Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The issue is the stupid media center. People want that to have Internet. Then at the same time they want it to display all of the climate details and other system info that comes off the CAN.


> People want

Yeah, no. Auto mfr.'s want to reduce the display count to make cars cheaper to make and the interiors simpler to build. I've never ever spoken to or heard form anyone who 'wants' or even kinda likes having their climate controls on the same screen as their maps, pandora, etc. It's confusing, usually cluttered, and complicates things unnecessarily.


Have you ever been in a Tesla?


Then it should only read the CAN, or have a limited write capability

Customers want things, it's not their responsibility, it's the manufacturer's responsibility to not ship something unsafe


There are typically at least two CAN buses in many recent cars, one for critical stuff like engine, transmission, etc, and another for less critical things like environmental controls, there is also LIN, FlexRay, MOST, and maybe another one or two that are less popular.

One problem is that there is no limitation in the CAN protocol to prevent a node from impersonating the master node. Another is the mutability of a node's firmware.


But surely they can be isolated systems


They can be but they're not. Once you share a wire all bets are off.


By that logic there's no security on the internet at all. Everything "shares a wire" after all.

Security is about degrees and nuances. These kind of black & white statements are unhelpful and unrealistic.


> By that logic there's no security on the internet at all.

Have you /been/ on the internet, lately? ;)


Two systems that accept input from the same touchscreen can't be isolated in hardware. From the software side, any portion of each system's interface that overlaps at the touchscreen cannot be isolated. On top of that, if the touchscreen is reprogrammable, then it can be attacked directly and touchscreens are commodity devices not normally considered part of the security infrastructure.


I don't think anybody is upset that their climate control system is exposed to hackers. There are no accelerator/steering/braking controls on the touchscreen (I assume) so those could be isolated but it would require having to separate systems for critical and non-critical operations. The only reason not to do that is because it's more complicated which translates to more expensive.


The climate control isn't mechanically independent of the engine and other mechanical systems. Even in the primitive cars before digital contols, the heater is dependent on the engine's thermostat (well except for old Bugs and 911's, but then that heat never really worked). In modern cars, the AC may be connected to the engine control system so that power can be redeployed for fuel efficiency or for power in emergency situations or to keep emissions within specification.

"Climate control system" is an abstraction over belt driven moving parts.


Exactly




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: