Comment by scj
5 days ago
> "At a societal level, cars that can automatically fix a "recall" with an over-the-air update..."
If an over-the-air patch can have that kind of impact, then what happens if security is compromised and that power is used for ill?
When was the last time you worried about someone cutting your brakes? A lot of times these hypothetical fears are disconnected from reality. Security is important, but people generally don't engage in destruction for destruction's sake so improving default safety levels has been a clear net positive for society so far. Maybe I'm being shortshighted and a future security exploit will change that, but it's not something I currently fear as someone whose car gets occasional OTA updates.
Cutting someones breaks requires physical access to the hardware.
Changing: if (brakeDepressed()){ engageBrake(); } To: if (brakeDepressed() && currentTime < '5/6/26 4pm EST'){ engageBrake(); } Can be deployed to thousands of vehicles, and would stop brakes from working during peak commute time on the East Coast.
To cause a huge annoyance, it could just randomly apply brakes for some time, which is probably much simpler than bypassing the pedal->brake.
Someone who can write out that code with that specificity should know there are countless technical and procedural ways to help prevent that sort of thing from actually making its way into consumer vehicles (or that OTA updates would be the only avenue to accomplish that). In a properly designed system, the only real fear here is a state-level attack. And I just don't think getting every Honda to crash at 4pm is a vulnerable enough attack vector to make this hypothetical worthy of much thought.
6 replies →
> A lot of times these hypothetical fears are disconnected from reality.
Conversely, a lot of times people don't fear real dangers of reality until it bites them. "Hackers wouldn't care about me, and the single password I use on every website is super good and complicated."
> but people generally don't engage in destruction for destruction's sake
Generally true, but they do engage in destruction when there's profit to be made or when it becomes in their geopolitical interests, and sometimes that destruction is quite notable: Remember when it was safe to assume that passengers could passively wait out airplane hijackings?
Your average script-kiddie might not seriously consider cutting everyone's brakes simultaneously, Al Queda would have been giddy.
I can imagine a nation state behaving badly in 2026 ...
Software has an atrocious track record for security. Doubly so for hardware manufacturers. It only takes one smart cow to disable millions of vehicles vs a local knave cutting brake lines.
I yearn for the days of wrapped software where developers had to make a gold pressed release. Not, “we can patch it later”.
If you want to talk about society, then this is about systematic security not individual security. If someone somewhere can push a button and flash your car with OTA firmware to drive you off a bridge, political assasinations become a lot easier.
In fact, with all this data they are collecting, you wouldn't even need to be the next edward snowden to get this treatment. You could set the firmware to target, say, every left-wing voter in america.
You don't even need the own the car with such behavior. Everyone becomes a pedestrian eventually.