> Can't even think that I have read any stories (so far) about malware having an impact on auto operation. Hard to believe that opening up the software won't result in something bad happening either.
First of all it would be EXTREMELY hard to nail down a car crash to malware currently because we have no tools/insight to do so. For all we know (put's on tinfoil hat) car hacking has been employed multiple times by state actors to kill off people who they disagree with. It's way too easy to write it off a the driver made a mistake and never have an investigation into the root cause.
However we HAVE seen that it's possible to hack into a car, there are multiple news articles showing people taking over control of cars remotely and killing the breaks, shutting off the engine, pushing down the accelerator, etc.
Also I don't buy the "Safety" argument it's way to easy to scream "Think of the children" to kill off an argument. Hobbyist hackers who want to hack their own cars have to still abide by the laws set out by the government just like a mechanic can't put a car on the road without breaks. I don't see the difference, yes maybe it will make it easier for bad hackers to disable your breaks but they could just cut the break line which would probably be easier (or should be if the automakers take security seriously at all which I would bet they don't).
Key safety systems have passive modes that work regardless of the software. Steering and brakes are among these. You might lose the power assist, but you can still steer and stop.
Killing the brakes on a car would require mechanical interference/sabotage, not just software hacking.
This all depends on the vehicle. For example, Toyota's Hybrid Synergy Drive (formerly Toyota Hybrid System) in their hybrids is entirely drive-by-wire, meaning there is no direct attachment between the steering column and pedals and the mechanics they control.
I see no reason why the ability to brake in my Prius couldn't be disabled by sabotaging the ECU, same with steering and acceleration. There's not a traditional transmission either, so I can't just force it into neutral and roll up a hill to stop. There's technically a mechanical linkage in the break pedal to the disc brakes should the ECU fail, but ECU failure and ECU tampering are two separate concerns.
With that said, I'm not overly concerned about electronic attacks on my vehicle at the moment, someone would still need to forcibly enter the cabin, connect to the OBDII port and make modifications to the ECU firmware, not something some jerk could do while we are going down the freeway. I would certainly feel a lot safer if the code running on the ECU was available for the community at large to dissect and inspect, though.
Killing the brakes on a car would require mechanical interference/sabotage, not just software hacking.
Aside from the exceptions snuxoll mentioned, I can think of two ways the brakes could be hijacked on a car with traditional hydraulic brakes in order to cause a crash.
The first is abusing the antilock brake system to render the brakes less effective. Instead of reducing braking power when the wheels lock, it could be programmed to reduce braking power as much as possible in the event of panic braking at high speed.
The second is to abuse the stability control system now mandated by law to be included on new cars in the US and many other jurisdictions to induce, rather than prevent/correct a skid. Stability control works by selectively applying the brakes on different wheels. Applying one front brake at a moderate level (not enough to lock the wheel and leave rubber on the road as evidence) would look just like an erroneous steering input to anyone investigating a crash as long as the tampering couldn't be detected electronically. For extra evil, use GPS or have an observer trigger it manually when the car reaches a location in which a sudden turn would result in an especially bad crash.
First of all it would be EXTREMELY hard to nail down a car crash to malware currently because we have no tools/insight to do so. For all we know (put's on tinfoil hat) car hacking has been employed multiple times by state actors to kill off people who they disagree with. It's way too easy to write it off a the driver made a mistake and never have an investigation into the root cause.
However we HAVE seen that it's possible to hack into a car, there are multiple news articles showing people taking over control of cars remotely and killing the breaks, shutting off the engine, pushing down the accelerator, etc.
Also I don't buy the "Safety" argument it's way to easy to scream "Think of the children" to kill off an argument. Hobbyist hackers who want to hack their own cars have to still abide by the laws set out by the government just like a mechanic can't put a car on the road without breaks. I don't see the difference, yes maybe it will make it easier for bad hackers to disable your breaks but they could just cut the break line which would probably be easier (or should be if the automakers take security seriously at all which I would bet they don't).