|
| ▲ | rjp0008 12 hours ago | parent | next [-] |
| Cutting someones breaks requires physical access to the hardware. Changing:
if (brakeDepressed()){
engageBrake();
}
To:
if (brakeDepressed() && currentTime < '5/6/26 4pm EST'){
engageBrake();
}
Can be deployed to thousands of vehicles, and would stop brakes from working during peak commute time on the East Coast. |
| |
| ▲ | silon42 4 hours ago | parent | next [-] | | To cause a huge annoyance, it could just randomly apply brakes for some time, which is probably much simpler than bypassing the pedal->brake. | |
| ▲ | slg 11 hours ago | parent | prev [-] | | Someone who can write out that code with that specificity should know there are countless technical and procedural ways to help prevent that sort of thing from actually making its way into consumer vehicles (or that OTA updates would be the only avenue to accomplish that). In a properly designed system, the only real fear here is a state-level attack. And I just don't think getting every Honda to crash at 4pm is a vulnerable enough attack vector to make this hypothetical worthy of much thought. | | |
| ▲ | ivell 6 hours ago | parent | next [-] | | Not only state actors. Vulnerability can be exploited by non-state actors. A terrorist getting hold of this capability to crash every Honda at 4pm introduces new challenges. The impact of 9/11 was not about how many people were killed. But it terrorized the population with that act. People stopped getting into flights. Imagine similar stuff with our daily routine cars. | |
| ▲ | zvqcMMV6Zcr 2 hours ago | parent | prev | next [-] | | > In a properly designed system, the only real fear here is a state-level attack. No, I actually also have to wonder if manufacturer OTA update won't brick my car on their whim: https://www.youtube.com/watch?v=8OB2NqcSDXQ | |
| ▲ | bluGill 11 hours ago | parent | prev | next [-] | | State level actors have plenty of money to find any exploit around those protections and some need little incentive. They can hire a spy to cut my break line but their gain is much lower vs the cost. They don't care about me at all anyway except if I'm in a group of 100k people they can get at once. | |
| ▲ | fc417fc802 7 hours ago | parent | prev | next [-] | | > the only real fear here is a state-level attack. This is blatantly false. In the real world there was a major recall after security researchers (not state actors) demonstrated that they could remotely interfere with safety critical systems. OTA updates without user involvement are a massive security vulnerability. So are internet connected safety critical systems. Neither should be legally permissible IMO. > I just don't think getting every Honda to crash at 4pm is a vulnerable enough attack vector to make this hypothetical worthy of much thought. Setting aside assassinations do you just have no imagination? There have been all sorts of crazy disgruntled worker sabotage stories over the years. Mass shooters exist. Political and religious terrorists exist. For a specific mass scale state level hypothetical imagine that the US enters a hot war with a peer adversary for whatever reason. The next day during the morning commute the entire interstate system grids to a halt, the hospitals are completely overwhelmed, and the entire supply chain collapses for a week or so while we pick up the pieces. With a bit of (un)luck it might happen to catch an oil tanker in the crossfire while it was in a tunnel thereby scoring infrastructure damage that would take years to fix. | |
| ▲ | dumpsterdiver 4 hours ago | parent | prev | next [-] | | > should know there are countless technical and procedural ways to help prevent that sort of thing Sometimes when I look at code it feels like I was led into a weird surprise party celebrating structure and correctness, only for everyone to jump out as soon as I get past the door to shout, “Just kidding - it’s the same old bullshit!” All that to say, we’re about as good or worse as anyone else, at our respective jobs. | |
| ▲ | beeflet 8 hours ago | parent | prev [-] | | How do you know that a car is the result of a properly designed system before you get behind the wheel (or step in front of it?). >the only real fear here is a state-level attack Why isn't this a valid concern? We should just be fine with russia or china having the ability to remotely hack all of our cars and kill/spy on individuals, even critical members of our leadership? What about our own government? What about some terrorist launching formerly state-level malware from his basement with the help of AI? |
|
|
|
| ▲ | Terr_ 11 hours ago | parent | prev | next [-] |
| > A lot of times these hypothetical fears are disconnected from reality. Conversely, a lot of times people don't fear real dangers of reality until it bites them. "Hackers wouldn't care about me, and the single password I use on every website is super good and complicated." > but people generally don't engage in destruction for destruction's sake Generally true, but they do engage in destruction when there's profit to be made or when it becomes in their geopolitical interests, and sometimes that destruction is quite notable: Remember when it was safe to assume that passengers could passively wait out airplane hijackings? Your average script-kiddie might not seriously consider cutting everyone's brakes simultaneously, Al Queda would have been giddy. |
|
| ▲ | wisty 11 hours ago | parent | prev | next [-] |
| I can imagine a nation state behaving badly in 2026 ... |
|
| ▲ | 0cf8612b2e1e 11 hours ago | parent | prev | next [-] |
| Software has an atrocious track record for security. Doubly so for hardware manufacturers. It only takes one smart cow to disable millions of vehicles vs a local knave cutting brake lines. I yearn for the days of wrapped software where developers had to make a gold pressed release. Not, “we can patch it later”. |
|
| ▲ | beeflet 9 hours ago | parent | prev [-] |
| If you want to talk about society, then this is about systematic security not individual security. If someone somewhere can push a button and flash your car with OTA firmware to drive you off a bridge, political assasinations become a lot easier. In fact, with all this data they are collecting, you wouldn't even need to be the next edward snowden to get this treatment. You could set the firmware to target, say, every left-wing voter in america. You don't even need the own the car with such behavior. Everyone becomes a pedestrian eventually. |
