• loobkoob@kbin.social
    link
    fedilink
    arrow-up
    8
    ·
    8 months ago

    If a car can receive OTA updates from the manufacturer, then it can receive harmful OTA updates from an attacker who has compromised the car’s update mechanism or the manufacturer.

    There’s potential for a very dystopian future where we see people assassinated, not via car bomb but via the their cars being hacked to remove braking functionality (or something similar). And then a constant game of security whack-a-mole like we see with anti-virus software. And then some brilliant entrepreneur will start selling firewalls for cars. And then it’ll be passed into law that it’s illegal to use a vehicle that doesn’t have an active firewall/anti-virus subscription.

    It almost feels like the obvious path things will go down. Yay, capitalism…

    I’m not totally opposed to software being used in cars (as long as it’s tested and can be trusted to the degree mechanical components are) but yeah, OTA updates just seem like a terrible idea just for a little convenience. I’d rather see updates delivered via plugging the car in (and not via the charging port - it would need to be a specific data transfer port for security reasons). Alert people when there’s an update, and even allow the car to “refuse to boot” if it detects it’s not on the latest version. But updates should absolutely be done manually and securely.

    • fubo@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      8 months ago

      Cutting someone’s brake lines has been a means of assassination for a while. What’s new here is that it could potentially be done remotely, e.g. an attacker in Bucharest targeting a victim in Seattle on behalf of a payer in Moscow.

      • FarceOfWill@infosec.pub
        link
        fedilink
        English
        arrow-up
        3
        ·
        8 months ago

        Remotely at scale.

        So yeah you could assassinate someone like that, or you could break every cars brakes at once and have thousands of simultaneous car accidents timed during some other infrastructure attack

      • dual_sport_dork 🐧🗡️@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        8 months ago

        And at any time.

        Cutting someone’s brake lines is all or nothing and can’t be done while the vehicle is already in motion. Anyone who is not an idiot will hopefully notice as soon as they start driving that there’s something wrong with the brakes. But you could brick somebody’s car remotely and without warning while they’re taking a curve on the interstate at 80 MPH, and that’d be a lot more problematic.

        In reality, few to no people outside of novels and Hollywood have actually been killed by some malefactor “cutting their brake lines.”