[slg]

Someone who can write out that code with that specificity should know there are countless technical and procedural ways to help prevent that sort of thing from actually making its way into consumer vehicles (or that OTA updates would be the only avenue to accomplish that). In a properly designed system, the only real fear here is a state-level attack. And I just don't think getting every Honda to crash at 4pm is a vulnerable enough attack vector to make this hypothetical worthy of much thought.

[beeflet]

How do you know that a car is the result of a properly designed system before you get behind the wheel (or step in front of it?).

>the only real fear here is a state-level attack

Why isn't this a valid concern? We should just be fine with russia or china having the ability to remotely hack all of our cars and kill/spy on individuals, even critical members of our leadership? What about our own government? What about some terrorist launching formerly state-level malware from his basement with the help of AI?

[ivell]

Not only state actors. Vulnerability can be exploited by non-state actors. A terrorist getting hold of this capability to crash every Honda at 4pm introduces new challenges. The impact of 9/11 was not about how many people were killed. But it terrorized the population with that act. People stopped getting into flights. Imagine similar stuff with our daily routine cars.

[zvqcMMV6Zcr]

> In a properly designed system, the only real fear here is a state-level attack.

No, I actually also have to wonder if manufacturer OTA update won't brick my car on their whim: https://www.youtube.com/watch?v=8OB2NqcSDXQ

[bluGill]

State level actors have plenty of money to find any exploit around those protections and some need little incentive. They can hire a spy to cut my break line but their gain is much lower vs the cost. They don't care about me at all anyway except if I'm in a group of 100k people they can get at once.

[fc417fc802]

> the only real fear here is a state-level attack.

This is blatantly false. In the real world there was a major recall after security researchers (not state actors) demonstrated that they could remotely interfere with safety critical systems. OTA updates without user involvement are a massive security vulnerability. So are internet connected safety critical systems. Neither should be legally permissible IMO.

> I just don't think getting every Honda to crash at 4pm is a vulnerable enough attack vector to make this hypothetical worthy of much thought.

Setting aside assassinations do you just have no imagination? There have been all sorts of crazy disgruntled worker sabotage stories over the years. Mass shooters exist. Political and religious terrorists exist.

For a specific mass scale state level hypothetical imagine that the US enters a hot war with a peer adversary for whatever reason. The next day during the morning commute the entire interstate system grids to a halt, the hospitals are completely overwhelmed, and the entire supply chain collapses for a week or so while we pick up the pieces. With a bit of (un)luck it might happen to catch an oil tanker in the crossfire while it was in a tunnel thereby scoring infrastructure damage that would take years to fix.

[dumpsterdiver]

> should know there are countless technical and procedural ways to help prevent that sort of thing

Sometimes when I look at code it feels like I was led into a weird surprise party celebrating structure and correctness, only for everyone to jump out as soon as I get past the door to shout, “Just kidding - it’s the same old bullshit!” All that to say, we’re about as good or worse as anyone else, at our respective jobs.