On 9/27/2015 7:11 PM, Uncle Monster wrote:
On Sunday, September 27, 2015 at 4:26:33 PM UTC-5, Don Y wrote:
On 9/27/2015 2:15 PM, Uncle Monster wrote:

Well hell, the only vehicles left running after the coming EMP attack
will be diesels with the simple mechanical fuel delivery and engine
controls..

I don;t worry about an EMP -- I suspect I will have more pressing concerns
in that case than worrying about a vehicle!

The problem with the architecture of many car control systems is they
don't physically (or even logically) partition subsystems so that a
compromise of one can't compromise the others!

E.g., most "hacks" access the car's control infrastructure through the
entertainment/navigation systems -- things that should have no reason for
*talking* to the brakes, engine controls, steering, etc. Yet, because
this wasn't accurately considered as a potential attack surface during the
design, there are no/few precautions to protect against such attacks after
the fact.

This is the sort of naive thinking (full of unspoken ASSUMPTIONS) that
leads to big-time problems down the road.

By way of a different, though similar, example, most businesses employ
firewalls to "keep intruders out". They block INBOUND connections to the
machines *inside* their firewall.

But, they ignore the fact that a machine *inside* the firewall can
(typically) initiate a connection to damn near any other machine *outside*
the firewall. And, once that connection is (intentionally) established --
by malware -- the inside machine is now *past* the firewall yet under the
control of some outside entity.

Ooops!

I must state that I'm not a conspiracy nut, just a regular nut. I've noticed
a pattern over the years of the intrusion of technology into every aspect of
the lives of people. People are willingly giving up privacy and control of
their lives to new technology which in turn can allow government to control
people. Do as you're told or government will turn off your car, travel, ID,
money, computer, phone, housing, utilities, benefits, health care and
anything else a government gets its hooks into.

People are primarily turning over control to *corporations*. Those folks
have LESS constraints on what they can do with that than the gummit. And,
they represent convenient "one stop shopping" for the spooks to go
poking around with a secret writ -- so you (ALL!) have no idea that a
search is even under way!

Basically, people are
falling all over themselves to give the government the ability to take away
their rights, freedom and liberty at the push of a button.

Blame much of this on the Patriot Act: "Oooo! Protect me from the bad guys!"

If a government
can easily take something from you, a run of the mill criminal can do the
same.. I'm sure others have noticed a pattern of government using new
technology to exert control over the lives of a citizenry who're are
completely oblivious to it. Geez! o_O

The problem is more fundamental than conspiracies.

With increasing levels of technology, more things are economically
feasible. E.g., when the PSTN was largely an analog device, a
wiretap required physical access to the wires servicing the individual
in question. Once the PSTN went digital, that "voice" is now just
so many "bits" on a virtual circuit. Additional virtual circuits
can be created at will -- no "wire" involved. So, calls from any
number of "taps" can be routed to anyone, anywhere for free.

Electronic funds transfers make it easy for folks to observe where
monies are being moved. Previously, you had to watch a "paper
instrument" (treasury notes, cashier's checks, etc.) make a
physical journey to know the actual recipient.

When "communications" were written on sheafs of paper and
encapsulated in envelopes that were physically transfered
from sender to recipient, you had to physically intercept those
transfers to see what was being said. And, be aware of EVERY
means by which those transfers could take place (USPS, FedEx,
courier, etc.). With email, they're just bits that can
clandestinely be copied and routed to alternative locations.
No need to examine an envelope to see if it has been tampered with!

When a mechanical linkage connected the gas peddle to the
throttle, you had to exert physical force on that linkage,
at some point, in order to influence the vehicles speed
(indirectly). When the accelerator is just a position *sensor*
that feeds "data" to a computer, then anything that can spoof that
data can pretend to be the accelerator.

The folks making these design decisions are also blissfully
ignorant/unconcerned with these possibilities -- or their consequences!
That's where the vulnerability creeps in.