On Sep 27, 2011, at 4:32 PM, Roland Bless wrote: > Hi, > > On 27.09.2011 17:54, Warren Kumari wrote: >>> That doesn't mean all the systems within the car need to speak to >>> the outside world. The engine thermometer doesn't care about >>> traffic or the location of the nearest train station. >> >> True, but increasingly automotive telematics are being used / folk >> want to be able to allow your vehicle to poke the dealership and >> report that something is wrong / marginal, and then parameters can be >> adjusted on the fly[0]. Wouldn't it be cool[1] if the thermometer >> could report to the nearest dealership that the engine is overheating >> and the dealership could use this information when you come in to >> diagnose the issue (or, more likely, invalidate your warrantee :-0)) > > Remote diagnosis is only one potential application, but > you have to distinguish between the internal network and > external communications. Remote diagnosis is usually only > allowed by certain authenticated and authorized trustworthy > parties, e.g., the manufacturer. As already pointed out, > we will get a lot of services that depend on the Internet. > However, these should not endanger the safety of the car. > >>> It just needs to tell the dashboard its current read-out. I >>> presume those are the kinds of systems the OP was referring to. >> >> Yes, and I think that many of the responses come from folk who have >> seen the same thing claimed about all sorts of things -- and then >> very soon after that seen those same thing connected to the 'net. For >> example, my home thermostat and garage door opener both speak IP. >> When I initial installed them I never figured I'd want them >> accessible from anywhere other than locally... but it turns out that >> I do... > > IMHO unexpected connectivity of internal devices with the Internet > is a safety and security nightmare. You definitely don't want that. > However, some manufacturers already consider open programming platforms > and an app-based model for some parts of the car, e.g., installing > additional apps on the head unit. Even if they have only restricted > access and are treated as untrusted, I think that it will not take long > until we will see the first exploits on such a platform... >
Did you follow the link in my earlier email[0]? : Comprehensive Experimental Analyses of Automotive Attack Surfaces -- http://www.autosec.org/pubs/cars-usenixsec2011.pdf And a vide of same (well worth watching) from USENIX Security: http://www.youtube.com/watch?v=bHfOziIwXic It's already happened... W [0]: Snarky tone not intended... > Regards, > Roland > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------