this post was submitted on 14 Jun 2023
18 points (87.5% liked)
United States | News & Politics
7306 readers
718 users here now
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The headline is very clickbaitey. Here is the body of the actual letter sent to manufacturers:
If you comply with the Mass. law, you may come into conflict with the Safety Act which preempts Mass.
While consumers should have access, this may open up a whole can of worms, safety-wise. A nefarious actor could misuse the system to remotely cause a crash.
If you leave a backdoor open and not properly secured, you'll be doing a nationwide recall.
Make sure you have everything secured, so only the authorized users have access.
You can't lock it all down, though. We may need access to the "black box" data for review of incidents. You may also need to leave openings to third parties that provide legitimate services, such as On-Star, etc.
https://www.documentcloud.org/documents/23846414-nhtsa-letter
One of the biggest concerns is when you start trying to see secure APIs and such, you quickly realize that what you did 5 years ago isn't nearly good enough today.
And most cars stay on the road for 14-some years.
I bet I could straight brute force any consumer grade security measure from like 2009 with the phone I'm typing on right now.
How can we expect auto manufacturers to secure their systems for 15 years?
While over-the-air updates are becoming a thing, it's not going to be financially attractive for auto makers to continue providing security updates for 15 year old cars.
I don't know what the solution it, but it's going to be challenging.
I mean, based on the requirements, we're going to end up with essentially little embedded servers in all ours cars, running some sort of tweaked version of Linux with "drivers" for various parts of the car's systems. Probably tapping into the same things that the OBD port uses.
Hopefully, it'll be something like a Raspberry Pi that can be both easily upgraded and hopefully replaced during warranty service when the inevitable vulnerabilities are discovered.
Part of the solution may be the GSA, Government Services Administration. When I was still working in tech, we had to guarantee 5 years of spare parts or replacements for all government contracts. GSA could start requiring software updates for up to 15 years. This would then become the norm and trickle out to consumers.
Sounds good in theory. But the switchover to electric is almost certainly going to have casualties. Not every company will survive, which means a lot of cars will have no support structure.
Maybe have car companies put the source code in escrow and have it released to public domain if the company goes belly up?
Having the software in my car maintained as OS isn't a great feeling. But it beats not having it maintained at all.
This is especially true as the break even point concerning EV vs ICE carbon footprints is at 89,000 miles. Many of us consider EVs for the environmental impact, so when you add into the lifetime of the product, the need for upgrades to keep them secure, it becomes a serious issue.
https://www.reuters.com/business/autos-transportation/lifetime-carbon-emissions-electric-vehicles-vs-gasoline-cars-2021-06-29/
Looking at your link, the 89,000 number comes from assuming that you fuel your EV using 100% coal-fired generation. Who does that?
Using the "U.S. average energy mix," the number is 14,800 miles. Or at least it was back in 2021 when this article was written. Given that the grid keeps getting cleaner every year, I assume that number has continued to improve.
And of course, that's just the average. There does seem to be some correlation between states that generate clean energy, and states that have lots of EVs.
So what they are saying is it's okay to have telematics as long as access is only for those who they want to have it. The presumption is that the protocol/system is inherently insecure, so restricting it is the best way to avoid issues.
Classic "security through obscurity."
This argument has been made so many times in different forms. It's like the open source versus proprietary approaches to hardware, software, etc. But I understand it's a little different here because the implications of updating a vehicle's firmware is a lot different than updating your Roku. It's not as easy to implement security mechanisms like public-key cryptography on an embedded vehicle ECU meant to run reliably at all costs.
But artificial air-gap isn't the answer either.