Consumer Watchdog, a consumer advocacy group, put out a report on the dangers of Internet connected cars. They received coverage on the nightly news. Their heart is in the right place, but we must question the accuracy of their conclusions.
Their report, "Kill Switch: Why Connected Cars Can Be Killing Machines and How Turn Them Off", covers how Internet Connected automobiles are vulnerable to cyber attackers.
They suggest the following:
- Automobile software/firmware that can be updated Over The Air(OTA)/via the Internet are "unfinished".
- Cyber attackers have access and can control all connected cars, so shut off the cars' Internet access.
- "White Hat" hackers and bug bounties encourage continual patching/improvement of software that was "never fundamentally secure".
These suffer from some misconceptions and flawed ideas.
From the report:
p 21
"However, it also allows the automaker to control the public message, covering up an inadequate solution, and ensuring a positive spin on what should be a public embarrassment."
Manufacturers benefit by "deflecting the public shame of selling consumers an unsafe product". Matches can be dangerous, usually due to user error/misuse yet we don't claim they're an unsafe product.
p 22
"So-called “responsible disclosure” is irresponsible when public safety is at stake."
Responsible disclosure involves working with manufacturers and vendors to fix discovered bugs. Public disclosure is avoided if cyber attackers can easily release exploits before manufacturers can test and release a patch. Public safety is a fundamental consideration of Responsible Disclosure.
p 44
"This “air gap” method is time-tested and very effective, as no matter how buggy the software, a hacker cannot cross the air gap from the remotely-accessible components to the components that control the car’s motion. "
That used to work. Then folks dropped USB flash drives with Stuxnet near an Iranian Nuclear plant. It turns out People can cross air gaps.
p 45
"Only in the last few years have we begun making cars remotely accessible via computer networks. It is therefore very unlikely that the features made possible by the “connected car” are things we cannot live without, at least until we can develop a safer way to implement them. "
Mechanics have had to use computerized diagnostics for quite some time now. We're not going back to a time of un-Connected cars. We must instead build more protections and safety as we do with our other computerized equipment.
"help restart the transportation infrastructure after a massive cyberattack"
If one's automobile is bricked, turning the Internet off and on again will never fix it.
"However, if cars were required to have the ability to disconnect from the Internet, we could restore our transportation infrastructure with the flip of a switch."
An Internet worm that can infect Thousands or hundreds of Thousands of automobiles in thousandths of a second can not be stopped by people manually flipping switches in seconds. It seems the watchdog group saw the same Fast & Furious movie I did but came to vastly different conclusions.
p 46
"CEOs of auto manufacturers should be required to sign personal statements and accept personal legal liability for the cyber-security status of their cars."
Looking at the VW emissions scandal and the Boeing 737 Max issues, Executives rarely have to take responsibility for security of products.
p 47
"Automaker “bug bounty” programs have demonstrated that vulnerabilities can be bought for a few tens of thousands of dollars"
A $10,000 DoS bug is not the same as a $100,000 Remote Code Execution bug. Nor a Volkswagen Beetle the same as a Tesla Model S. The higher the impact and usefulness of a bug, the greater the price. Bug Bounty programs do not greatly drive down the cost of high impact bugs.
"A clever hacker could even make it look like a third party was responsible."
Attribution of cyber-attacks to Attackers is a hard problem. Attacks arriving over the Internet to Connected Automobiles even more so.
"cars have been provably immune to cyber-attack because they weren’t connected to the Internet"
Some of the Automobile security research cited in the report included attacks against Non-Connected Automobiles. In one case music files were uploaded to the car's entertainment center which were able to exploit safety-critical portions of the car. No Internet access is not the same as being provably immune.
p 48
"every software update you receive on your smartphone or other connected gadget means the previous version of the software wasn’t finished."
Very simple programs can be proven bug free, any reasonably complex program or system can not be. Software is never "finished". Software updates ensure that Attackers can't exploit software, steal data, or damage your equipment. Updates also mean your software works better.
"Allowing automakers to update critical software frequently, easily, and away from public and regulatory attention"
Medical equipment is at risk due to a potentially long re-certification process when Operating Systems or firmware are patched to fix bugs. There is a trade-off between safety for people and safety of computerized systems. Even with regulatory attention, there have been computer security mitigations implemented to protect systems that may take a while to be patched. There is no need to sacrifice safety regulations entirely for equipment safety.
We can fix problems with Connected Cars. We don't need to cut ourselves off from the Internet to do so.
No comments:
Post a Comment