engine management system on this particular airline was Solaris based. The patching was well behind and they used telnet as SSH broke the menus and the budget did not extend to fixing this. The engineers could actually access the engine management system of a 747 in route. If issues are noted, they can re-tune the engine in air."

      2. JeffyPoooh Silver badge
        Pint

        Re: What exactly does he mean by this?

        @kain preacher

        I believe that my post raised an important set of questions.

        Your criticism of my post is pretty lame. Starts off very fierce, but then rebuts only in the weeds. I'll concede your minor tidbits may be good clarifications, but they're quite trivial.

        Would you like try zooming out and responding to the actual larger points I raised?

    2. cd

      Re: What exactly does he mean by this?

      If his big truck has OnStar it's not beyond credibility that some phoning home was going on. But that's a "feature".

    3. isometric

      Re: What exactly does he mean by this?

      Very likely the telematics unit is connected via an IP/Ethernet network these days, probably to the vehicle central gateway . . . BroadR Reach ethernet being the current ethernet trend . . . all you need is a relatively cheap media converter to convert to 10/100 classical ethernet and it plugs into your laptop for wiresharking . . .

      Modern vehicles have (will soon have) an ethernet switch onboard, a port of which is usually presented on the ODBII connector for manufacturing software download and dealer software update and diagnostics. Almost nobody actually uses CAN on the diagnostics connector any more for anything serious - it's too slow . . . but it is supported and legally mandated for emissions control diagnostics so that Oily Dave at the garage can tell you what's wrong with your car without access to dealer diagnostics kit . . .

      There's a lot of change going on in the automotive industry at the moment in terms on onboard networking technologies, the security side of which leaves a lot to be desired . . . not that the existing technology set didn't also have its problems too . . .

  10. Chris Miller

    I've applied security updates to my car - downloaded from the internet and then applied via the phone app (also used to control/monitor other car functions remotely). It all went perfectly smoothly, but I have to say it was squeaky bum time - I get a bit nervous applying security updates to a phone costing a few hundred quid, 'bricking' a £40k motor is a whole 'nother thing.

    1. DryBones

      This is the correct way to do this. Which brand was it?

      1. Chris Miller

        It's a Mitsubishi Outlander PHEV, subject of the Pen Test Partners hack, which the security update was designed to address.

  11. pmitham

    I think its time to purchase "classics" that have no electronics in them. Hence no security risks! Just a carb, no EFI and a simple radio....Jesus the tinfoil hat types WERE RIGHT!!!

    1. HieronymusBloggs Silver badge

      "I think its time to purchase "classics" that have no electronics in them."

      For an added bonus, vehicles over 40 years old are also exempt in the UK from vehicle excise duty and, unless substantially modified, MoT tests.

      1. John Brown (no body) Silver badge

        "For an added bonus, vehicles over 40 years old are also exempt in the UK from vehicle excise duty and, unless substantially modified, MoT tests."

        ...and in the near future, banned from city centres or at least will be prohibitively expensive to drive there.

      2. Unicornpiss Silver badge
        Mushroom

        EMP

        "I think its time to purchase "classics" that have no electronics in them."

        Another benefit for the paranoid, is older vehicles like this are likely to still be usable if anyone ever manages to generate an EMP.

        1. werdsmith Silver badge

          Re: EMP

          I think its time to purchase "classics" that have no electronics in them. Hence no security risks!

          I like the idea except for the problem of when some chav in an Audi rams you then you will be sausage meat, meanwhile the Audi chav walks.

          1. Sherrie Ludwig

            Re: EMP

            "I like the idea except for the problem of when some chav in an Audi rams you then you will be sausage meat, meanwhile the Audi chav walks."

            I'll take my chances on a 60's era Mercedes sedan (real steel) with fitted lap and shoulder belt against anything recent up to a half-ton pickup. I may be shaken up, and whiplash is a possibility (no headrest) but I will be substantially intact, and likely able to drive away. We were t-boned while driving an older German compact some thirty years ago. The vehicle that blew the red light and nailed us was a modern for the time SUV. After the cops and report routine, we took out the tire iron, pried the fender away from the tire, and drove home. The tow truck picked up the SUV, at least most of the pieces of it.

            1. werdsmith Silver badge

              Re: EMP

              yeah.

              you don't want none of this modern safety cell shit. You'll take a steel chassis where all the impact sources are transferred straight to you with no attenuation.

              Screw those engineers and screw their manifold survivability improvements and their goddam airbags.

        2. Jake Maverick

          Re: EMP

          EMP are easy to generate when you know how.....you can build an EMP gun from bits of microwave and other things you probably have in your home....just surprised it doesn't happen more often....oh wait, anybody remember that spate of helicopter crashes that happened few years back....?

  12. Kev99 Bronze badge

    Beyond running the engine and collision avoidance I see absolutely no need for all of the computers in vehicles. There is especially no need for any of the computers to have transmitters built in. Receiving properly coded and encrypted updates yes. If the manufacturer needs to see what's going on connect thru a hard wire port as is currently done for diagnostics.

    1. Anonymous Coward
      Anonymous Coward

      Beyond running the engine and collision avoidance I see absolutely no need for all of the computers in vehicles. There is especially no need for any of the computers to have transmitters built in. Receiving properly coded and encrypted updates yes. If the manufacturer needs to see what's going on connect thru a hard wire port as is currently done for diagnostics.

      --------------------------------------------------------------------------------------

      Computers are used to chase the government imposed ever increasing fleet mileage mandates.

      And to replace physical solutions with software that has a near zero 'manufacturing cost'.

      The government wants you connected so they can track you.

      The manufacturer wants you connected so they can sell your data, which is now estimated to exceed the value of the car over its lifetime.

      You don't get a choice.

  13. Unicornpiss Silver badge
    Coat

    It's disgusting to sniff things on the bus..

    And may get you thrown off.

  14. jms222 Bronze badge

    Bike Garmin

    My GPSMAP60C will occasionally have me and my bike leap a mile and back again in seconds. That's a bit fast. Wouldn't surprise me if poorly written software picks up on this sort of thing and puts a black mark against you.

    (A newer Garmin said I had done 24,000 miles in about twenty minutes between Impington and Dry Drayton.)

    1. Yet Another Anonymous coward Silver badge

      Re: Bike Garmin

      (A newer Garmin said I had done 24,000 miles in about twenty minutes between Impington and Dry Drayton.)

      < nasel anorak voice of man in pub> what you did was take the wormhole at the back of Fenstanton, go through the galactic center and turn right at the spiral arm - it cuts out the whole junction at nether wallop. Alternately you can take the stargate at the little side road off the 3rd turning at the Fen Drayton roundabout

      1. Anonymous Coward
        Anonymous Coward

        Re: Bike Garmin

        ...and if you get it just right you can shave the distance down to about 12 parsecs.

        1. John Brown (no body) Silver badge

          Re: Bike Garmin

          Is that the Kestrel run over the moors?

          1. DavCrav Silver badge

            Re: Bike Garmin

            "Is that the Kestrel run over the moors?"

            Is that shopping for cheap beer in Yorkshire?

  15. Starace

    A relentless self promoter

    I continue to bow down to his talent to spout a lot of words while actually saying very little and meaning even less.

    If he had a real clue he might actually be dangerous.

    Clowns like this are damaging to the people doing genuine useful security work in these areas.

    Ps. Kain - if you actually knew anything you'd know the CAN standard includes both the physical and data layers. So don't try to sound clever by thinking that USB/WiFi/whatever protocol converters are CAN; they aren't. They're just a way of getting at the data without fucking about too much by turning raw CAN into something where you can read the packet content.

    And if the data is on an internal bus not the OBD or an infotainment one then it doesn't matter what's on it because it isn't exposed.

    I suspect Roberts didn't even look at all to see what data was there let alone try anything clever, he just made a statement and let the credulous run with it. Minimum effort solution.

    1. kain preacher Silver badge

      Re: A relentless self promoter

      Read Can bus is use to connect all of that stuff. Yes you can access the can bus via the obd-II port. My point still stands . If you have and wi fi or cellar data as part of your infotainment system the then can bus is exposed .

      https://www.just-auto.com/interview/car-infotainment-hacking_id141351.aspx

      Oh look a can bus logger that works through the OBDII port.

      CAN bus is one of five protocols used in the on-board diagnostics (OBD)-II vehicle diagnostics standard. The OBD-II standard has been mandatory for all cars and light trucks sold in the United States since 1996.

      "USB/WiFi/whatever protocol converters are CAN"

      I never did. What I said is it can be accessed via wifi. OBDII . You don't have to use the dedicated serial port to access CAN

      Oh look VW puts the infotainment system on the CAN bus

      http://www.volkspage.net/technik/ssp/ssp/SSP_238.pdf

      Oop looks like can bus is access via the OBD II port and is part of the specs.

      CAN bus is one of five protocols used in the on-board diagnostics (OBD)-II vehicle diagnostics standard. The OBD-II standard has been mandatory for all cars and light trucks sold in the United States since 1996. The EOBD standard has been mandatory for all petrol vehicles sold in the European Union since 2001 and all diesel vehicles since 2004

      I

      1. isometric

        Re: A relentless self promoter

        Oh dear . . .

        You do realise that there are 6+ CAN busses in a modern vehicle ? and that they are not directly connected together . . . ?

        You do realise that the CAN bus connected to the infotainment system is not the same one connected to the ODBII port, or the drivetrain bus, or the body control bus, or, or . . .

        You do realise that there is a CAN (and other bus technologies, LIN, Flexray) bus router between the ODBII port and the internal CAN busses ?

        Do you understand anything real about actual vehicle electronics architectures ? . . .

  16. Anonymous Coward
    Anonymous Coward

    RE. Re. Bike Garmin

    (nasal bloke at pub)

    "This one time I took a short cut through the Cardiff Rift. Ended up with alien parasites in the car, missing time and a near miss with a blue police box which just appeared in the road with no warning at all..."

  17. Sproggit

    Insurance Black Boxes and the GDPR

    I am not a lawyer.

    It is possible - just possible - that the inclusion and use of black boxes [such as those fitted in cars by manufacturers] may fail various tests within the GDPR.

    Firstly, if it could be shown that the vehicle can continue to function without having to "phone home" large amounts of data, then provisions around the "lawful basis for processing" might come to bear.

    Secondly, it is likely that the processing being performed would fail the "transparency" provisions.

    Third, I'm not aware of any vehicle manufacturer [this is not true of insurance companies, as a previous post notes] which allows the owner of a vehicle to "opt out" of the data collection.

    As others have stated, a significant part of the basis for determining whether or not this data slurping is legal will pivot around vehicle ownership. If you are a company car driver or your vehicle is part of a lease fleet, you are almost certainly out of luck. However, the same is likely to be true if you are buying on any form of credit or hire purchase deal, at least until the vehicle is fully paid for and entirely yours.

    But this last scenario brings in another question. Suppose the dealer from whom you buy a vehicle on credit decides to fit extra electronics [i.e. tracking] to the vehicle in case you abscond with it. What happens when you make your final payment? Does that tracker get removed? Can you demand it?

    This is going to be a very murky world of conflicting legal opinions until sufficient case law has been hammered out to make sense of it. Even then, I just can't see this going well for the private motorist that doesn't want to be spied upon. The temptations [for manufacturers and governments] are simply too great.

    1. HellDeskJockey

      Re: Insurance Black Boxes and the GDPR

      Here in the states they actually have those devices. If you have poor credit you can buy a used car but it comes with a tracker/disabler. Miss a payment and the car can be disabled and tracked then repossessed if you do not make prompt payment. You "consent" to this so it's legal. If you don't consent they will not sell you a car.

      A friend has one. Nice guy, but not the best credit risk.

  18. FromTheRoot

    Only truly safe place at the moment

    Is the Amazon rainforest.

  19. darklord

    so data comes out. doesn't mean you can gt data in.

    a bit of a non story me thinks. I work with airbus on this type of stuff and they certainly are not on the fence. there world leaders in cryptographic devices

    Sounds like someone hasn't had any press for a few weeks.

  20. Jtom Bronze badge

    Stay retro

    Ugh. Well, I have a 1997 Honda Prelude, and a 2001 Honda S2000 sports car. Yep, haven’t bought a car in 17 years. Thirteen years without a car note to pay. No electronics other than that needed for the engine, assessories like AC, lights, etc, and a radio/CD player. All you can do is drive and listen to music. And that’s all I want to do with a vehicle.

    Guess I'll keep them for another couple of decades.

  21. nextenso

    Police access to car ecu data

    Reading comments made where car speed is recorded in the stored ecu data, at what point do the Police, or do they already have ability, to remotely receive or read alerts that a vehicle has logged a speed in a location that warrants an automatic dangerous driving notification/prosecution.

    There is absolutely no technical reason why this can't be done and possibly the ability has already been designed in. Is there any data encryption for personal privacy, I doubt it.

    Scary thought as data monitored is much more than speed, e.g. where you were on a certain date/time when an incident occurred - thinking of the data trawl made by GCHQ on all our coms (which I am ok with to track terror planning). Not sure I want a modern car, I am keeping to my classic cars.

    1. Anonymous Coward
      Anonymous Coward

      Re: Police access to car ecu data

      Sure, automatic dangerous driving prosecutions could technically be done, but you'd want to be very, very sure that there was no way you could get a false positive on the underlying systems that trigger such alerts.

      Real life has come close to this at times. A colleague of mine was once brought before a court on a speeding charge - the local authority who ran the camera tried to claim that he'd been doing 178 mph down the high street, just a few seconds after he'd made a U turn in his 15 year old VW scirocco. Obviously no-one had checked the camera data and had just rubber stamped it all the way through to the court summons. Judge/Magistrate wasn't impressed and dismissed the case.

      1. Anonymous Coward
        Anonymous Coward

        Re: prosecutions could technically be done, but you'd want to be very, very sure

        Has "being sure" been much of a pre-requisite for prosecutions in recent years?

  22. dmacleo

    using can bus in vehicles for all pcm items was bad idea, once obd-2 became mandatory (1996 iirc?) system should have used its own bus. can is low level with no built in (nor ability to add) security.

  23. JohnFen Silver badge

    There's one thing you can do

    "There's almost nothing you can do [as a user] to improve car security."

    There is one thing you can do: disable the damned communications system.

    Or, do what I do -- don't buy cars that have these systems installed in the first place. The day is rapidly coming when that means buying used cars, but used cars are a much better deal than new ones anyway.

  24. fraunthall

    There must be a way to counter vehicular spy hardware

    There must be some way to place a faraday cage or otherwise block electroic signals emanating from a vehicle's spy hardware. Amyone got any suggestions?

  25. Aodhhan Bronze badge

    This is what happens, when you vote in people who want bigger government.

    Tax and monitor.

  26. EUbrainwashing

    Flight 38

    Could it be possible to shut-down the computers/fuel-pumps/engines of a Boeing 777-200ER with a suitable transmission targeted at the aircraft? I am thinking British Airways Flight 38 from Beijing, China to London that crash-landed at Heathrow on January 17, 2008. I have always considered the official explanation to be too improbable.

    1. EveryTime Silver badge

      Re: Flight 38

      > "Could it be possible to shut-down the computers/fuel-pumps/engines of a Boeing 777-200ER with a suitable transmission targeted at the aircraft?"

      Perhaps, just faintly. There might be a two-way maintenance reporting link, and it might be faintly possible to compromise that and send an operational message that could destroy the engine.

      But there are so many levels of encryption, signing and sanity checks that doing so is effectively impossible. Not one-in-a-million impossible, rather heat-death-of-the-universe difficult.

  27. Jake Maverick

    5% discount on insurance? I don't drive...but I have young friends that the insurance company simply refuses to insure them unless they accept the tracking box and none of them have any idea of what it is doing/ sharing....and in other cases the difference in the bill is several thousands pounds, are several hundred % markup for those who do/ have the option of refusing if they want to drive. But with ANPR what real diff does it make? you think the pigyobs paid the copyright fee for 'yaba dabba do....?' I doubt it...

  28. nice spam database '); drop table users; --
    WTF?

    This website can keep its focus in the IT part when talking of things going on in countries that not only toy with nuclear weapons but also are currently in the process of invading other countries. Good. But this doesn't stay like this when they talk about socialist countries...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019