DOD: Connected Technologies Growing More Vulnerable To Sabotage

Excellent points.

"If your car has TPMS it is accessible." The issue is remote vs local exploit. If you're going to inject signals into the bus via TPMS, you need consistent local access to the vehicle's electronics: this isn't something you can do quickly via drive-by, and it's made redundant because, if you have uninterrupted physical access, you can do anything you like. This would be a much scarier proposition if you could exploit it without physical access, or at least close-proximity. It's the difference between me hacking your computer from a remote site without your involvement or knowledge, versus me breaking into your house and installing something malicious while sitting at your keyboard.

@psarhjinian psar, either way, not an appealing proposition. Remember when banks told us that they could not be hacked? Or Apple touted how secure their system was? If there is a way in, and there always is, someone will exploit it. And it's dicey if you are in business for yourself. My Zone Alarm firewall records thousands of hits every day. And these are just random attempts to find vulnerable systems. Imagine if someone really wanted to hack someone's car? With or without On-Star. Most new cars today report data back to "mama" even if they don't have an On-Star or similar system installed.

@highdesertcat "Remember when banks told us that they could not be hacked?" By and large, banks aren't hacked. Individual customers get hacked and retailers certainly get whacked, but bank hacks are exceedingly rare. Bank fraud is another matter, but that's not a computer thing. "Or Apple touted how secure their system was?" And generally it is. Apple's Cloud Services haven't been hacked en-masse. Passwords have been harvested, brute-forced or, frankly, guessed via social engineering. "My Zone Alarm firewall records thousands of hits every day" Of course it does. And you can pretty much ignore those alerts. I admin an enterprise firewall and, unless I'm getting DoS'ed, I don't even look at what's hitting it. "If there is a way in, and there always is, someone will exploit it." While this is true, usually things aren't exploited en masse unless they're easy. An attack that requires you to have physical access to the device is a pretty hard attack to execute. Your Zone Alarm is evidence of this: people try the cheap-and-easy attacks all the time; it's the zero-day browser exploit that lets an intruder drop malware on your machine _that your firewall doesn't know squat about_ that's deadly. And there's no vector like that in this vulnerability; it's not remotely remote-exploitable. "Imagine if someone really wanted to hack someone’s car?" If someone really, really wants to hack your car, or your computer, you can't stop them. Operational security measures against a targeted attack (like the NSA or MSS) are paranoid in their thoroughness: to the point where you never leave your computer unattended, use random ones, use a non-standard keyboard layout, etc, etc. But those people would hack your car by getting into your car and bugging it. Or, if they wanted to maim you, they'd just loosen a few fasteners. Against that kind of attack, there is no defense short of your own version of the Secret Service. Joe Plumber does not need to worry about the MSS hacking his Chevy Impala. What bothers me about this article is it exploits the "IT'S DONE BY COMPUTER!!!!" fear to get press when, in fact, it's impractically hard and essentially pointless to be worried about this kind of attack. "Most new cars today report data back to “mama” even if they don’t have an On-Star or similar system installed." No, they don't. Most new cars still need you to plug in a scanner to read anything. Very few cars communicate back to the mothership. And if you're so paranoid that you don't trust your car dealer, either you've got trust issues, or you have Snowden-level OpSec considerations.