[Fabulist]

I see the suggestion for adding a data connection to the Karma frequently in the "features we want" type lists, and I have had cars with this feature before. But after reading this article on Wired, I am wondering if it is such a good idea, particularly in the case of the Fisker Karma where almost all the controls are just inputs to one of CAN networks, as opposed to a mechanical connection to the actuator. The idea of network security being implemented by the same programmers that brought us the Karma's NAV system makes me very very nervous.

So if this feature is ever implemented, don't be surprised to see my Karma driving past with tin foil strategically applied to cover the data antennas.

 

[Roberta'sKarma]

Yep, I'm with you, Fab. I say no to network connectivity in my car.

 

[JCMorrill]

Be nice if the car asked you to authorize a "download" before it accepted it. And, you'd only authorize it if you'd had an email or something ahead of time.

 

[Nin ja]

or signed download with an approved code that you authorize and a must would be a feature to open and close the network connection -- open anytime is a non starter for me. This network stuff does not have to be hard, but the user has to be vigilant.

 

[Fabulist]

This was not a malicious code type attack. Buried deep in the article is the fact that the attacker needs to know the vehicle's IP address, which means that this is a weakness in the network interface itself, which allows an incoming connection to "talk to" a vital system inside the car's network without being properly authenticated first. This has been the bane of fixed network installations for as long as the Internet has existed (Long before it became the Kardashian's private communication channel).

Just being careful with downloads will not solve this problem. The security has to be baked into the system. Something that CAN networks are not really designed for.

 

[JCMorrill]

Or, you use a "pull" mentality instead of a "push". Notification of a new download is made public, and you go into your car and say "give it to me now, please!".

 

[LonePalmBJ]

This article is worth a read. It's by the two guys who recently hacked a Tesla and were able to control many system functions including the battery and the drivetrain.

While click-bait headlines will scream how hackers can attack us all and that nobody is safe, the reality is that these guys needed physical access to the car and even had to disassemble the dash.

http://www.cnet.com/news/tesla-hackers-explain-how-they-did-it-at-def-con-23/

 

[Fabulist]

This article is worth a read. It's by the two guys who recently hacked a Tesla and were able to control many system functions including the battery and the drivetrain.

While click-bait headlines will scream how hackers can attack us all and that nobody is safe, the reality is that these guys needed physical access to the car and even had to disassemble the dash.

http://www.cnet.com/news/tesla-hackers-explain-how-they-did-it-at-def-con-23/

The guys who hacked into the Jeep using the IRC port managed to do it without any physical access to the car. Their prior exploits required access to the OBD II port, but no disassembly was required.

 

[AlJOHN]

There is a second article on the TESLA hack. They actually could not hack the tesla remotely. They had to physically be in the car and plug into the CIU.

The Tesla systems was extremely robust from external hacking. So they had to take apart the Dash to plug into the interface.

See the article... Point being over the air potential hacking point, and the manufacturer has to be as smart as the hackers. Jeep was not Tesla a lot better.

http://www.teslarati.com/details-behind-tesla-model-s-hack/