[pavel_lishin]

> If you can put your transmissions diagnostic information on the radio's nice big LCD, why wouldn't you?

Surely there's a way to make this information read-only. I can see information about my engine on my dashboard via the speedometer and tachometer; it would be ludicrous if I could kill my engine by grabbing the little needles and cranking them down to zero.

[AlexandrB]

> Surely there's a way to make this information read-only.

There absolutely is a way. Just off the top of my head you could relay the information from the high-sec CAN bus to a low-sec one with a micro-controller. So the low-sec bus can only receive messages from the high-sec one.

Not enabling firmware loading over CAN on the relay is a must as well for obvious reasons, but the key is the code on the relay microcontroller can be kept very simple (easier to audit/secure).

[romaniv]

Isn't that what the hacked car already doing? I don't know about Jeep specifically, but most cars have several CAN busses and some micro-controller passing messages from high-speed control network to low-speed infotainment network.

Problem is, most automotive engineers are clueless about security and most "hackers" are clueless about automotive hardware, software and protocols. There is no dialog.

I wish articles like these posted at least some specifics. A lot of these hacks in the past were completely impractical. Yes, yes, they had shown some interesting possibilities, but it was disingenuous to present them as real-life attacks (which many media outlets did).