Big hardware companies like VW seem to still focus on "security by obscurity", because they're not used to a connected world with plenty of attackers with lots of free time on their hands.<p>I'm quite worried about the future of networked cars.
Would just like to add that some of the security issues are to do with limitations set by governments. I think China and the US in particular insist on crappy security and it's cost effective to simply apply that everywhere else. Forbid anyone have something a government can't pry into...<p>I think for car manufacturers, they are limited to 128 bit encryption and cars only have to stand up to about 15 minutes of hacking - that last one isn't particularly well defined either.
Direct link to research paper: <a href="https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garcia.pdf" rel="nofollow">https://www.usenix.org/system/files/conference/usenixsecurit...</a> Basically VW use the same secret keys to authenticate wireless comms across millions of cars. They change the key every few years (new car platforms, etc).
Silly silly car manufactures that leave the car systems vulnerable in almost every way because they can't think far enough ahead to actually be secure before having "cool" things like button less key fobs and button starts. Seriously... Why do so many people not care about security?
So how do you make something secure when attackers have physical access for hours? I think cars cannot be perfectly secure like we expect computers to be purely because we don't leave our computers unattended for hours in public.
Thank you Volkswagen, technology, hackers, crackers and everybody involved that I can read titles like this that would totally fit into a 1999 sci-fi movie about the near future :)
These security issues are not exclusive to computer systems in cars. A valet recently used my physical car key to unlock a different car. (Same make, different model.) He only realized he was in the wrong car when the ignition wouldn't turn.