HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Blogs
Electronics News

Are Automotive 'Black Boxes' Secure?

NO RATINGS
View Comments: Threaded|Newest First|Oldest First
naperlou
User Rank
Blogger
Legal issues
naperlou   12/21/2012 9:43:02 AM
NO RATINGS
Chuck, having some way to detect tampering would be a good first step.  This is difficult, though.  The first time that this data was used in a legal proceeding, if there were not more safeguards, it would be challenged as not being secure.  Another big concern is the one you point out in the article.  If the data were tampered with on a large scale, it would be scientifically useless.  One would have to develop a tampering model to estimate the effect.  Safeguards would be a much better solution.

bob from maine
User Rank
Platinum
Re: Legal issues
bob from maine   12/21/2012 2:57:02 PM
NO RATINGS
Crash reconstruction is not the only reason people would want to change the data contents. There is a huge industry in reconstructing titles, ie repairing totaled vehicles for re-sale and it is not in their interest to leave data showing how the vehicle was initially totalled or whether the air-bag deployed. Also, rental companies are already using data recorders to fine drivers for exceeding the speed limit. Following the "Do someting, even if it is wrong" governmental approach I wonder how this recorded data would be used to save lives as opposed to penalizing those who do not operate per the "approved" model. Once the data is stored, what limits do you suppose will be placed upon it's retrieval?

kenish
User Rank
Platinum
Re: Legal issues
kenish   12/26/2012 1:50:51 PM
I first learned about EDR's around 2005.  A friend was retrieving data from crashed vehicles as a growing part of his consulting business.  His clients were insurance companies.  We agreed to disagree who owned the data...it was usually collected without the knowledge of the car owner.

California subsequently passed a law that EDR data belongs to the owner and cannot be retrieved without consent or a search warrant.  But my auto policy makes me agree to cooperate and provide anything requested as part of a claim...so they essentially have free access to EDR data.

A good feature of EDR's would be a near-field RF sensor to detect cell phone use in the driver's seat position.

The other side of the coin is the data could prove a driver *not* at fault.

TJ McDermott
User Rank
Blogger
Re: Legal issues
TJ McDermott   12/23/2012 8:46:09 PM
NO RATINGS
The whole business smells slightly fishy.  HOW exactly is this data going to save lives?  WHO is truly going to have access?  WHEN can the black box be polled?  The security of the data is almost secondary.

Another important question is exactly WHO is behind this initiative?  Do you get the feeling the insurance industry is not a disinterested party?

When you read of misbehavior such as this:

http://mattfisher.tumblr.com/post/29338478278/my-sister-paid-progressive-insurance-to-defend-her

It's hard to trust the industry.

Think about it.  If you or a loved one were in a motor vehicle accident, is the first action you take to defend the integrity of the vehicle's black box?  No, you're focused on the injuries and well-being of the person involved.

The wreckage gets towed away, maybe to an impound lot.  By the time you get around to thinking about the black box (if you even know there is one), police and insurance company both have probably recorded its contents.

The data COULD be used to help diagnose a design/manufacturing flaw for recall, but there's already a pretty good process in place.

NadineJ
User Rank
Platinum
Re: Legal issues
NadineJ   12/24/2012 2:01:10 PM
NO RATINGS
It's very likely that the info will be sold to marketing professionals.  That's one of the largest revenue streams for successful companies today.

Someone will figure out how to use the data to sell more stuff.

tekochip
User Rank
Platinum
Re: Legal issues
tekochip   12/26/2012 9:29:13 AM
NO RATINGS
It's sad, but it seems that everything is up to the highest bidder.  The Black Box information will probably be sold to the highest bidder and the lawmakers that should protect us will, instead, pass laws to protect the highest bidder.


Charles Murray
User Rank
Blogger
Re: Legal issues
Charles Murray   1/2/2013 6:13:23 PM
NO RATINGS
You raise a bunch of good points, TJ. One, quite notably, is "who is behind this initiative?" If you consider that 96% of vehicles already have the technology, and the manufacturers did so without the prodding of a mandate, it tells you a lot.  

abcset123
User Rank
Iron
Automotive Black Boxes
abcset123   12/21/2012 10:59:42 AM
NO RATINGS
CHUCK, your fine article points out serious common sense security issues that need to be addressed and resolved before the USDOT mandates EDR technology.   If they continue to duck these issues consumers will be test dummies and may react with a backlash to this life saving technology.  Seems to me like the IEEE did the heavy lifting up to this point.  Kudos to them. What few people know is that NHTSA had been asked to act a few times already but they lack the congressional mandate to deal with privacy and consumer protection issues.  Instead they express crocodile tears and pass the issue on to the states.

William K.
User Rank
Platinum
Data in crash recorders
William K.   12/26/2012 11:40:19 AM
NO RATINGS
It should be possible to add some hardware to the recorder to disable writing or erasing of the data after some set of inputs is sensed. This could be as simple as shutting off the memory write control lines shortly after the airbags deploy. It would need to be done in hardware because all software is suspect, and most of it can be hacked around. But using a hardware lock that would be obvious if t were defeated would be a workale approach. The next step would be a federal law making the use of the data as a marketing tool into a federal felony. But probably our morally corrupt lawmakers would resist that part. But disabling every function except the READ function, by means other than software, should be a very good first step.

rathomas
User Rank
Iron
Re: Data in crash recorders
rathomas   12/27/2012 11:24:39 AM
NO RATINGS
I like this idea and the technology has already existed for quite some time, though generally used for the opposite effect - disabling reads from a programmed device (ROM, microcontroller ROMs) to protect IP.  This has also been done in a non-desctructive way where memory read/write can be re-enabled, but only after erasing the contents. 

) Take that existing tech, repurposed to write-protecting the memory

) add in on-board logic that monitors the sensor values of interest and locks the memory to read-only after a catastrophic event was detected

) possibly add the ability to re-enable writes (so the hardware could be reused), but only after incrementing a non-resetable, non user-writable counter that indicates writing was enabled after a catastrophic event.

nyeng
User Rank
Gold
Re: Data in crash recorders
nyeng   12/30/2012 1:21:07 PM
NO RATINGS
I'm all for software that allows you to erase the info.  That information will never help you.  It's there to let the government fine you or your insurance company to raise your rates.  Whatever they'll feed you about the data being helpful to science and there to save lives is a bunch of BS.

bobjengr
User Rank
Platinum
BLACK BOXES
bobjengr   12/26/2012 1:39:13 PM
NO RATINGS
If the data was used to improve the safety aspects of an automobile I would be all for implementation but, we all know that is probably not the intent.  I hate to be the one wearing the "tin-foil" hat but, I don't trust the FED and certainly not the insurance industry.  As mentioned previously, agencies will find a way to profit from the information; probably at the expense of the individual driver.  The data is only as safe as the individual(s) looking at it.  Just about everything now days is up for sale.  Who is to say charges will not be brought after the fact when the "black boxes" indicate which driver was the cause of an accident—even a single car accident?  I would love to know also the fine, if any, for disabling the     "black box".   This fact would definitely show intent.

Kirk McLoren
User Rank
Silver
Re: BLACK BOXES
Kirk McLoren   12/26/2012 2:21:53 PM
I expect we will see the day when your insurance agent plugs into your car and sees a year of data as to speeding etc. You will be rated on the spot. Progress, isn't it wonderful?

robatnorcross
User Rank
Gold
Re: BLACK BOXES
robatnorcross   12/26/2012 5:52:08 PM
NO RATINGS
Engineers have only themselves to blame for developing crap like this. No matter what you make the bean counters (and politicians) will put it to "un-intended consequences".

To quote (somewhat) one of the inventors of radar at MIT during WW2 "we had  better hope the cops don't find out about this"

Sturat
User Rank
Iron
Re: BLACK BOXES
Sturat   1/22/2013 11:08:42 AM
NO RATINGS
Being one of the engineers that worked on the initial development of this technology, it's amusing to read some of the comments from people who have little knowledge of what has already been implemented. The standard for airbag crash sensing systems is 0.99995 with 95% reliability - and you can imagine the amount of testing that is required to achieve that standard. In the early days of electronic crash sensing, when the technology was evolving from electromechanical sensing, engineers needed field data to validate the crash sensing algorithms, and to datamine relevant data for further algorithm development. The technology was developed to record only deployment events and near-deployment events, and to lock the data securely after a deployment event. The data was passively collected from barrier tests, taxi cab, police car, and rental car fleets and was used to validate the system before it ever got approval for use in passenger vehicles. Our families ride in the vehicles with the systems we design.

I guess in your line of engineering, design validation and continuous improvement by collection of field data is to be considered "crap"?  Remind me what products you develop so I can avoid them.

That being said, once the technology is developed, the toothpaste is out of the tube, and bean counters and polticians abusing it can only be prevented by informed and active citizens. The government has no business using this data to incriminate individuals a priori, and should only be made available as subject to a warrant as provided in our 4th Amendment protections, until that goes away along the lines that the 9th, 10th, and 2nd Amendments are being assaulted today.

NadineJ
User Rank
Platinum
Re: BLACK BOXES
NadineJ   12/26/2012 6:08:38 PM
NO RATINGS
Kirk-That already exists.  It's advertised as a "nifty" way to lower your rates for being a safe driver.  You have to opt in...for now.

Charles Murray
User Rank
Blogger
Re: BLACK BOXES
Charles Murray   1/2/2013 6:16:04 PM
NO RATINGS
If you're wearing a "tin foil hat," bobjengr, then there's a lot of us wearing the same hat.

Charles Murray
User Rank
Blogger
Re: BLACK BOXES
Charles Murray   1/10/2013 10:02:40 PM
NO RATINGS
For those who care to learn more, here's a link to NHTSA's event data recorder research web site:

http://www.nhtsa.gov/Research/Event+Data+Recorder+(EDR)/Welcome+to+the+NHTSA+Event+Data+Recorder+Research+Web+site

William K.
User Rank
Platinum
Black boxes and their abuse potential:Whose fault?
William K.   12/27/2012 10:41:30 PM
NO RATINGS
DO NOT blame all engineers for the creation of this concept and package. I may have been the first to suggest something, but my idea was a system to record seatbelt usage, the idea was that if occupants wee not wearing their belts that the insurance company would not need to pay anything. I still think that it would be a very effective incentive towards belt use. It would allow freedom of choice, but of course it would not allow freedom from consequences. But it does not ever seem to have been taken seriously.

GeoOT
User Rank
Silver
Black box big and little brother
GeoOT   12/30/2012 2:13:45 PM
NO RATINGS
The issues brought up here need to be sorted out and fast.  The technology (e.g. OnStar) is upon us so that no physical contact with the vehicle is necessary in order to suck out the memory contents of a VDR.  We can still buy a car that doesn't have a VDR but that is going away soon.  How long will it be before cars will be required to have a cellular based wireless data connection.  When that cuts in the vehicle owner will be the LAST person in the data access permission chain.

g-whiz
User Rank
Gold
More big brother
g-whiz   1/4/2013 10:03:36 AM
NO RATINGS
   This has nothing to do with saving lives or public safety. Follow the money, folks. This is all about about making sure the proper party gets blamed and they are sued to the hilt. They only want to make sure the data can't be tampered with so it will stand up in court.


   As has already happened (i.e. rental car companies), data will be collected about where and how fast you were going (via GPS) for the purpose of revenue collection. You will simply get a speeding ticket in the mail informing you of the infraction. Again, its just money folks. "Public safety" is just a smoke screen to make the program appear palatable.

tekochip
User Rank
Platinum
Re: More big brother
tekochip   1/11/2013 11:25:47 AM
NO RATINGS
I couldn't agree more.

Partner Zone
More Blogs from Electronics News
The American motorcycle is enjoying a mini-renaissance today, as the recent success of bike manufacturers Harley-Davidson, Indian Motorcycle, and Victory Motorcycles, among others, amply indicate.
The question of whether engineers could have foreseen the shortcut maintenance procedures that led to the crash of American Airlines Flight 191 in 1979 will probably linger for as long as there is an engineering profession.
More than 35 years later, the post-mortem on one of the country’s worst engineering disasters appears to be simple. A contractor asked for a change in an original design. The change was approved by engineers, later resulting in a mammoth structural collapse that killed 114 people and injured 216 more.
If you’re an embedded systems engineer whose analog capabilities are getting a little bit rusty, then you’ll want to take note of an upcoming Design News Continuing Education Center class, “Analog Design for the Digital World,” running Monday, Nov. 17 through Friday, Nov. 21.
It’s time once again for the Annual Design News Science and Engineering Movie Contest, which names no winners, awards no prizes, isn’t really a contest, and appears every three years or so.
Design News Webinar Series
12/11/2014 8:00 a.m. California / 11:00 a.m. New York
12/10/2014 8:00 a.m. California / 11:00 a.m. New York
11/19/2014 11:00 a.m. California / 2:00 p.m. New York
11/6/2014 11:00 a.m. California / 2:00 p.m. New York
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Dec 15 - 19, An Introduction to Web Application Security
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  67


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service