Friday Squid Blogging: Squid Song
It's "Sparky the Giant Squid."
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Posted on July 26, 2013 at 4:27 PM
Perhaps one of you could explain why taking over a cars computer network is material different from cutting the brake cable or loosening the lug nuts. And why the countermeasures against loosening lug nuts won't work against attacks on the CANbus.
Few people keep their cars under lock and key or guard at all times. Fewer inspect their car for sabotage. The security measures most people use are:
1) Not many people want to kill us.
2) Most of the few people who want to kill us are far away.
3) We hope that the threat of being caught and punished will deter those that have both motive and opportunity.
The first and third continue to operate against tampering with a cars electronics.
The second is yet one more good reason not to connect cars to the Internet, but it continues to operate if altering electronics requires proximity or physical access.
The question of whether or not electronic tampering leaves traces is interesting. The fact that the system is complex and impossible to fully understand increases the chances that tampering will have unforeseen side effects and leave evidence. So we have the question of whether the investigators are smarter than the bad guys, but this has always been in play, even in the case of physical tampering.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.