• Jenny! [she/her]@dubvee.org
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    Faced with this dilemma, it’s quite possible the automakers will respond by simply disabling telematics and connected services for customers in the state.

    Oh no! Anyway…

  • vinniep@beehaw.org
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    Title’s a little click-baity there. The Massachusetts ballot initiative that passed is a poorly thought out security nightmare, so until those issues can be addressed it would be dangerous to follow it.

    Now, according to Reuters, NHTSA has written to automakers to advise them not to comply with the Massachusetts law. Among its problems are the fact that someone “could utilize such open access to remotely command vehicles to operate dangerously, including attacking multiple vehicles concurrently,” and that “open access to vehicle manufacturers’ telematics offerings with the ability to remotely send commands allows for manipulation of systems on a vehicle, including safety-critical functions such as steering, acceleration, or braking.”

    The title isn’t wrong, it just doesn’t mean what it sounds like it means.

    • hope@beehaw.org
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      That simply isn’t the case. The ballot initiative was meant to stop the wireless diagnostics loophole, either requiring wired diagnostics as in the past or a compliant wireless version. I trust my bank to be able to work securely wirelessly, I have friends with wireless insulin pumps that manage to not get hacked and killed, the car already has these wireless diagnostics protocols built in, they’re just not an open standard, and there are a million and one ways to implement a standardized open protocol securely. The NHTSA is simply giving in to corporate lobbying here.

      • vinniep@beehaw.org
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        What the ballot initiative was meant to do and what the legal wording of the initiative are are two different things, though.

        there are a million and one ways to implement a standardized open protocol securely.

        Right, but that work hasn’t been done yet, and moving ahead before that exists is a big risk.