Maybe New Cars Aren’t Safer

A coworked alerted me to a paper presented at the 2010 Oakland Conference: Experimental Security Analysis of a Modern Automobile. I suggest you attempt to read the paper. It’s scary. Basically, the authors discovered how easy it was to take over a car’s network, doing this such as activating brakes, disabling or modifying the engine, changing the lights, radio, door locks, heat and A/C, and almost anything on the vehicle. It was evidently pretty easy to do. Now think about an adversary doing this, and you’ll be scared to drive a modern automobile. You can also see why Toyota’s sudden acceleration problem has been so hard for them to find, because there are just so many inputs that could have triggered things.

Now, to get you even more scared… according to Wired, the Feds are beginning to test interconnected automobiles. This is something we need to make highways more effective: cars that can communicate with each other to improve safety on the highway, eliminate human reaction times, and increase road density. But what can be used can be used for bad: imagine a malicious car on a connected road network. Imagine the havoc that could reign.

Makes me look back whistfully at some of the cars of my past that were not computerized. My 1968 Buick Skylark (“Werner Von Braun”): A hunking beheamoth of steel that got 12mpg if I was lucky, but was purely mechanical. My 1977 Toyota Corona (“Thomas Michael Something”), which was probably my last car to have non-computerized systems. The 1981 Nissan Stanza (“Beast”) that wouldn’t die. After that point, the computerized systems began to take over: I’m sure they were in the 1985 Nissa Stanza, the 1986 Toyota Camry, the 1992 Mercury Sable, and the 1999 Honda Civic.