This is a multi-part car rant, wherein I insult some "hackers" and "academics" who richly deserve it. The targets of my scorn are not likely to hear my rants, as they have anatomically unlikely body parts shielding their ears (entire heads, actually).
Where to start...
NEWS FLASH: Car people have been "hardware hacking" longer than you have been alive. They have also been hacking electrical and electronic systems for many decades. And hacking onboard computer systems for a few decades. Just because some computer literate folks decided to play with cars, "hacking cars" is new and newsworthy? To the folks who believe this, get over yourselves. Some might say "but Jack, computers make cars too complicated for the dumb mechanics and knuckle-dragging gear heads who beat us up in High School." To these people I say, you weren't beaten badly enough or often enough in High School.
Back in the dark ages, when I was a mechanic, we did creative tuning and repair when we had to. Early emissions and computer systems were less than ideal in function and reliability, so we adapted the tricks we knew and added more to compensate. For example, there is still a handful of mixed resistors in my tool box, we used those to tune gauges- and later to tune the inputs computers received from sensors. Strategically placed vacuum bleed valves, creative use of timers and relays, and so on- were nothing new to a competent mechanic as we dealt with the influx of computers in autos. We played mix and match with parts- computers, sensors, chips, whatever we could. Sure, we were not hacking code, but we broke things just enough to make them work. If you expand the scope to cover auto racing, especially the cheap, "run what you brung" classes, the ingenuity has been amazing. Phrases like "you can't do that" and "watch me" have been heard in the pits since the first races.
So when I see stories about car hacking I get a little twitchy. There are cool projects, like OpenOtto, an open framework for accessing automotive systems and networks, and most folks involved in that seem to have a clue. I do occasionally hear the odd stupid remark about it (generally from people who don't understand the fundamental difference between data and information), but overall I hope it develops into a powerful and easy to use tool.
What triggered this bit of Goodwill Towards Men? It has been simmering for a while, but a paper called Experimental Security Analysis of a Modern Automobile (PDF) pushed me over the edge of reason. Fine, farther over the edge. There is a lot of good information in the paper, and some crap, and a fair bit of academic arrogance. I'll start the dissection of the paper in an upcoming post.