Michigan Bill Would Give Life Sentence To Car Hackers, As Car Hacking Threat Grows

Status
Not open for further replies.

Math Geek

Titan
Ambassador
Wonder if they will attempt to apply this to normal "jailbreaking" type activities of car systems? all kinds of fun things to do with your Ford Sync system if you give it root access. Ford hates this ability and i wonder if they would try to go after owners who have done this to their own vehicles? that would be a huge leap from the intent but not far fetched at all....
 

ssdpro

Honorable
Apr 10, 2013
162
0
10,680
In Michigan we show no mercy on someone who hacks a car and makes the Infotainment Center display the word "POOP". We however give free passes if you conspire with other lawmakers to poison entire communities.
 

targetdrone

Distinguished
Mar 26, 2012
327
32
18,810
So hack the keyless ignition system, go to jail for life. Hot-wire the thing the low tech way, go to jail for a few years. That won't hold up on appeal nor a trip to the Supreme Court.

That said. Lets go old school with this. The punishment for gaining unauthorized control of a horse was hanging. Lets apply that to car thieves among others.
 

targetdrone

Distinguished
Mar 26, 2012
327
32
18,810
In addition we should flog manufactures and their engineers that think it's a great idea to connect the ECU to the internet. There is absolutely no reason to do that.
 

Eximo

Titan
Ambassador
I could cite lots of reasons why they might need to connect the bluetooth or LTE modem to the car's CAN bus, but it comes down to cost right now. Car's are getting fairly powerful CPUs and GPUs in the form of ARM based SOC, so I think we will see an increasing complexity which will allow for greater protection.

The article is a bit misleading in the use of the term ECU, every modern car has one. This controls emissions and fuel injection and all kinds of things. Most cars also have a separate unit for windshield wipers, doors, locks, airbags, etc. Makes it easy to offer multiple engine classes on the same chassis without having to replace all the electronics on the car. Also that computer tends to be under the seat or dash so it is protected from engine bay damage.

Ideally there needs to be third independent control module to separate the human interface from the self driving part. But then you have the wonderful question of how do you get those systems to communicate.

Most CAN bus communications are already encrypted at the packet level, it just isn't that hard to learn, not crack, the master encryption polynomial for a set of hardware. Sometimes the passwords are freely available through a dealer's information or readily available from modding enthusiasts.
 

dstarr3

Distinguished
Wonder if they will attempt to apply this to normal "jailbreaking" type activities of car systems? all kinds of fun things to do with your Ford Sync system if you give it root access. Ford hates this ability and i wonder if they would try to go after owners who have done this to their own vehicles? that would be a huge leap from the intent but not far fetched at all....

Cell phone manufacturers are getting better and better at making it impossible. No one's been able to root the AT&T variants of the Samsung S5/6/7 yet (which is why I'm still using my S4). Cell phones have the advantage of being... well, phones, and constantly being connected to towers, and there's a lot of security that can be reinforced that way. But suffice it to say, if cell phones have become nearly impossible to root as a nuisance, cars will certainly become unrootable by necessity.
 

none12345

Distinguished
Apr 27, 2013
431
2
18,785
Cars need a completely isolated WIRED(no wireless) network for their electronics. If its an isolated network, its not a problem.

Once you start mixing in regular wifi with the cars internal system, you have a problem.
 

Math Geek

Titan
Ambassador
the supreme court ruled years ago that jailbreaking and rooting were perfectly legal activities so at least that part is covered. i am pretty sure the courts cited this when ford tried suing someone for hacking into it's sync system. that was thrown out last year i think it was. but this new law sure smells kind of funny to me. they do like to use a legitimate problem to spur a law that will be misused in a number of ways not intended when it was written.

clearly taking over a car and crashing it or causing whatever other mayhem needs to be accounted for and should be illegal but this should be worded right to ensure simply rooting an infotainment system is not included :)
 

Darkk

Distinguished
Oct 6, 2003
615
0
18,980
The ECU that controls the vital parts of the car have no business being connected to the world. Over time encryption can be broken so better off to have hardware isolation of it's critical parts of the car such as brakes, steering and engine control.

My bluetooth in my car is only connected to the radio unit and nothing else. So if it gets hacked no big deal. I just take the car in to have the firmware reflashed.


 

targetdrone

Distinguished
Mar 26, 2012
327
32
18,810
Cars need a completely isolated WIRED(no wireless) network for their electronics. If its an isolated network, its not a problem.

Once you start mixing in regular wifi with the cars internal system, you have a problem.

There were reasons why the water faucets and toilets were operated manually and why Adama would not allow the school teacher to setup some networked computers aboard the Galactica.

These reason are also why Tom Cruz had to break sneak into the CIA HQ and gain physical access to the mainframe like he did.


 

Chris_85

Reputable
Nov 9, 2015
6
0
4,510
Seriously, let's see some jail sentences for stupid auto makers that leave their customers at risk with crappy security.
 

targetdrone

Distinguished
Mar 26, 2012
327
32
18,810


It's already illegal.
 

alidan

Splendid
Aug 5, 2009
5,303
0
25,780


It's already illegal.

but not with as hards of penalties. if some asshole put the breaks on mid highway, and no one died, he'd get off fairly lightly considering the potential harm, this just makes it a life sentence.
 

lahma

Reputable
Jan 21, 2015
24
0
4,510
How about instead of giving a life sentence to some 16 year old kid who is demonstrating a serious vulnerability you instead start prosecuting the moronic car manufacturers who put their customers at risk because they don't care enough to take the most basic of security precautions. Just another example of geriatric technically inept politicians attempting to solve problems by increasing maximum sentences which has been proven repeatedly to do absolutely nothing in deterring crime. I suppose there is no reason to expect these politicians who have always lived in fairy land to suddenly enter the reality that the rest of us live in where our nation has imprisoned more people than the 3rd, 4th, 5th, 6th, and 7th top nations combined.
 

fixxxer113

Distinguished
Aug 26, 2011
297
2
18,815
So hack the keyless ignition system, go to jail for life. Hot-wire the thing the low tech way, go to jail for a few years. That won't hold up on appeal nor a trip to the Supreme Court.

That said. Lets go old school with this. The punishment for gaining unauthorized control of a horse was hanging. Lets apply that to car thieves among others.

I think you missed the point... the maximum sentence will not be for stealing. Acquiring control of a car's electronics could be used to kill someone. So it's not equating car-hacking to stealing but more likely to sabotage, which could be considered a serious security threat or even terrorism. Imagine what would happen if, for instance, someone wirelessly disabled the brakes on several dozen cars as they rushed through an interstate...
 

joes clues

Commendable
May 4, 2016
1
0
1,510
I think the true intent of this law would be if say you wanted to convert the fuel to flex, or biofuel. Cars are intentionally programmed to be less efficient or unable to accept the modifications required to run on alternative fuels. Lawmakers wasted no time in making this a Federal offense, as soon as these biofuels hackers started sprouting up. Michigan is just upping the ante.
This has ZERO to do with your safety.
 

targetdrone

Distinguished
Mar 26, 2012
327
32
18,810
I think the true intent of this law would be if say you wanted to convert the fuel to flex, or biofuel. Cars are intentionally programmed to be less efficient or unable to accept the modifications required to run on alternative fuels. Lawmakers wasted no time in making this a Federal offense, as soon as these biofuels hackers started sprouting up. Michigan is just upping the ante.
This has ZERO to do with your safety.

Biofuel hackers are not paying their taxes. Not paying the King his due is much worse than 1 pleb murder another pleb.

You're right this has nothing to do with safety.
 

DRosencraft

Distinguished
Aug 26, 2011
743
0
19,010
Like all sentencing guidelines incorporated into penal codes, the "life" part here is meant as an upper limit, not an automatic sentence. In fact, I suspect the actual language of the law merely states the level of the crime (Class A Felony or something along those lines) and that places it in the realm for such a sentence. So, some kid just piddling around and getting into the car's system could only get some light sentence (a couple months or probation) while also allowing more hefty sentences to someone who might try some dangerous pranks like disabling power on a car on the highway.

The intent is that there is a more deterrent force to the law for the more egregious actors out there. As it stands, without this law, someone who hacks a bunch of different cars, does whatever it is they want to the systems by disabling engines, screwing around with systems, disabling locks, etc., the only choice of prosecutors would be to piece together legal theories to make a more substantial case. The goal by making this law here is to simplify that by making it a specific law to point to.

It is the same rationale to why there were laws created about breaking into a car specific and separate from breaking into houses, even though prior to those laws the two were merely considered personal property and legal issues were settled on those terms. It is, I would argue, where the legal process has fallen behind in the internet age - theft of personal information and content over the internet has a weak legal framework, left for it to be defended under legal theories that are traditionally used based on physical property.
 

lahma

Reputable
Jan 21, 2015
24
0
4,510
How about instead of giving a life sentence to some 16 year old kid who is demonstrating a serious vulnerability you instead start prosecuting the moronic car manufacturers who put their customers at risk because they don't care enough to take the most basic of security precautions. Just another example of geriatric technically inept politicians attempting to solve problems by increasing maximum sentences which has been proven repeatedly to do absolutely nothing in deterring crime. I suppose there is no reason to expect these politicians who have always lived in fairy land to suddenly enter the reality that the rest of us live in where our nation has imprisoned more people than the 3rd, 4th, 5th, 6th, and 7th top nations combined.
 
Status
Not open for further replies.