this post was submitted on 19 Apr 2024
695 points (98.1% liked)

Technology

59534 readers
3183 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] deranger@lemmy.world 13 points 7 months ago* (last edited 7 months ago) (17 children)

I’m saying upgrade what it’s considered to recall. No OTA hot fix, car goes back to the shop. A proper recall just like any other recall. A software issue is just as dangerous as a hardware issue for something like an accelerator pedal. To be clear, this isn’t Tesla hate, this is modern “sell unfinished products” hate. I’d say the same thing for any other manufacturer.

If the blinker pattern needs to be updated, that’s fine for OTA in my opinion, and shouldn’t be a recall. Problems with the accelerator, brakes, steering, anything safety critical - nah. Recall for that, proper recall.

[–] DoomBot5@lemmy.world 1 points 7 months ago (16 children)

Recalls still require the customer to take action. They're much less likely to go into the shop to have it fixed than press a button on their phone and have the car fix itself overnight.

Your suggestion for not allowing safety software fixes OTA is dangerous.

[–] fubo@lemmy.world 20 points 7 months ago* (last edited 7 months ago) (15 children)

Other way around. Unsupervised OTA updates are dangerous.

First: A car is a piece of safety-critical equipment. It has a skilled operator who has familiarized themselves with its operation. Any change to its operation, without the operator being aware that a change was made, puts the operator and other people at risk. If the operator takes the car into the shop for a documented recall, they know that something is being changed. An unsupervised OTA update can (and will) alter the behavior of safety-critical equipment without the operator's knowledge.

Second: Any facility for OTA updates is an attack vector. If a car can receive OTA updates from the manufacturer, then it can receive harmful OTA updates from an attacker who has compromised the car's update mechanism or the manufacturer. Because the car is safety-critical equipment — unlike your phone, it can kill people — it is unreasonable to expose it to these attacks.

Driving is literally the most deadly thing that most people do every day. It is unreasonable to make driving even more dangerous by allowing car manufacturers — or attackers — to change the behavior of cars without the operator being fully aware that a change is being made.

This is not a matter of "it's my property, you need my consent" that can be whitewashed with a contract provision. This is a matter of life safety.

[–] loobkoob@kbin.social 8 points 7 months ago (1 children)

If a car can receive OTA updates from the manufacturer, then it can receive harmful OTA updates from an attacker who has compromised the car’s update mechanism or the manufacturer.

There's potential for a very dystopian future where we see people assassinated, not via car bomb but via the their cars being hacked to remove braking functionality (or something similar). And then a constant game of security whack-a-mole like we see with anti-virus software. And then some brilliant entrepreneur will start selling firewalls for cars. And then it'll be passed into law that it's illegal to use a vehicle that doesn't have an active firewall/anti-virus subscription.

It almost feels like the obvious path things will go down. Yay, capitalism...

I'm not totally opposed to software being used in cars (as long as it's tested and can be trusted to the degree mechanical components are) but yeah, OTA updates just seem like a terrible idea just for a little convenience. I'd rather see updates delivered via plugging the car in (and not via the charging port - it would need to be a specific data transfer port for security reasons). Alert people when there's an update, and even allow the car to "refuse to boot" if it detects it's not on the latest version. But updates should absolutely be done manually and securely.

[–] fubo@lemmy.world 6 points 7 months ago (3 children)

Cutting someone's brake lines has been a means of assassination for a while. What's new here is that it could potentially be done remotely, e.g. an attacker in Bucharest targeting a victim in Seattle on behalf of a payer in Moscow.

[–] FarceOfWill@infosec.pub 3 points 7 months ago (1 children)

Remotely at scale.

So yeah you could assassinate someone like that, or you could break every cars brakes at once and have thousands of simultaneous car accidents timed during some other infrastructure attack

[–] aesthelete@lemmy.world 2 points 7 months ago

This reminds me of the movie "Leave the world behind" from last year.

[–] dual_sport_dork@lemmy.world 2 points 7 months ago* (last edited 7 months ago)

And at any time.

Cutting someone's brake lines is all or nothing and can't be done while the vehicle is already in motion. Anyone who is not an idiot will hopefully notice as soon as they start driving that there's something wrong with the brakes. But you could brick somebody's car remotely and without warning while they're taking a curve on the interstate at 80 MPH, and that'd be a lot more problematic.

In reality, few to no people outside of novels and Hollywood have actually been killed by some malefactor "cutting their brake lines."

load more comments (13 replies)
load more comments (13 replies)
load more comments (13 replies)