Hacker News new | ask | show | jobs
by mtgx 3708 days ago
How exactly is it separated?

I imagine the ideal solution would be using two airgapped computers, one for the main car system, one for the media stuff, and then keep the servers from which they receive updates, and the authorization for those servers completely separated as well, with the updates done by different people, too.

But I imagine the vast majority of car makers don't do anything close to that, and probably not even Tesla does it like that. BMW wasn't even sending its OTA updates over HTTPS until 2 years ago.

I imagine most right now, if they even isolate the media and the main systems at all, probably do it through virtualization to "cut costs", so they don't even use two different chips. Heck, they may even use "containers" to cut costs even further.

And this is why I won't be a self-driving car beta tester in the first 10 years. You just can't trust these guys when up until now they didn't even have a clue about software security, to do this properly. And it's probably why "Silicon Valley car makers" will end up winning over the traditional car makers eventually, too.
3 comments
Hemera- 3708 days ago
It's incredibly complicated, but pretty secure. The CAN bus is isolated from the network. I have root access on the CID and the IC (both separate tegra systems). You can even reboot the CID while you're driving and you only lose media and air conditioning and such. Accessing the CAN bus requires going through a pretty secure gateway system, so you can only basically make requests. Even then, I haven't even really looked into that area much.
link
striking 3708 days ago
It's a chroot'd environment. Yeah, you could theoretically crash the underlying kernel, but doing so would probably be pretty difficult. You'd have to give that environment access to things that can crash the kernel on purpose.
link
unexistance 3708 days ago
exactly WHY I'll wait for it to mature first, if at all...

The only software I actually can trust my life with are the ones used by NASA, if any of the car company abide / follows NASA's guidelines, they would already use that as part of the PR

so none yet

link