Just why are these systems not air-gapped?
Why oh why?
Anyone driving about in a new Jeep Cherokee should update its software: at the moment the car's brakes and engine can be remotely controlled by anyone with an internet connection. This update might not sound particularly important, but trust me, if you can, you really should install this one. pic.twitter.com/qhTCrBIho8 — …
"Just why are these systems not air-gapped?"
Difficultly, laziness, and convenience. The radio wants to know how fast the car is going to adjust the radio volume and the radio also wants to connect out the world to stream music and/or get cd info. The satnav connects out to get traffic data and accident alerts. Building all that in (let's not discuss the merit of some of that, just accept that some people want it) means air-gap doesn't work. Apparently there are gateways and IDS for CANBUS, but that's where laziness and cost come in.
My car does most of the above functionality via bluetooth over a smartphone app; I'm not sure if that's better or worse. I'd lean towards better, as I can always cut the link via my phone.
"It's just a bad, cheap design."
No, it's software engineers. When all you have is a hammer, everything looks like a nail.
Why would a software engineer even consider adding extra microphone hardware when s/he can just tap into the engine ECU and read the rec counter?
There's too much specialization and not enough cross pollination between disciplines.
"to automatically boost the volume as speed increases. to overcome road noise"
That "road noise" is actually good, it needs to be heard by the driver, someone should remind the auto manufacturers that hearing the engine and being aware of the world outside the car is a vital part of driving.
Why is road noise that important unless you're driving like a complete bellend in an old "V-Tec just kicked in yo!" Honda Civic or some other ridiculous "I think I'm in The Fast and the Furious" motor on the public highways?
And engine noise? My car, even though it is a diesel, makes barely any engine noise (from inside at least!) at the best of times and its pretty much silent when cruising at a steady speed.
Road noise is important because you are aware of what's going on around you, you can hear the motorcycle or cyclist you just ran over and didn't noticed, or the person behind you trying to get your attention because your car is leaking fluids or has a flat tire, or hear the train comming on the train crossing you are about to cross, and so on; and it's important to hear the engine to make proper gear changes on manual cars, also, the engine tells you if something is wrong when it makes an unusual noise.
As a car driver you are operating a machine that needs your attention, isolating the driver from the machine is a bad, you are operating a dangerous machine, it requieres all your senses, you are not sitting on a sofa in your living room listening to your favorite music, sipping coffee and smoking a cigar like car manufacturers want you feel like when driving, pay attention to the damn thing.
What a load of absolute bollocks! So according to your little list deaf people shouldn't really be driving?
"you can hear the motorcycle or cyclist you just ran over"
Being able to hear them once you've ran over them is a little bloody late! Correct use of mirrors and proper observations, like you should be doing anyway can prevent harming anyone that isn't doing their very best to end up under your wheels themselves.
"the person behind you trying to get your attention because your car is leaking"
Proper maintenance prevents, and regular checks alert you to, those sort of things, that and on-board sensors.
"or has a flat tire"
If you can't tell if your car has a flat tyre then there is something wrong. very wrong. Then again its understandable if you can't feel a deflated tyre in those over-sized wallowing barges you call cars.
"or hear the train coming on the train crossing you are about to cross"
I'm not sure how it works in the States (where I presume you're from given your spelling of 'tyres') but most rail crossing in the UK have some form of physical barrier and/or warning sirens and lights, or sometimes gates, which one has to get out of a vehicle to open. If anyone is dumb enough to cross an open crossing, without turning down their music and making proper observations, then they probably deserve their eventual Darwin award.
"and it's important to hear the engine to make proper gear changes on manual cars"
I don't need to hear the engine to know when to change gears, neither does anybody I know given the preponderance of manual cars over here. If you need engine noise to know when to change gear then its probably best you stick to the auto-boxes you're so fond of that side of the pond.
"the engine tells you if something is wrong when it makes an unusual noise"
Again, proper maintenance and regular checks will prevent this and unless you're driving a properly old shit-box then your car will have a whole array of sensors and warning lights/display that will alert you to the fact that something is wrong long before you "hear" it.
"isolating the driver from the machine is a bad"
Again, in practice, with regards to being able to hear "road noise", what is the difference between having loud music or being deaf? According to you being deaf would similarly be a "very bad thing" when it comes to driving.
"it requires all your senses"
Taste?
"you are not sitting on a sofa in your living room listening to your favorite music, sipping coffee and smoking a cigar like car manufacturers want you feel like when driving"
That may be how cars are advertised over there, not over here.
Your post sound more like a list of your inadequacies as an owner and driver of a "dangerous machine".
According to your logic, it is ok to make a chainsaw with a built in screen where you can watch your favorite show or movie on Netflix when you are cutting a tree, of course as long as it has been given proper maintenance, machines never fail even if they are brand new, just like the Jeep mentioned on the article.
Thank Odin that you are driving on the U.K. and not around here, it gives me a little peace of mind. BTW, no, I'm not from the US, as shocking as it sounds for you, there's a whole world out there with lots of countries aside from the US and the UK with people able to speak english as well (or even SEVERAL LANGUAGES!!).
"" The radio wants to know how fast the car is going to adjust the radio volume and the radio also wants to connect out the world to stream music and/or get cd info"
But why does the radio need to be able to control the speed?"
More importantly, why does the radio want to adjust the volume in the first place? My radio, and every other than I've ever seen, has a volume control. If I can't hear my music well enough, I turn the volume up. There is no reason I would ever want the radio to adjust the volume itself. Especially since my phone constantly tries to adjust the volume automatically and does a fucking terrible job of it - apparently I might damage my hearing if the volume is too high, but since it has no idea whether I'm using headphones, speakers, in the car over bluetooth, or trying to forcibly insert the phone into my ear, it has no idea what "too high" actually means yet tries to tell me off anyway. I very much doubt a car stereo will be any better programmed.
So this isn't a case of some useful functionality compromising security due to the connections it needs. It's a completely pointless function of no use to anyone, that also compromises security as an added bonus.
So you can still hear it when you leave town and accelerate to out of town speeds, and conversely, so it doesn't blow your ears off when you get to the next slow spot.
My nearly twenty year old car does it, and it's very useful. One less reason to take your eyes off the road.
In the grand scheme of things, not a massive advance, but it's the little things like it that make me appreciate my car's design.
It's a Volvo by the way.
@ Anomalous Cowturd
Amazing! All that technology to make a radio louder or softer.
I had a Renault where I was able to do that to MY satisfaction, with a very simple steering wheel stalk to control volume, station switching, all without taking my eyes off the road, or my hands off the wheel. It also worked better than the subsequent Mondeo I had, whereby if you pulled the up and down buttons at the same time it instantly muted the radio. Do it again and it unmuted again.
I really don't think you need a bloody computer to do what a couple of switches and your fingers can do - and more accurately as well.
"Never mind air-gapped internally, why are any incoming connections accepted at all?"
But, citizen, you forget that it is essential that the agents of security can remotely neutralise the threat from paedoterrorists and rogue ninjas who might otherwise escape them.
You should not question these design decisions, citizen - they are for your safety..
A few months ago I was involved in a "brainstorming session" for a proposed new product. The product never got into development, but is illuminating about the way some of these products develop - this one too.
In the case I mention, it started off being a simple safety feature for outdoors people. I pointed out the world already has very good, cheap EPIRB/PLBs. Slowly the proposed product grew features: GPS tracking, a Facebook interface that updated your position on a map, a camera to instantly update your friends with photos on your social media...
So in the end we had something that was basically a ruggedised phone without voice but with some extra safety gizzmos that would kill a battery in a day. The PLB I carry has a 7 year battery life. It just lives in my pack. I can forget it is there until I need it.
The proposed device was no longer any good at providing its core service: being a safety device because it was compromised by all the extra crap that had been added. Most of the rainstorming discussion had gone into discussing the feature sets/details of the ancillary functions: how many Mpixel camera? soft keys or a hardkey Facebook button,... The actual core function got little attention.
Exactly the same happens on those massive 20+ function Swiss Army Knives. Each function is poorly implemented and each addition detracts from the core function of being a knife. Having carried a wide range of Swiss Army knives, I now carry an Opinel: a knife that is just a knife: light cheap and very effective.
A product like car infotainment system has a similar genesis. Each added function detracts from the core function of the unit. More effort goes into making the DVD player work than into making the car control work. The need to run Linux or Windows to support the ancillary functions compromises the simplicity and robustness of the core functions.
It is made worse by the chip vendors who provide an infotainment reference design/BSP. Their purpose is just to demonstrate their chip running an infotainment function set. They do not concern themselves with all the serious design issues such as security. The product designers just start with such a reference design and tweak it to make a product. What they should really be doingi s throwing away the whole lot and designing from the ground up.
The IoT industry is heading down exactly the same path. Most IoT devices are just slight tweaks of IoT reference designs.
This industry is not going to improve any time soon.
Because car manufacturers want to be able to upload patches directly to your car when it is parked on your driveway. This will be vastly cheaper than the current system where they have to pay a dealer x minutes during your yearly service to update the firmware, and across the world, those minutes add up. As an example, shaving a 30 seconds off a full vehicle ECU reset saved the OEM I worked for £1/2m per annum in dealer charges.
"Because car manufacturers want to be able to upload patches directly to your car when it is parked on your driveway."
Irrelevant.
Manufacturer does not need to send connect request to car for that, update app on car can send periodic connect request to manufacturer. Update app on car can have restricted capabilities too, if required and sensible (and why wouldn't it be sensible).
Next.
with all the bells and whistles for limited functionality applications?
It would not surprise me at all to learn that like with IoT devices, computerised cars are loaded down with tens of megabytes of code which serves absolutely no useful purpose except to provide an expanded attack surface for potential miscreants.
Recall this old joke?
Windows 95/98, (n): 32 bit extension and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprossessor, written by a 2 bit company that can't stand 1 bit of competition.
This joke is why black hats have such an easy job.
I won't be buying any car without an air gap.
That's the air gap between the engine and the mechanically operated clutch. I'd far rather that there's also no possible control of the steering, gearbox or brakes by the computer. Failing which, they must at most be servo-assisted with mechanical override possible via the major controls, not "drive by wire" through a computer.
There's going to be a Ford Pinto moment for someone in the auto industry in the near future.
"$5,000 fine"
No, lets start with $500k for failing such a penetration test, and go upwards from there. Only if profits are seriously threatened will those morons who decide to make everything software-controlled (by the cheapest code monkeys they can find) start to get the message.
And yes, I have designed control systems and even written code for an engine management computer project in the distant past. So I'm no Luddite, but someone with a heightened sense of how critical such systems are and how piss-poor most designs end up.
Rule #1 no external connection unless ABSOLUTELY necessary. There is no necessity for brakes, steering and throttle control to be externally accessed.
Rule #2 have hardware & software with no single point of failure.
Rule #3 software is never 100% trustworthy, so have hardware limits, watchdogs and cut-outs that can override ANY software command.
Rule #4 big red switch for power. That stops EVERYTHING if needed.
<edited to add>
Rule #5 don't trust something that has not been independently audited. Not even your own code.
Or how about, $5000, per car, per week or part thereof that said car is left vulnerable and $1M per crash that is attributed to said vulnerability.
If there's 10 cars that are vulnerable and they take 3 days to address the security issue, that's $50000.
If there's 1000 cars and they drag their feet for 8 weeks, $5000 × 1000 x 8 = $40000000 ($40M).
That might encourage them to stop and think. I can't think of a good reason why you should be able to control the steering/brakes/accelerator from a position other than the driver's seat either.
The nasty bit about this is that it'll probably kill or maim those who have nothing to do with a Jeep other than being unfortunate enough to be near one when one misbehaves.
Only if profits are seriously threatened
A $5,000 fine for each violation does seriously threaten profits.
$5000 for each violation. One on each of 200,000 cars - that $1B. That should make them think[1].
Vic.
[1] It won't - there seems to be a new breed of management at the moment who *genuinely* believes they'll never get caught, no matter how egregious their wrongdoing...
[1] It won't - there seems to be a new breed of management at the moment who *genuinely* believes they'll never get caught, no matter how egregious their wrongdoing...
That's the "I'm smarter than..." effect and it seems to be endemic in humans, not just specific to managers. However, when it does rear its ugly head, it's the manager's egregious behavior that makes the Evening News (or suitable web page).
We also run into the "there oughta be a law..." effect as well. Whatever law does get passed will be effectively toothless since Congress gets a large pile of money from the auto/vehicle/home/... industries. If it had teeth, then bankrupting the industry just forces another takeover. Oh, I forgot. Aren't the Teamsters part-owner of GM? That makes them bulletproof.
"$5000 for each violation. One on each of 200,000 cars - that $1B. That should make them think[1]."
Maybe. But there's already at least one example of billion dollar penalties in the US alone. Do you think anybody relevant noticed or cared? Personally I favour the "lock up the directors responsible" method as a means of really focusing management attention.
Over a year ago, in March 2014, Toyota agreed to pay a $1.2 billion criminal penalty in a settlement with the U.S. Justice Department, after the company acknowledged having misled consumers about safety problems related to unintended acceleration of a number of its vehicles. Problems related to sudden acceleration resulted in the recall of millions of vehicles from 2009 through 2011.
The court case, and the dubious engineering, behind this is described in a few places including
http://www.eetimes.com/document.asp?doc_id=1319903 25 Oct 2013
"Could bad code kill a person? It could, and it apparently did.
The Bookout v Toyota Motor Corp. case, which blamed sudden acceleration in a Toyota Camry for a wrongful death, touches the issue directly. This case -- one of several hundred contending that Toyota's vehicles inadvertently accelerated -- was the first in which a jury heard the plaintiffs' attorneys supporting their argument with extensive testimony from embedded systems experts. That testimony focused on Toyota's electronic throttle control system -- specifically, its source code. The plaintiffs' attorneys closed their argument by saying that the electronics throttle control system caused the sudden acceleration of a 2005 Camry in a September 2007 accident that killed one woman and seriously injured another on an Oklahoma highway off-ramp. It wasn't loose floor mats, a sticky pedal, or driver error."
[article continues]
A billion dollar penalty was subsequently imposed for the (mis)handling of the recall:
http://www.nytimes.com/2014/03/20/business/toyota-reaches-1-2-billion-settlement-in-criminal-inquiry.html?_r=0
Eric H. Holder Jr., the United States attorney general, talked in impassioned tones on Wednesday about Toyota’s behavior in hiding safety defects from the public, calling it “shameful” and a “blatant disregard” for the law. A $1.2 billion criminal penalty, the largest ever for a carmaker in the United States, was imposed.
Mr. Holder said the department’s four-year investigation of Toyota found that the company concealed information about defects from consumers and government officials, putting lives at risk because of faulty parts that caused sudden, unintended acceleration in several of its models.
[continues with reference to inquiry into similar issues at GM]
"No, lets start with $500k for failing such a penetration test, and go upwards from there."
How about lets make it mandatory that a car passes a pen-test before release to the public?
Prevention is better than cure... and ensure that any software updates are also pen-tested before release!
And the cost of pen-testing should be low, otherwise you will hit the problem of companies not releasing bug fixes as they don't want to pay the pen-test fees.
"Rule #5 don't trust something that has not been independently audited. Not even your own code."
Very good rule!
How many deaths and injuries do we need to see in the transportation field before companies are held accountable for the safety and security defects in their products? 25 years ago Microsucks should have been nailed to the wall for selling such evil O/Ss so now every fool who writes defective, irresponsible code claims that they can't check all of the code because it has xx (fill in the number) millions of lines of code. That is 100% B.S.
Wait until autonomous vehicles get hacked or have computers that crash and then the shit will hit the fan as the paid liars cash in on the incompetence of unscrupulous companies and programmers.
Step 1) Locate the antenna used for wireless connectivity
Step 2) Snip the wires leading to it.
Your vehicle's connectivity is now permanently disabled. Enjoy.
If you have GPS, it probably has another antenna for that, which being receive only you may not want to mess with unless you're extremely paranoid.
not that easy:
1. you have to get to these (buried behind the dash etc)
2. once unplugged the rest of the system may (will in case of my car) complain (luckily for me it'll keep running as far as I know)
3. going really low-tech may void warranty (and look ugly)
4. at some point it may become illegal to disable built in comm systems (one more reason to keep the old clunker around for "special" runs;)
Take old car, rip out stereo unit, replace with cheap 2-DIN touchscreen <insert OS here> unit, get a superior version of all their connectivity crap without the ludicrous security bugs and less tracking bullshit. That's what I'm planning to do with my car at any rate. it's not exactly hard to do, and even with the 3G connectivity, car mic, rear parking camera, etc I'm still only looking at $500-600.
This post has been deleted by its author
1980_coder, That is a bit unfair, replacing a stereo and laying down a cable with camera on the end isn't exactly more complex than Ikea furniture. You could safely assume 98% of the population could figure it out.
most tech luddites I know, are not stupid or incompetent, they are Lazy and would rather somebody else did it for them.
"Have you read this about Toyota's ECU software?"
Yes I have. I've also read the stuff written by Michael Barr (the main and most convincing litigating expert witness).
They found a whole lot of software that looked badly written, but they never actually demonstrated the software failing. Basically the argument was that the code looked ugly and had programming errors in it therefore it likely failed.
They never managed to actually make it fail though.
So how do you explain the significant number of reported incidents?
What about the case when they (passenger) were making a 911 call during the process of the car being uncontrollable? (They died in the crash). No one from Toyota could point to a sticky mat, etc, to explain that away.
Sorry, but show me safety-critical system that has so many potential flaws and has single points of failure (in both code and the hardware) and that is a "smoking gun" to me.
Because any fine I can consider easily paying as individual is a joke to a large corporation.
I can believe this level of incompetence though. I am leaving my job working with 'med-tech' because the software standards I experienced made the rushed code for a mediocre game look like NASA code. The software profession tolerates a lot of idiots.
"I can believe this level of incompetence though. I am leaving my job working with 'med-tech' because the software standards I experienced made the rushed code for a mediocre game look like NASA code. The software profession tolerates a lot of idiots." -- GameCoder
The trouble is that software is not a "profession" -- it is a job. We don't need to regulate everyone, but probably those who develop safety critical systems, and possibly those who develop any internet facing systems, should be qualified and/or licensed to do so -- not so much to stop developers misrepresenting themselves, which is fairly rare, but to prevent corporations' simply choosing the 'lowest cost resources' for development, skimping on testing (i.e. avoiding any realistic or significant testing at all) and simply shrugging their shoulders when things go wrong.
" If the air-con pump seizes there is no way to re-route the drive belt to bypass it. So then you die."
What?
What about if the cylinder head cracks, or if the sump plug falls out, or if debris from a repaired radiator blocks the thermostat, or if the transmission fluid leaks out, or or or...
There are many ways an engine can fail. And even a failed engine is no excuse to die in the desert. Never heard of a back-up plan? If you think a failed aircon pump will kill you, maybe you shouldn't really be driving into the desert to start with.
And to address that particular one, I'm pretty sure I could un-seize a pump well enough to let the pulley turn again if I needed to that badly. I'm talking from experience, having nursed two 18 year old hiluxes from the UK to South Africa, with plenty of bush repairs including, wait for it, a seized aircon pump, a cracked cylinder head, and all the other failures listed above.
But you can't kill a Hilux
"If the air-con pump seizes there is no way to re-route the drive belt to bypass it."
Turn the A/C OFF! There is a magnetic clutch involved. Cut the wire to it, if necessary. Finger nail clippers? Knife? Yank the wire out. Just getter done and be back on your way, before you die of thirst because you probably did not bring any water with you.
Sounds like marketing or upper management. This reminds me of an old Chevy I had. It had a six cylinder engine and worked real well. Marketing decided that model needed a V8. It fit. So the next years model had a V8. It fit. Sort of. You need to yank the engine to replace the plugs. I think someone figured out how to lift the engine just a little bit to change out the plugs. That wasn't an engineering decision.
This post has been deleted by its author
Driving the streets of LA/London/personal favorite town actively scanning/collecting comm freqs, searching for IP's, scripting open door attacks, recording everything, in a hardened distributor and points 60's vehicle. Kinda like Google Streetview cars, but more honest about it.
Racers, sitting at the line, computers doing bruteforce attacks on other drivers' cars, while your systems are defending from the other guys, while the tree counts down.
Fleets of police cars simultaneously accellerating to 120MPH and making a sudden, gps-guided, left turn into a building/bridge/river/etc of your choice.
Pretty morose this evening... it's a Brave New World... smh
People in the (car) industry don't have much clue about security, in fact they don't even understand basic concepts of what they are doing. I have seen people doing things, every book on embedded software design warns you against and gives alternatives, yet they do it like this anyhow.
Somehow it seems like, even if you have trivial problems, software developers (and their surroundings) seem to want to "blow it up" into something big, by adding needless complexity.
This is, in a way like this Czech(oslowakian) animated series:
https://www.youtube.com/watch?v=OJsFj9exAlc
The whole movement of computerized control of car engines has gotten completely out of hand. There is very little need for much of it. Of course, it does cause to take our cars in for service more often and enables us to do less ourselves and I guess, ultimately, that's the point. We have lost control of own vehicles to the manufacture and whatever government agency decides to stop our car. As well as, whatever hacker decides to stop our car as I'm sure that can't be far away.
http://forums.theregister.co.uk/forum/1/2015/07/08/ford_car_software_recall_analysis/
I always said if I ever bought a car that had OnStar or any sort of equivalent system that connected it to the outside world, I'd permanently disable it, or if that was not possible I'd choose a different car.
Silly me, I was concerned about invasion of privacy and the potential for the government to remotely shut down my car if they felt like it. I never dreamed anyone could possibly be stupid enough to give a car a public IP address! Once again I underestimate and am astounded by the stupidity of engineers who really should know better.
I was on a runaway 2000HP boat in a harbour. The stupid throttle/gearbox controller had got confused and was programmed so that in an error situation it would put control to a certain station. The problem was that no-one was sitting at that particular station and the throttles had been knocked forward.
It would have been better to program the the thing to put the engines in neutral and throttles to tickover if an error is detected. Lots of damage was done and the manufacturers denied all responsibility for it but did have a new "improved" version waiting in the wings.
Terrorists like ISIS are quite computer savvy and these sorts of vulnerabilities are a gift to them. With a zero day exploit and some coordination, they could cause chaos in Europe and the USA causing numerous "accidents". They wouldn't even need to kill many people - just frighten the public and plant the seed of terror in their mind that their cars can be pwned to hurt of kill them.
The fundamental problem is the evolutionary design of systems that takes place. The Uconnect will have been added to an existing design. This has meant that no longer does a hacker have to be physically connected to a car which previously was the mitigation to a lot of these risks.
It's not new for as car system to be hacked via the "information and entertainment" systems. I have heard of specially crafted CDs that when put in the car's CD player will interfere with the car's operation at this sort of level.
I suspect the issue is a problem in the connection between the network the Uconnect is attached to and the ones the engine management and braking systems live on. They should be segregated, but a fault in the design or implementation of this segregation means that they are not and this then allows data from one in to the other.
Something that is also of note in this is that the Uconnect is exposed by a public IP address, which is unusual for cellular system. Although I do know that you can buy SIMs with this feature, it's not common.
At the local filling station the other day:
One slot was occupied by a big, unattended SUV - I think it may have said Jeep on the back but not being interested in mobile bricks I didn't take too much notice. The slot continued to be occupied by it; nobody came out of the shop to drive it away. When I went in to pay I asked the attendant what was happening. It turned out that the driver had put in the wrong fuel and consequently (maybe because the engine wouldn't run) the handbrake couldn't be released.
A long time ago (2000ish) I had a shiny new Ford Exploder. One morning I parked on a slight downhill slope, leaving the engine running I got out to open a gate in front of me - as I shut the drivers door the car rocked slightly and that was enough for it to decide to auto-lock the doors.. cue an hours wait for the RAC (fortunately my phone was in my pocket!) and ever since I've been nervous of too much tech in modern vehicles...
Given that it is well known that anything connected to the Internet will be attacked and had better be 100% bloody bulletproof[1], didn't anyone think that a "connected car" was a Really, Really, Seriously Fucking Stupid Idea?
In fact, as stupid ideas go, that's one of the more stupid ones as the risk / benefit doesn't even begin to stack up: Benefit: Facebum on the move. Risk: Horrific flaming death.
[1] Yeah, right. One of the tools you will require here is a reliable crystal ball so that you can have foreknowledge of all the possible attack vectors that will be invented over the lifespan of your product.
One thing that's been missed by a lot of people is that the 'public IP address' isn't really very public.
The system connects via a mobile network (I believe Sprint) so unless you're also on Sprint's mobile network, you are protected (and I use the term loosely) from the wider internet by the carrier's NAT.
It's still unbelievable that anyone who designed this thought any incoming connections were a good idea - at least lock incoming connections to known IP ranges and use some bloody authentication!
holy fudge. who in their right mind thinks that live control systems need to be connected to 1. meedja systems/satnav/etc, and 2. the bloody internet?!?!
not just a software patch, but a fudging class action suit needs to happen!
oh, hey, this airbus A380 thing has an internal network for all the seatback inflight entertainment systems, lets use that for the friggin fly-by-wire shiz too. DUH!
After all while it won't have many consequences now, hordes of cars being taken over could finally beat some sense into automotive (and industrial) developers.
Unfortunately since the car industry has a mighty lobby the pendulum might swing the other way and the Internet will be abolished.