China will remove its tariffs on Canadian agriculture — including on canola products — if Canada scraps its levies on Chinese electric vehicles, that country’s ambassador says.
It’s a serious security hole cause the software can be updated through network, the version gets audit and all the follow up update can be good, but the moment it needs to go rogue you just need 1 malicious update to have serious and wide spread harm/attack on a button.
IMO for any vehicles to allow over the network update is beyond stupid. (yes, that includes Tesla.)
There are a few good defcon talks where it has been shown that the engine control and body control can be accessed and modified via the “infotainment” system (the one I saw specifically was Jeeps).
Once you’re inside a car that’s on, there really isn’t any security*. The OBD2 port that every remotely modern car has is perfectly capable of accessing all the diagnostics and data streams the car has, and can also control/reconfigure the various computers.
IMO that doesn’t really matter, since the system isn’t powered until the key is in the ignition and the car turned on. You can’t do anything with the key off, and if your passenger wanted to sabotage the car, they’d just yank the wheel as you drive down the highway.
That said, yes OTA updates are a travesty. Specifically because cars have so little security, having any access to their computers from the outside is a massive risk… And if there’s a potential that the country the manufacturer is in turns hostile, that risk certainly isn’t reduced.
* A handful of manufacturers have “added” security to their systems by… (drumroll pls) restricting access to the systems and requiring a subscription for full access. That’s fucking evil and doesn’t even do anything (at least for a mechanic or tinkerer like me) since you can just google “FCA bypass cable” and skip right past the firewall.
It’s a serious security hole cause the software can be updated through network, the version gets audit and all the follow up update can be good, but the moment it needs to go rogue you just need 1 malicious update to have serious and wide spread harm/attack on a button.
IMO for any vehicles to allow over the network update is beyond stupid. (yes, that includes Tesla.)
There are a few good defcon talks where it has been shown that the engine control and body control can be accessed and modified via the “infotainment” system (the one I saw specifically was Jeeps).
Once you’re inside a car that’s on, there really isn’t any security*. The OBD2 port that every remotely modern car has is perfectly capable of accessing all the diagnostics and data streams the car has, and can also control/reconfigure the various computers.
IMO that doesn’t really matter, since the system isn’t powered until the key is in the ignition and the car turned on. You can’t do anything with the key off, and if your passenger wanted to sabotage the car, they’d just yank the wheel as you drive down the highway.
That said, yes OTA updates are a travesty. Specifically because cars have so little security, having any access to their computers from the outside is a massive risk… And if there’s a potential that the country the manufacturer is in turns hostile, that risk certainly isn’t reduced.
* A handful of manufacturers have “added” security to their systems by… (drumroll pls) restricting access to the systems and requiring a subscription for full access. That’s fucking evil and doesn’t even do anything (at least for a mechanic or tinkerer like me) since you can just google “FCA bypass cable” and skip right past the firewall.