Ford and Mazda Promoting a Standard Linux for Automobiles


  • Service Provider



  • @scottalanmiller said:

    Ford and Mazda are the first in on a standard base operating system for automobiles according to eWeek.

    My Veloster uses Windows CE and it bugs a decent amount. Hopefully they have someone who has at least somewhat of an idea of security involved with this. Considering Chrysler sent out updates for a hack for their head units on a flash drive in the mail, I don't really trust car companies that much.



  • It's already been shown to them how cars can be completely taken over via the internet. I think the cellular vendor in that case turn on a firewall that disabled this - for now.


  • Service Provider

    @Dashrender said:

    It's already been shown to them how cars can be completely taken over via the internet. I think the cellular vendor in that case turn on a firewall that disabled this - for now.

    That has nothing to do with a standardized OS system to run vehicles.


  • Service Provider



  • and yet this was just released yesterday saying that any cars that have Ford Sync 3 will get Android Auto and Apple CarPlay

    http://arstechnica.com/cars/2016/01/carplay-and-android-auto-coming-to-all-2017-ford-sync-3-cars/


  • Service Provider

    @david.wiese said:

    and yet this was just released yesterday saying that any cars that have Ford Sync 3 will get Android Auto and Apple CarPlay

    http://arstechnica.com/cars/2016/01/carplay-and-android-auto-coming-to-all-2017-ford-sync-3-cars/

    The new system is not a production thing yet. so it would not surprise me to see the 2017 announcement like that.



  • @JaredBusch said:

    @Dashrender said:

    It's already been shown to them how cars can be completely taken over via the internet. I think the cellular vendor in that case turn on a firewall that disabled this - for now.

    That has nothing to do with a standardized OS system to run vehicles.

    I was mainly referencing Johnhooks comment about not trusting car companies that much.

    I agree that this project can only be a good thing - hopefully more manufacturers will join and we will all have safer, more secure systems in our future cars.


  • Service Provider

    @Dashrender said:

    @JaredBusch said:

    @Dashrender said:

    It's already been shown to them how cars can be completely taken over via the internet. I think the cellular vendor in that case turn on a firewall that disabled this - for now.

    That has nothing to do with a standardized OS system to run vehicles.

    I was mainly referencing Johnhooks comment about not trusting car companies that much.

    I agree that this project can only be a good thing - hopefully more manufacturers will join and we will all have safer, more secure systems in our future cars.

    But if too many join in, then we will have a single OS and a single point of attack for would be attackers.



  • @scottalanmiller said:

    @Dashrender said:

    @JaredBusch said:

    @Dashrender said:

    It's already been shown to them how cars can be completely taken over via the internet. I think the cellular vendor in that case turn on a firewall that disabled this - for now.

    That has nothing to do with a standardized OS system to run vehicles.

    I was mainly referencing Johnhooks comment about not trusting car companies that much.

    I agree that this project can only be a good thing - hopefully more manufacturers will join and we will all have safer, more secure systems in our future cars.

    But if too many join in, then we will have a single OS and a single point of attack for would be attackers.

    Is that really a concern? While there are many versions of Linux, How many servers are running the most popular versus how many cars there?


  • Service Provider

    @Dashrender said:

    @scottalanmiller said:

    @Dashrender said:

    @JaredBusch said:

    @Dashrender said:

    It's already been shown to them how cars can be completely taken over via the internet. I think the cellular vendor in that case turn on a firewall that disabled this - for now.

    That has nothing to do with a standardized OS system to run vehicles.

    I was mainly referencing Johnhooks comment about not trusting car companies that much.

    I agree that this project can only be a good thing - hopefully more manufacturers will join and we will all have safer, more secure systems in our future cars.

    But if too many join in, then we will have a single OS and a single point of attack for would be attackers.

    Is that really a concern? While there are many versions of Linux, How many servers are running the most popular versus how many cars there?

    Seems like it would be a concern of the utmost importance. Creating a single attack target that is primarily maintained by consumers is what caught Windows, right?



  • @scottalanmiller said:

    @Dashrender said:

    @scottalanmiller said:

    @Dashrender said:

    @JaredBusch said:

    @Dashrender said:

    It's already been shown to them how cars can be completely taken over via the internet. I think the cellular vendor in that case turn on a firewall that disabled this - for now.

    That has nothing to do with a standardized OS system to run vehicles.

    I was mainly referencing Johnhooks comment about not trusting car companies that much.

    I agree that this project can only be a good thing - hopefully more manufacturers will join and we will all have safer, more secure systems in our future cars.

    But if too many join in, then we will have a single OS and a single point of attack for would be attackers.

    Is that really a concern? While there are many versions of Linux, How many servers are running the most popular versus how many cars there?

    Seems like it would be a concern of the utmost importance. Creating a single attack target that is primarily maintained by consumers is what caught Windows, right?

    Sure, but cars today aren't maintained at all - by anyone.



  • One could hope that this being an open source project, that the participating auto manufacturers would donate enough to allow the code to be audited by a third party, similar to what happened to TrueCrypt.

    All of these companies can split the single bill, allowing it to be much less expensive individually - and eveyone has an incentive to want to have more secure code.

    Right now they have security through obscurity - or basically nothing, assuming a hacker wants to go after someone.

    This makes me wonder - does the Presidential Limo have custom code running it?


  • Service Provider

    @Dashrender said:

    @scottalanmiller said:

    @Dashrender said:

    @scottalanmiller said:

    @Dashrender said:

    @JaredBusch said:

    @Dashrender said:

    It's already been shown to them how cars can be completely taken over via the internet. I think the cellular vendor in that case turn on a firewall that disabled this - for now.

    That has nothing to do with a standardized OS system to run vehicles.

    I was mainly referencing Johnhooks comment about not trusting car companies that much.

    I agree that this project can only be a good thing - hopefully more manufacturers will join and we will all have safer, more secure systems in our future cars.

    But if too many join in, then we will have a single OS and a single point of attack for would be attackers.

    Is that really a concern? While there are many versions of Linux, How many servers are running the most popular versus how many cars there?

    Seems like it would be a concern of the utmost importance. Creating a single attack target that is primarily maintained by consumers is what caught Windows, right?

    Sure, but cars today aren't maintained at all - by anyone.

    Nor do most have a single, shared OS or exposed APIs.


  • Service Provider

    @Dashrender said:

    One could hope that this being an open source project, that the participating auto manufacturers would donate enough to allow the code to be audited by a third party, similar to what happened to TrueCrypt.

    Open source and auditing go a long way but the problems of a single, shared code base remain. It's like any disease, no matter how hardy the hosts, if all the hosts share the same vulnerability then ANY vulnerability is universal.



  • @scottalanmiller said:

    @Dashrender said:

    @scottalanmiller said:

    @Dashrender said:

    @scottalanmiller said:

    @Dashrender said:

    @JaredBusch said:

    @Dashrender said:

    It's already been shown to them how cars can be completely taken over via the internet. I think the cellular vendor in that case turn on a firewall that disabled this - for now.

    That has nothing to do with a standardized OS system to run vehicles.

    I was mainly referencing Johnhooks comment about not trusting car companies that much.

    I agree that this project can only be a good thing - hopefully more manufacturers will join and we will all have safer, more secure systems in our future cars.

    But if too many join in, then we will have a single OS and a single point of attack for would be attackers.

    Is that really a concern? While there are many versions of Linux, How many servers are running the most popular versus how many cars there?

    Seems like it would be a concern of the utmost importance. Creating a single attack target that is primarily maintained by consumers is what caught Windows, right?

    Sure, but cars today aren't maintained at all - by anyone.

    Nor do most have a single, shared OS or exposed APIs.

    I'll give you they don't have a single shared OS, though exposed (sure not over the internet) APIs, it seems there are more exposed that we realize, just most require local access or something like bluetooth.