Wednesday, March 28, 2012

I will never own a car that contains this

Automated driving capability:
Advanced driver assistance systems can offer remedies. On the one hand they can support the driver in demanding and difficult situations and on the other hand develop room for freedom during monotonous driving situations which are often accompanied by the risk of decreasing attention. Especially the latter is a potential field of application for highly-automated driving. Continental, the international automotive supplier, has now completed a two-week endurance test in the US state of Nevada. More than 6,000 miles of highly-automated driving on public roads in Nevada were completed and had the aim to show that it becomes possible to develop room for freedom for the driver which does not serve primary vehicle guidance and therefore provide the driver a welcome change in certain situations. Especially aspects of driving safety were evaluated. Nevada is the first US state to explicitly permit automated driving on public roads.
In other words, the computer drives the car so that you don't have to.  This is a spectacularly bad idea - so bad, in fact, that I don't just refuse to drive a car that has this.  I won't own one.  And you shouldn't either.

There are the magic five words that explain why: the computer drives the car.  It's a guarantee that this prototype has precisely bupkis in terms of computer security.  After all, it's a prototype, proving the concept is viable.  Functionality is everything, the threat is diffuse - how would anyone hack it, when it's a one-of-a-kind?  And anyway, there's always time to add security when you go to production, right?

Riiiiight. [rolls eyes]

Or maybe leverage the outstanding security in the car computer networks that lets someone pwn your brakes and throttle wirelessly as you cruise on down Route 66?



Fail.  But that's not the worst of it.  Yeah, it's bad when the Bad Guys can take over your car and drive you wherever they want.  So what's worse?  Imagine what happens when they can do that to 5% of the cars at rush hour.  It takes almost nothing to jam up the commute - rush hour is essentially a super saturated solution, running across the highways.  Introduce any perturbation, no matter how small, and the solution crystallizes, with speeds dropping asymptotically towards zero.  The highways become, as the French like to describe it, bouchée: corked.

Now imagine an "Occupy Beltway" movement ten years hence.  They release a Press Release saying that they're going to shut down the rush hour at the top 25 US cities.  As proof, they will shut down traffic on the Washington Beltway later that afternoon.  Everyone's already at work; there's no way to get home, or avoid going into the office.  You're already there.  And a dozen #OccupyBeltway cars are already waiting, circulating I-495, loaded with laptops and wifi and specialized 'sploits that will make the newfangled cars go out of control and crash.

One crash slows Springfield, VA to a crawl.  Three dozen crashes around the entire beltway shuts the entire system down.

After the mayhem, they release a Youtube video, where masked H4X0rz say that New York City, Los Angeles, and the rest are next.  The roads belong to #Occupy, and they will be releasing a list of demands shortly ...

Like I said, this is simply staggering Epic Fail.  I hate to say it, but the Department of Transportation should forbid it on public highways until the manufacturers can demonstrate to the National Computer Security Center that the system's security architecture isn't carefully crafted from Moonbeams and Cotton Candy.

Yeah, I thought so.

Like I said, I'll never have one of these in my garage, and you shouldn't either.  Gives new meaning to getting your kicks on Route 66.



Hat tip: The Antiplanner.  I would have left a comment over there, but you have to be logged in to do it.  Helpful protip: if you make me log in to comment, and I can't because I don't have an account, you don't get the comment.  Srlsy.

16 comments:

  1. I always figure that a computer-driven car will put you in this scenario, although perhaps not quite so dramatically.

    ReplyDelete
  2. You don't have to own one, the other cars sharing the road with you will have it. Kind of like, whatever security you have on your computer, what about all the other systems on the network?

    ReplyDelete
  3. Bring it on Sky Net...I'm ready and waiting.

    ReplyDelete
  4. You already do.....

    On most cars it's called Cruise Control and Anti-Lock Brakes, add "Stability Control", "assisted steering", "Parking assist", GPS Navagation etc. Most of the Drive-by-Wire compoments are already in the cars, they just need to provide higher levels of "assistance". In many cases it's a good thing since most of today's drivers have only a passing knowlege of how to actually control thier car in an emergency manunver anyway.

    ReplyDelete
  5. I already decided I don't want autopilots in anything the general public can operate. Automated systems can't anticipate what a random biological system (i.e. a human being) will do. And you KNOW that even if autopilots are made mandatory for safety reasons (for the children, of course) some enterprising idiot with a cutting torch will disable it anyway. Then go crash into a school bus.

    That's also what scares me about flying cars. I don't want anybody to have one except me.

    ReplyDelete
  6. Dave, I love that rule: "nobody should ever have one except me."

    LOL.

    ReplyDelete
  7. And Bob, yeah that's exactly what I'm worried about.

    ReplyDelete
  8. Let's be honest and practical about the threat, though.

    They could accomplish *exactly what you state* **RIGHT NOW** by simply getting on the respective highway with one car in each lane. Maybe an extra car for the breakdown lane.

    Get these cars going 5MPH and the same end result happens...

    ReplyDelete
  9. BP: I confess I stole that line from Robert Lucky, former corporate VP for research at Bellcore. In his book Silicon Dreams he talked about advances in communication technology that would make us accessible anywhere in the world. (This was in the 1980s when cellular technology was just starting to take off in the U.S.) In the introduction to his book Lucky said he'd love to have a phone that went everywhere he went. But he wanted to have the only one, because if everybody had a phone all the time they'd all be trying to call him all the time.

    ReplyDelete
  10. Why I don't like to fly in an Airbus, who knows what's really happening in the cockpit - the Mile High All the Time Club...
    That being said, Nevada is perfect, it's am empty state full of desert-sky crazies who put the pedal to the metal and hammer across the sagebrush.

    ReplyDelete
  11. They can't even make an automatic transmission that shifts when it is supposed to and doesn't shift when it isn't supposed to. How the hell are they thinking that they can make a computer control the whole car when they are still struggling with shift points?

    ReplyDelete
  12. In the incredibly broke states of America, the Smart Highway system has a very strong argument for it. It's cheaper in tax money to modify the roads to allow cars to navigate it easily (say, bury big magnets every 50 yards on the interstate) than it is to build new lanes on the interstate. Last numbers I saw were like 1/10 the cost. That means strong pressure for autonomous cars (or at least semi-autonomous).

    Having designed control systems, it doesn't bother me in the least to say I can make a car drive better than any human. As a user of technology, I have no problem saying you're 100% right and the system will be destructively hacked unless it's so secure drivers can't use it (login with a long passphrase to use your car?)

    Who said, "I read all those sci-fi stories in my youth and all I got was this lousy dystopian future"?

    SiGraybeard@work.

    ReplyDelete
  13. "The roads belong to #Occupy, and they will be releasing a list of demands shortly …"

    So, what you're saying, is that the various Occupy movements will finally tell everybody what they want? I guess something would come of such an event then.

    ReplyDelete
  14. "And anyway, there's always time to add security when you go to production, right?"

    If security is something you "add", then it's not security, it's voodoo. Real security is part of the architecture, and thus a prototype without security will necessarily lead to a product which is not secure, no matter how many "security" features have been bolted onto it in the meantime.

    ReplyDelete
  15. So if you are technically savvy serial killer you could get your prey to come to you. The height of convenience.

    ReplyDelete
  16. You don't have to own one, the other vehicles giving the street with you will have it. Type of like, whatever protection you have on your pc, what about all the other techniques on the network?

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.