Unpopular opinion ahead. Having worked in the security industry for a few thousand years (computer years), I can say I would never own a car that can talk to the internet. I plan to move far away from cities very soon for this and several other reasons. People will argue about this and meanwhile the "impossible" will happen, repeatedly. I just replaced the engine and transmission in my non internet vehicle and hope to get another 500k miles.
I hear you, I just bought a new car and internet connectivity was a deal-breaker for me. Part of the reason I was in the market was I wanted to make sure to get one before it was impossible [1].
The dealers don't know about the cars at this level of detail. I had to use these questions to pry the data out of them:
1. Is this a connected car? Can I unlock it or start the engines from my smartphone?
2. Is that feature an option or is the feature part of the base model?
3. Can I get the connected feature later? Would I have to bring the car in to get something installed or can you enable them from your computer?
#3 is a really important question. Subaru (and perhaps others) ship all their cars with the hardware for connectivity, but the actual feature requires a subscription. The car is always connected to the internet, because the dealer can start your subscription remotely, but the salesmen don't understand that implication. They're thinking solely in terms of features you're getting, not what hardware the car has.
[1] It's almost impossible now to buy a new car without passive keyless entry that isn't a bottom-tier economy model, despite the well documented security problems with many of those protocols.
My parents had cars for a long time that you could steal by breaking the window and doing something moderately easy with a commonly available tool and the steering column. They never had their car stolen and if they did, their insurance would have replaced it. At a time when crime was higher in the US and it was significantly easier to fence cars and successfully live on illicitly obtained monies than it is today.
Given the above, convince me I should care about how hard it is to break into passive keyless entry cars?
The difference is in how easy it is to scale an attack.
Once an attacker can remotely hack a single car, they can hack all cars that have an identical configuration, with little additional cost.
What happens then? Even if insurance companies could replace all affected cars simultaneously (very unlikely), they’d have to replace them with a model that isn’t affected.
Passive keyless entry is not remotely hackable, it's locally hackable, that's not scalable and besides which cars sold today (with very few exceptions) can not self drive, so even if you could remotely unlock it you'd still need someone local to drive away with it.
You’re of course right about passive keyless entry and perhaps the GP has that confused with other features that do require an internet connection.
Anyway, even if it isn’t autonomous, suppose a car has a smartphone app that allows you to turn on the heating before getting in. And then someone exploits that and gains control over the heating. They could then proceed to drain the batteries or the fuel tank by leaving it on over night, let’s say.
Not exactly a threat to national security, but still a major inconvenience.
Not sure it was confusion, but rather intended as an example of how "high end" features spread to the bottom of the market quickly, such that in a few years nearly all new cars may be internet-connected.
> You’re of course right about passive keyless entry and perhaps the GP has that confused with other features that do require an internet connection.
I did not confuse anything. I only mentioned passive keyless entry in a footnote, as an example of an insecure technology that you can't really avoid anymore. You still have a chance to avoid "connected car" features, but in my estimation the days are numbered for that.
Numerous internet connected cars are remotely hackable and you can take over engine controls, steering, breaking. This was performed on live highways multiple times. DOT investigated at least one of the incidents involving some SUV's.
You don't have to convince them it's hacked, you just have to convince them that your car is not where you left it and that you really don't know where it is. Which is all you would actually know, like with any case of auto theft.
> Given the above, convince me I should care about how hard it is to break into passive keyless entry cars?
I don't really care if you care or not, it's your car, but I care.
Also, the issue with passive keyless entry isn't just theft of the car itself, its more often theft of its contents. It makes break-ins much easier to do undetected.
I ended up getting a 2017 Honda Accord V6 with Sensing. I got everything that I wanted, but had to compromise and get passive keyless entry.
The Toyotas Camrys also seemed good, except I couldn't find a V6 to test drive and they didn't have Android Auto.
Just a note: I'm not super-paranoid about my car getting hacked. I didn't want a cellular modem because I know I won't use whatever features it enables, and I didn't want my car to be ransomed for a bitcoin. I didn't want passive keyless entry because it didn't seem like much of a convenience, and it weakens security against petty theft.
My criteria, in priority order:
Must haves:
* V6 engine
* No cellular modem
* No passive keyless entry (not really available anymore, so I had to drop it as a dealbreaker)
Toyotas. Toyotas are really dumb cars with wheels and an engine. Granted they’ve got smarter recently but I like they haven’t gone too fancy. It’s still a dumb car that survives anything like a Nokia.
Your idea is sound, hopefully you have plans to service your car entirely by yourself?
From my personal experience, the service departments will happily download data from your car and sell it to the highest bidder. My case was simple: the dealer updated the mileage record in Carfax using the odometer reading from my warranty-provided oil change. The car is leased, so I'm 99% sure I had no way to opt-out.
Sounds innocent, but my insurance company was watching. They extrapolated the mileage and decided I would cross the 7,500 mi/yr threshold - which triggered a premium hike. Funny thing - I didn't exceed 7,500 miles that year, but they already have my money now.
What else could a dealer read off your non-internet connected car when you bring it in?
This is just my own methodology, but I ask the local police / sheriff who the most reliable mechanic is. I then validate the number of tattoos on their team members. They must have a lot of tattoos and they have to be grumpy and their shop must be in a state of disarray. If they meet my criteria, then I have them do the work I can not do myself. This usually works out to be much less costly than working with a car dealership.
This is just my own unorthodox methodology. Your mileage may vary.
This is a good method. My mechanic has giant WE THE PEOPLE and eagle tattoos, the shop's office is a disaster zone, and he does a hell of a great job at a reasonable price. Nice guy though, so he'd fail the grump test.
Heh. I want a self-driving car. But I don't want an Internet-connected self-driving car.
This trend of doing everything over the Internet for no good reason other than business model is growing from just ridiculous and user-hostile into something that's actually dangerous to people's lives.
Last I heard, Alphabet's solution to the problem of self-driving was a tying the cars very tightly to Google Maps - reliably using just camera and lidar to make driving decisions apparently still isn't sufficient for self-driving but having a map showing the logic of traffic flows makes the process much easier (quick googling seems to indicate many self-driving solutions are similar here).
Thus it is going to be hard to avoid a network connected car and it seems likely that network will be the Internet.
> Thus it is going to be hard to avoid a network connected car and it seems likely that network will be the Internet.
Well, I agree that maps as a second source of information can be important for autonomous vehicles. However, I don't understand why "map" would imply "network connected". Offline navigation systems with detailed maps have existed and still exist for more than twenty years now. I fear that the "offline autonomous vehicle" will solely fail to manifest because of business decisions (online being "more convenient" for both the end-user and the company), not because of technical limitations.
Well, sure keeping maps offline could allow the connection to not be constant but the maps would require very frequent updating since being out of date could have dangerous consequences, and the updating would be most easily done by network.
Edit: which is to say, maps aren't really secondary parts of current systems but more like "co-primary" parts. The cars aren't planning identify traffic lights where they don't expect them.
Relying on a map at runtime for identifying traffic lights g is preposterous. A self-driving car that ignores any temporarily modified or new signaling would be a disaster.
Hey, I can understand not liking it but so far, maps are absolutely "integral" to the operations of self-driving cars. Maybe they'll be less "preposterous" later.
"Almost all of the fully autonomous vehicles currently allowed on public roads are still under the direct supervision of human pilots, and they’re only driving on roads that have been heavily studied and mapped in three dimensions."
or
"Cars will only be able to drive themselves if they have access to high-precision maps. The digital material contained in today’s navigation systems is not enough. To be able to drive itself safely, a car needs to know its position on the road down to the centimetre. "
It's integral to a certain class of self-driving cars. Waymo relies on centimeter-level mapping of the environment, and sure, could not possibly operate without a map. The car establishes its exact environment in the world using the maps, and I presume then looks for things then in that environment to track.
Comma.ai, on the other hand, feeds their AI the camera feed and the sensor signals from the car, and it responds, as far as I know, almost entirely based on that stimulus. Of course, Comma.ai's car is presumably less predictable, it relies on a black box to "think", but you could feed it the general concept of what path to take from A to B, even a set of waypoint GPS coordinates of where to turn, and hypothetically, such a car could navigate to that destination otherwise offline, or with the grade of maps reasonably available offline. It's intended to drive like a human drives: Based on the information it perceives in the world around it.
Comma.ai doesn't appear to have cars that even approximately drive themselves (it's got adaptive cruise control, sure, but so does every car company now). It has a camera. Sure they have a proposal to not use maps, but they don't have a result.
For me it would be I only want my vehicle to update when I say so on a network I trust that is probably firewalled. I would prefer this rather than my car updating OTA via someone else's wifi or even the cellular network. This would reduce the risk of a hostile actor taking control of the vehicle when you are most vulnerable. When you're actually driving it.
In a similar way I want an assistant in my phone, but I don't want it to be internet connected either. It's going to know the most personal things about me so I want absolute discretion.
Do you really need AI though? I am using a simple branching tree structure for commands and queries I know I want, and since it's for my use I already know those commands, and they tend to match my conversational style to begin with.
For the purposes of outside knowledge queries you might not be able to come up with in advance, there's good cause to outsource those rare requests out to the Internet: Just do it intelligently. Require a prefix instruction for an outside request.
For instance, I went ahead and implement Wolfram's API for knowledge queries. They have a great "spoken answer" endpoint, which replies with a string meant to be piped straight to speech output. So I "ask wolfram how tall abraham lincoln was", my program hands everything AFTER "ask wolfram" to the Wolfram API, and Wolfram's API gives me a string back with exactly what I asked.
Now sure, I'm not entirely offline at that point, but everything regarding my personal data, home automation devices, etc. is under my control, and any time I reach out, it's specifically using a command authorizing it to do so.
Of course, caveats before you think my project sounds impressive: A. It's written in Visual Basic. B. Speech recognition isn't working (yet).
Old Microsoft Speech API would be a good fit here. I miss it. Back in 2007 I made myself a voice control interface for changing music playback. Trainable, completely off-line. Worked like a charm.
Well, that's the point of the article: "connected" is a spectrum, not a binary option. Iranian centrifuges weren't "connected", and yet the virus destroyed them.
Specifically, look in the article:
>First allow me to address what I think won't work:
I understand your concern but right now 30k Americans die in car accidents. Will (potentially) hackable self-driving cars be any more dangerous than today? If you're that concerned about being involved in a car crash it seems to me that you should never leave the house.
The issue isn't the 30k people dying in one set of crashes. It is the systemic issue caused if all of our transportation and shipping capacity went offline at the same time as all ICE refuel capacity in a nation was taken offline at the same time.
If that happens, car crashes aren't the problem - it's the widespread famine that follows in a week's time.
It's not even the tinfoil-hat issue, it's standard emergency issues. Think of the damage a hurricane does to wide swaths of coastal land. Think of being trapped in Napa last fall during the firestorms. Think of a bad blizzard or a lucky lightning bolt to the right transformer. At least once a year, I think there is a sizable portion of the US population, let alone world population, that needs unconnected emergency ready transport in under 2 days notice. Expecting people to pay $30k+ for a car and not have that baked-in is a no-go.
This is why I think it's crazy that AT&T is trying to take down all their copper POTS lines which have traditionally been seen as an important asset in a regional emergency.
Potentially, yes. Instead of 30k spread across one year, the very possible opportunity for 30k in one mass-hack exists. I will defer to others to debate this. Perhaps financial regulators, safety departments, transportation regulators, insurance companies, etc. This is a very complex topic that would quickly turn into banter here. Everyone will have to decide for themselves the risk factors as it pertains to them.
> the very possible opportunity for 30k in one mass-hack exists
It's fortunate that terrorists are both very incompetent and very low in number. How else do you explain the fact that there's been exactly 1 very serious and successful foreign terror attack on US soil (the highest value target in the world) in the past 50-ish years?
Currently there's the very possible opportunity of a power grid/infrastructure attack that could kill tens of thousands. But nobody should be truly worried about it.
Terrorists just aren't that good at what they do. Why would they somehow be better at hacking cars than they are at anything else?
Most news organizations report on foreign and domestic terror differently. When the average American thinks of a terrorist it isn't a white guy with a U-Haul.
Terrorists? Try 12 year old angst filled kids that get bullied in school and/or at home. How many 10 to 17 year old angst filled kids have access to the internet?
That's 30k potential deaths compared to 30k deaths right now, every year. If terrorist attacks on cars killed 20k/year it would still be much safer than our current situation. We should mandate that every vehicle death be broadcast on the front page of every national media outlet[1]; that might change our perceptions.
I contend that 40 years from now our grandchildren will be astounded that we got into such dangerous vehicles before self-driving cars.
Crash all the self-driving ambulances, crash all the gasoline tanker trucks, crash all the trucks that ferry containers out of ports. You might not kill many people today, but when there's no shipping and no ambulance service people will start dying.
If you wanted to really disrupt society you don't need this level of sophistication or a lot of cash. A few thousand $ and a couple of months preparation time would be more than enough. Keep in mind that destruction and creation are extremely asymmetrical when it comes to the level of effort required.
Facetiousness aside, this is where I hope car crashes would get to. They should be so rare that they do make the local news. They should be so rare we can treat them like airplane crashes and investigate each case to the same degree.
> I understand your concern but right now 30k Americans die in car accidents.
And a few thousdand died on September 11th, nearly 20 years ago. The collective fear from that made the world a far worse place than the actual death toll. If there's a terrorist attack that targets internet connected cars, what do you think the collective reaction might be?
You'll have a much easier time not owning a car that can talk to the internet if you stay in the city. I currently walk, bike, and take public transit. I could not do that if I moved out of the city.
Unpopular? Isn't this the take-away from the article?
I thought that the article taught me nothing new at all, but then realized it did: it taught me how little the issue is understood by the regulators.
I'd say that an attack like that is just a matter of time, if I didn't think that a mass-destruction scenario that leads to a legislative change wouldn't happen sooner due to a bug.
I'm sure you're aware of this, but for others, the ODB-II port generally connects to completely insecure internal networks - so anything that physically connects to it may compromise it.
Yup, and some insurance companies are convincing people to connect a cell phone fob to their OBD-II in exchange for lower insurance rates. In exchange, they have access to your cars computer, GPS coordinates, basically anything you do, they track. That also puts your CANBUS on their network.
