this post was submitted on 05 Dec 2023
207 points (97.7% liked)
Technology
59030 readers
3106 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's not that simple. The CAN bus isn't just about unlocking doors and rolling down windows. It also controls airbags and other systems that are time-sensitive. If you're rolling down the window at the same time you get in a crash, the airbag message has to override the window rolling message and inflate those bags in right-the-fuck-now time.
Adding encryption to the mix greatly increases the engineering required, even if it's not used for every kind of message.
Decent encryption can be pretty quick and transparent these days.
Besides, things related to windows, doors, ignition, etc. could be required to be encrypted, while split-second things like air bags could be unencrypted.
This means an attacker who, e.g. bashes your fancy LED headlight to get to the CAN bus within can only do things like trigger your air bags, which isn't very productive for them.
Yes I am aware of that, however the current way that is being looked at addressing the problem is moving the cabling to further within the car, which is just pathetic, like thieves wont just adapt to that.
Encryption really isnt as big a performance impact if it is done correctly, sure it is not cost neutral but ask Range Rover how much reputational damage they had with their piss poor security. They are still having 1 in a 300 brand new defenders stolen after adding what is pretty a traditional immobiliser and tracker.
As an example: https://iopscience.iop.org/article/10.1088/1742-6596/2006/1/012071
"Done correctly" is the trick. This takes careful analysis and design. You don't just pour on encryption and hope everything will be fine.