Hacker News new | ask | show | jobs
by blincoln 2143 days ago
So the attack will then be to hook into the car's on-board computer and tell it to send the falsified message with a fake plate number, and let the existing cryptographic code handle the signing. Alternatively, dump a legit cert once (e.g. by detailed examination of one on-board computer), then put that into the malicious hardware that sends falsified messages.

This is "the DRM problem", but in reverse. There is no way to give an end user a device that can send cryptographically-protected messages while also guaranteeing that they can't generate messages other than the ones the manufacturer wants them to send. One can make it very, very hard to do so, like with TPM/trusted enclave hardware, but when the potential consequences are people dying in car crashes, and the motivation to send false messages is so high[1], it's just an awful idea, because it will absolutely be misused, and people will die as a result.

Vehicle-to-vehicle communication makes this even worse. At least with a tower intermediary, there would be some sort of forensic evidence stored outside of the vehicles involved.

[1] The ability to manipulate traffic in order to get to one's destination faster would be a huge selling point for a lot of people.
2 comments
ricardobeat 2143 days ago
There is also no way to stop someone throwing rocks at passing cars. People will die as a result. The deterrents in both cases will be the same: humanity, liability and law enforcement.
link
blincoln 2143 days ago
Most of the people who will use malicious signals won't set out to actually hurt other people. They'll just use them to make tailgaters' cars brake quickly, or manipulate traffic in some way that benefits them, like the people in the late 80s or early 90s who figured out that putting strobe lights on their car roofs would let them make some city signals turn green for them. There are far, far more people who would be interested in that sort of thing than would be interested in the electronic equivalent of throwing rocks.

It's the unintended consequences that will generally kill people, like causing a multi-car pileup because the tailgater whose car was forced to brake was being tailgated themselves.

There will be very little way to enforce laws against that kind of activity, because there won't really be any forensic evidence at all.

There is no good way to do this. Even assuming a 100% flawless implementation of a "trusted enclave", people will just buy an ECU from a scrapped car, hook it up to a device that simulates the right sensor input to generate certain vehicle-to-vehicle communications, and stick it in the trunk of their actual car.

link
fuoqi 2143 days ago
https://xkcd.com/1958/
link