[SystemSafety] Hackers take over *control* of a car wirelessly
Matthew Squair
mattsquair at gmail.com
Wed Jul 22 03:14:16 CEST 2015
If someone can seriously think that updating hospital drug pump firmware
via the interwebz is a 'good idea' I think there's minimal likelihood of a
good flogging in the town square happening anytime soon.
http://criticaluncertainties.com/2015/06/23/all-your-drug-pumps-are-belong-to-us/
Matthew Squair
MSysEng, MIEAust, CPEng
Mob: +61 488770655
Email; Mattsquair at gmail.com
Web: http://criticaluncertainties.com
On 22 Jul 2015, at 10:45 am, Heath Raftery <heath.raftery at restech.net.au>
wrote:
On 22/07/2015 3:44 AM, Martyn Thomas wrote:
On 21/07/2015 18:27, Tom Ferrell wrote:
Stating the obvious, but isn’t there an aspect of this that goes
something like, “Just because we can doesn’t mean we should.” To me,
there is a fundamental engineering ethics question that comes into
play when people start talking about the ‘Internet of Everything.’
When someone postulates hooking two systems together that always
before have been physically separated, engineers have a moral
responsibility IMHO to inject themselves firmly and fully into the
benefits vs. risks discussion with a strong bias of when in doubt, don’t.
That sounds like excellent advice, but if I'm happy to connect A to B
and B to C, and you are happy to connect X to Y and Y to Z, whose fault
is it when Peter connects one of (A,B,C) to one of (X,Y,Z) and something
bad happens?
The general philosophical arguments are worth having, but doesn't this
particular case offer a more direct argument?
If you're the one that connects cellular to CAN (via whatever paths already
exist), you ought to be shot, stripped and jailed for gross negligence,
*before* there's even an accident caused.
I'm flabbergasted that Chrysler could have released a vehicle where that
electronic link even exists. No "great new feature"(TM) warrants such a
gaping hole that would get every hacker from here to hell tapping away at
the new door. There is zero evidence that anyone has ever designed a robust
enough system that you could honestly connect the two and claim it safe.
All the "great new features" that are on the horizon can be achieved
without making that link - updates over the air, Internet connected
entertainment, vehicle location, etc. I see no excuse.
Heath
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20150722/8c44d63d/attachment.html>
More information about the systemsafety
mailing list