Title’s a little click-baity there. The Massachusetts ballot initiative that passed is a poorly thought out security nightmare, so until those issues can be addressed it would be dangerous to follow it.
Now, according to Reuters, NHTSA has written to automakers to advise them not to comply with the Massachusetts law. Among its problems are the fact that someone “could utilize such open access to remotely command vehicles to operate dangerously, including attacking multiple vehicles concurrently,” and that “open access to vehicle manufacturers’ telematics offerings with the ability to remotely send commands allows for manipulation of systems on a vehicle, including safety-critical functions such as steering, acceleration, or braking.”
The title isn’t wrong, it just doesn’t mean what it sounds like it means.
That simply isn’t the case. The ballot initiative was meant to stop the wireless diagnostics loophole, either requiring wired diagnostics as in the past or a compliant wireless version. I trust my bank to be able to work securely wirelessly, I have friends with wireless insulin pumps that manage to not get hacked and killed, the car already has these wireless diagnostics protocols built in, they’re just not an open standard, and there are a million and one ways to implement a standardized open protocol securely. The NHTSA is simply giving in to corporate lobbying here.
Title’s a little click-baity there. The Massachusetts ballot initiative that passed is a poorly thought out security nightmare, so until those issues can be addressed it would be dangerous to follow it.
The title isn’t wrong, it just doesn’t mean what it sounds like it means.
That simply isn’t the case. The ballot initiative was meant to stop the wireless diagnostics loophole, either requiring wired diagnostics as in the past or a compliant wireless version. I trust my bank to be able to work securely wirelessly, I have friends with wireless insulin pumps that manage to not get hacked and killed, the car already has these wireless diagnostics protocols built in, they’re just not an open standard, and there are a million and one ways to implement a standardized open protocol securely. The NHTSA is simply giving in to corporate lobbying here.
What the ballot initiative was meant to do and what the legal wording of the initiative are are two different things, though.
Right, but that work hasn’t been done yet, and moving ahead before that exists is a big risk.
This kind of laws create incentive to build. No for profit company invests money for losing control on their product in the repair chain