My PCM updated yesterday

[irrelevant]

I invite you to check out Pwn2Own cybersecurity competitions. Most of the hacks used there are kept secret for only a few weeks, after which, any script kiddie can download a working proof of concept which they can use to hack your devices. This is in part to motivate manufacturers to fix their shit asap. If you don't apply the fix, it's all on you if your devices are comprimised.

Here is a link to an overview of the freely available security vulnerability database for all kinds of software:
https://www.cvedetails.com/

Who cares if they hack into my car? What's the worst they can do...change my seat position? Disable regenerative braking? Command the throttle to go wide open?

No doubt I'm going to upset someone with this, but why TF can't software people build properly robust products from the start? Why is everything with a computer in it already broken when I buy it? Why is it acceptable to build a half-assed product, then push it out with the intent to fix it later?

It's probably best to keep them away from things that actually have to work correctly i guess...like commercial aircraft. Oops - too late for that. Thanks Boeing.

Sponsored

 

[f1eng]

No doubt I'm going to upset someone with this, but why TF can't software people build properly robust products from the start? Why is everything with a computer in it already broken when I buy it? Why is it acceptable to build a half-assed product, then push it out with the intent to fix it later?

Easier said than done.

I’m not an IT professional but have been using computers in my work for decades, the first code which made me money was from 1971, and I look at it this way:

Every country has greater or lesser amounts of crime, despite their having laws and law enforcement departments.

The internet OTOH has almost no regulation and, in any case, no effective “police”.
So I always assume the internet is a dangerous place rife with crime and misinformation, because it is. A connected car has access to some of your info which may help a criminal to rob you.

The internet was so much better when only reasonably astute computer savvy people used it, IMHO.

 

[irrelevant]

Easier said than done.

I’m not an IT professional but have been using computers in my work for decades, the first code which made me money was from 1971, and I look at it this way:

Every country has greater or lesser amounts of crime, despite their having laws and law enforcement departments.

The internet OTOH has almost no regulation and, in any case, no effective “police”.
So I always assume the internet is a dangerous place rife with crime and misinformation, because it is. A connected car has access to some of your info which may help a criminal to rob you.

The internet was so much better when only reasonably astute computer savvy people used it, IMHO.

I figure worst case they get a credit card number. That's easy enough to correct, and given the US has some of the highest interchange rates in the world, I'm not going to lose any sleep over Visa having to eat a few fraudulent charges.

 

[whitex]

Who cares if they hack into my car? What's the worst they can do...change my seat position? Disable regenerative braking? Command the throttle to go wide open?

The last one, full throttle acceleration into your living room while your car is in the garage might be slightly undesirable, especially with a car as powerful as Taycan Turbo, no? There are other things, brakes can be disabled, steering can be highjacked, more sophisticated hacks can for example turn pedestrian avoidance feature into pedestrian targeting feature (when pedestrian detected, full throttle into them). Less lethal, bricking your car, perhaps with the horn blaring, starting at 3am, or holding the for ransome (won't turn on until you pay). Lots of possibilities, some of which for profit, others as a terrorist attack, other terror for profit (imagine the stock price of Porsche the next morning after a thousands of hacked Porsches accelerated full throttle in the middle of the night while parked). If you really want to be paranoid, the camera system could try to identify specific targets to drive into. Here is a little demonstration of what some hackers did to a Jeep in 2015, completely remote (could be someone sitting in front of a computer on the other side of the world). Today's hacks can do way more, since cars have more autonomic features, more cameras, etc.

No doubt I'm going to upset someone with this, but why TF can't software people build properly robust products from the start?

If you figure out how to do that, you can swap your private plane without a relief tube for a Gulfstream 650ER with a full bathroom, or a fleet of them, you know, keep one at every airport where you might want to drive your Taycan to. You'll probably also be able to buy Tesla, take it private, and make the car of your dreams while you're at it.

The software issue with security are very complex. At the very surface level, you can ask why can't someone build a safe which cannot be cracked, a bank which cannot be robbed, a fortress which cannot be conquered, etc. Every time you make something more secure, the attackers find new ways to hack in. Also, the more complex the system, the more imperfections, or "cracks" there are in the software, which can be exploited. Again, if you find a way to write perfect software, there are billions, if not trillions, of dollars to be made.

It's probably best to keep them away from things that actually have to work correctly i guess...like commercial aircraft. Oops - too late for that. Thanks Boeing.

Boeing? Airbus was fly-by-wire way before Boeing. Pretty much every commercial jet today is full of computers.

 

[dtich]

While all these scenarios are potentially real, I think the more likely attack vectors where car hacking is concerned will be remote bricking for ransom, and clandestine tracking for theft and or kidnapping or worse. These are the reasons to keep your security locked down. Not silly things like blaring the horn in the middle of the night.

 

[whitex]

While all these scenarios are potentially real, I think the more likely attack vectors where car hacking is concerned will be remote bricking for ransom, and clandestine tracking for theft and or kidnapping or worse. These are the reasons to keep your security locked down. Not silly things like blaring the horn in the middle of the night.

I wonder what a take rate would be for a attack where your car starts honking at 2am, with the screen asking for a payment of $40 to stop.

 

[irrelevant]

The last one, full throttle acceleration into your living room while your car is in the garage might be slightly undesirable, especially with a car as powerful as Taycan Turbo, no? There are other things, brakes can be disabled, steering can be highjacked, more sophisticated hacks can for example turn pedestrian avoidance feature into pedestrian targeting feature (when pedestrian detected, full throttle into them). Less lethal, bricking your car, perhaps with the horn blaring, starting at 3am, or holding the for ransome (won't turn on until you pay). Lots of possibilities, some of which for profit, others as a terrorist attack, other terror for profit (imagine the stock price of Porsche the next morning after a thousands of hacked Porsches accelerated full throttle in the middle of the night while parked). If you really want to be paranoid, the camera system could try to identify specific targets to drive into. Here is a little demonstration of what some hackers did to a Jeep in 2015, completely remote (could be someone sitting in front of a computer on the other side of the world). Today's hacks can do way more, since cars have more autonomic features, more cameras, etc.



If you figure out how to do that, you can swap your private plane without a relief tube for a Gulfstream 650ER with a full bathroom, or a fleet of them, you know, keep one at every airport where you might want to drive your Taycan to. You'll probably also be able to buy Tesla, take it private, and make the car of your dreams while you're at it.

The software issue with security are very complex. At the very surface level, you can ask why can't someone build a safe which cannot be cracked, a bank which cannot be robbed, a fortress which cannot be conquered, etc. Every time you make something more secure, the attackers find new ways to hack in. Also, the more complex the system, the more imperfections, or "cracks" there are in the software, which can be exploited. Again, if you find a way to write perfect software, there are billions, if not trillions, of dollars to be made.


Boeing? Airbus was fly-by-wire way before Boeing. Pretty much every commercial jet today is full of computers.

Airbus wasn’t worth mentioning, because they’ve always created airplanes where pilots are asking “WTH is it doing now?” I fly them at work. Boeing is relatively new at attempts to dumb down their product, in order to expand the pool of potential operators.

Just because some person “might” be able to do something, doesn’t mean they will, or there’s benefit in doing so, or that they will specifically target any one of us. I’m not that paranoid. It’s far more probable that the lithium ion battery in the Taycan will catch fire while parked in the garage, and burn our house down, than any of the potential scenarios you mentioned, and I’m not losing any sleep over that.

I should probably consult the owner’s manual, or service manual, to learn where the 12v battery is, and how to manually access it, because I am intelligent enough to figure out how to disable a horn if necessary. I’ve had to do that in the past on other vehicles I’ve owned, when a horn failed in the “on” position. ?

 

[whitex]

Just because some person “might” be able to do something, doesn’t mean they will, or there’s benefit in doing so, or that they will specifically target any one of us. I’m not that paranoid. It’s far more probable that the lithium ion battery in the Taycan will catch fire while parked in the garage, and burn our house down, than any of the potential scenarios you mentioned, and I’m not losing any sleep over that.

You are correct that you personally being targeted is a low risk. A bigger risk is if a vulnerability is made public, that someone attacks any and all cars they can find on the internet. I remember there was a demonstration done by a security researchers a few years back where he installed brand new Windows and Linux installations on brand new computers - using a year old version of those operating systems, and connected them to live internet (no network firewall outside the computers). They were both infected with a computer virus within one hour. Nobody targeted his machines specifically, they were just "discovered" on the internet. Welcome to internet connected devices.

I should probably consult the owner’s manual, or service manual, to learn where the 12v battery is, and how to manually access it, because I am intelligent enough to figure out how to disable a horn if necessary. I’ve had to do that in the past on other vehicles I’ve owned, when a horn failed in the “on” position. ?

Probably a good idea, not just for when you get hacked, but for when the Taycan computers need a complete restart.

Sponsored