Cisco Blogs

I Patched my Car Over the Weekend

March 9, 2012 - 0 Comments

Actually, I did it on Saturday afternoon, that way I had time to test the patch and roll it back if necessary and still have the car ready for Monday.

So… when do you patch your car? Interesting, albeit fictitious, conversation that will relatively soon become reality. New cars are sophisticated artifacts. They look nice and enable you to travel from point A to point B in great comfort (well, most of them), and they are packed with electronics. Inside the car there are multiple processors and computers executing hundreds of thousands of lines of code to ensure your safe journey. The programmers who wrote that code are as equally adept as the ones writing modern operating systems and applications – which means that there are some errors in the algorithms that monitor and maintain many aspects of your car, and in their implementation.

We regularly patch our computers but when was the last time you patched your car? The need for patching (sometimes referred to as “re-flashing”) is here, as the paper “Comprehensive Experimental Analyses of Automotive Attack Surfaces” [1] has shown, but facilities are missing. If we continue with cars as the exemplar then let us examine the assumptions underpinning the current maintenance model.

Currently people are expected to bring their cars to a garage at least once a year for preventative maintenance or when something breaks (reactive maintenance). The guaranteed one-visit-per-year is to make sure that the car is roadworthy. How many times a car might break down in a year depends on its age, maintenance and how it is driven, but on average we are talking only a few times, or maybe even less than once a year. Another assumption is that these visits are spread throughout an entire year. People are buying cars all year around, so road-worthiness tests will be done year round. Breaks are also spaced throughout the year in a more or less even distribution.

But these assumptions do not hold if we would have to patch our cars regularly. In that case, cars from one or more manufacturers would have to visit a garage within a short period of time. The closest thing to this scenario for car manufacturers occurs when they issue a recall for a defective part. The last large car recall happened to Toyota in 2010. Because of the large number of cars that needed to be serviced at once, Toyota had to keep their garages open until late and hired additional mechanics in order to cope with the volume. Such large car recalls are not usual (although, cars from all manufacturers are being recalled all the time for various reasons), so all these extra measures are taken with an assumption that things would get back to normal within a short period of time (a few weeks or a month).

However, the “Comprehensive Experimental Analyses of Automotive Attack Surfaces” has shown that today’s cars are very vulnerable and we have just begun to see how the situation looks under the bonnet (pun intended). I certainly would not like for anyone to be able to remotely unlock my car and drive away, or tamper with a braking algorithm so that my brakes fail when I am driving downhill faster than 60km/h. I would certainly like to have these vulnerabilities patched as soon as possible and not have to wait until my next road-worthiness test is due. Besides, at least in the UK, all new cars are exempt from that test for the first three years, so any software issue would remain unpatched for at least that long. So if we were to establish that cars would get patched on a regular basis (e.g. twice a year) we would significantly increase the number of cars visiting garages. This would require garages to hire and maintain more staff, which, consequently, would raise maintenance prices for all of us consumers. Not only that, but the issue with patching would stay with us for a long time. If the software industry in general is any guide, then the picture is not good. We have been patching our operating systems and applications for the last 20-odd years and still there is no end in sight. Cars would be no exception.

What is visible from this example is that we need to rethink our approach to car maintenance. We will be forced to perform more regular maintenance than is currently the case, and the infrastructure to support these changes is not in place. And cars are not the only artifacts affected by this phenomenon. In a not-too-distant future, maybe our air conditioning devices will be connected to the Internet, together with microwave ovens, heaters and gas stoves, along with many other household appliances. And all of them would have to be patched regularly to eliminate security vulnerabilities and other defects. After all, if not operated properly, any of these devices may cause serious damage to the house and to the people living in that house.

[1] Checkoway S. et al., “Comprehensive Experimental Analyses of Automotive Attack Surfaces”, Usenix 2011

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.