[stonogo]

Read up on CAN-BUS. The entire industry is moving to one-wire protocols to reduce the labrynthine copper network that prevailed in the past. If you can put your transmissions diagnostic information on the radio's nice big LCD, why wouldn't you?

Some would say "this, this is why", but those people are not responsible for selling and maintaining millions of vehicles.

[pavel_lishin]

> If you can put your transmissions diagnostic information on the radio's nice big LCD, why wouldn't you?

Surely there's a way to make this information read-only. I can see information about my engine on my dashboard via the speedometer and tachometer; it would be ludicrous if I could kill my engine by grabbing the little needles and cranking them down to zero.

[AlexandrB]

> Surely there's a way to make this information read-only.

There absolutely is a way. Just off the top of my head you could relay the information from the high-sec CAN bus to a low-sec one with a micro-controller. So the low-sec bus can only receive messages from the high-sec one.

Not enabling firmware loading over CAN on the relay is a must as well for obvious reasons, but the key is the code on the relay microcontroller can be kept very simple (easier to audit/secure).

[romaniv]

Isn't that what the hacked car already doing? I don't know about Jeep specifically, but most cars have several CAN busses and some micro-controller passing messages from high-speed control network to low-speed infotainment network.

Problem is, most automotive engineers are clueless about security and most "hackers" are clueless about automotive hardware, software and protocols. There is no dialog.

I wish articles like these posted at least some specifics. A lot of these hacks in the past were completely impractical. Yes, yes, they had shown some interesting possibilities, but it was disingenuous to present them as real-life attacks (which many media outlets did).