|
|
|
|
|
|
by adamtj
3978 days ago
|
|
|
Should hackers actually kill somebody, I struggle to find a reason why the relevant automotive engineers and their managers shouldn't be charged and convicted of negligent homicide, or worse. After all, somebody had to make the decision to connect a radio receiver to the CAN bus. Others are aware of the wireless and choose not to remove it. To be a professional is to have a duty to refuse to do stupid stuff like this, even if it's legal and even if your job depends on it. But is it legal? Why would we need any new laws for this? Connecting a wireless receiver to the same network that controls a car's brakes and steering seems to me like reckless endangerment. No need to wait for innocent people to die. If history has shown us anything, it's that we cannot rely on software to separate two systems sharing a network. Only physics can do that. If we must have wireless for entertainment, then the entertainment and vehicle control networks must be air-gapped. This seems blindingly obvious to me. What am I missing? |
|
|
Civil liability is a lower bar. Regular negligence is essentially not using reasonable care. Whether air-gaping a cars computer is reasonable car would be up for debate. But I think you'd have a good case.
Product liability is similar to negligence. It holds the builder, designers, sellers, etc. liable for design defects. But I'm not familiar with caselaw about how hacking vulnerabilities intersect with design flaws.
>If history has shown us anything, it's that we cannot rely on software to separate two systems sharing a network. Only physics can do that.
Yet, a shocking number of critical systems are exposed to the internet.