The National Highway Traffic Safety Administration (NHTSA) proposed a rule this month ordering automakers to put so-called "black boxes" in all new vehicles by late 2014, but some experts are concerned that the new rule won't protect the security of the data stored inside.
A member of a working group at the Institute of Electrical and Electronics Engineers (IEEE) has cited problems with the new rule because electronic data recorders (EDRs, also known as "black boxes") could reportedly be accessed by anyone who wants to tamper with data after an accident. "We're all for event data recorders," Tom Kowalick, chairman of the IEEE Global Standards for Motor Vehicle EDRs and an author of seven books on EDRs, told Design News. "But we're also for some kind of basic consumer protection."
Kowalick contends that numerous companies already make software-based solutions for downloading and altering data after a crash. "Last time I looked, there were 23 companies making products that allow someone to erase your crash data," Kowalick told us.
An IEEE working group says that event data recorders won't maintain security of vehicle crash data. (Source: Tom Kowalick/AirMika Inc.)
Today, data can be easily collected with legitimate data retrieval systems that link up to a vehicle's onboard diagnostics (OBD-II) connector. Devices such as Bosch Diagnostics' Crash Data Retrieval systems make data accessible to professionals -- automakers, insurance investigators, accident reconstruction experts, and law enforcement agencies -- using the right software tools.
But Kowalick worries that the methodology leaves an opening for aftermarket products specifically targeted at tampering with the data. A simple search on YouTube using the terms "erase crash data" reveals numerous software products aimed at erasing or changing EDR data, he said. Some of those YouTube videos show tens of thousands of hits. Those systems, he said, enable others to change such data as wheel speed, engine speed, throttle position, steering wheel angle, airbag deployment, or other parameters after an accident has occurred. "Why would 100,000 people be looking at this?" Kowalick asked us. "Don't you think it's possible that someone is buying this software and using it?"
NHTSA's proposed mandate calls for all light passenger vehicles to install EDRs, beginning Sept. 1, 2014. A press release on the agency's website explains that the installed devices would only monitor such parameters as vehicle speed, brake usage, crash forces, throttle position, seat belt usage, and air bag deployment, among others. It added that the devices, which are now installed in as many as 96 percent of new cars, would not monitor personal identifying information. NHTSA did not respond to calls from Design News regarding data security issues, however.
Kowalick told us that he wants NHTSA to incorporate a set of IEEE standards (IEEE1616 and IEEE1616a) into its EDR description. The standards call for EDRs to use 86 additional data elements that reportedly aren't called out in NHTSA's description.
Kowalick also proposes addition of a mechanical lockout device that would help prevent data tampering. He is founder of a company called AirMika Inc. that makes an automotive cybersecurity lock.
Kowalick emphasized that the IEEE is not against the proposed NHTSA mandate. "There's no going back now -- the toothpaste is out of the tube," he said. "We're just saying that the data should be secure at the time of the crash, so it will still have scientific value."
CHUCK, your fine article points out serious common sense security issues that need to be addressed and resolved before the USDOT mandates EDR technology. If they continue to duck these issues consumers will be test dummies and may react with a backlash to this life saving technology. Seems to me like the IEEE did the heavy lifting up to this point. Kudos to them. What few people know is that NHTSA had been asked to act a few times already but they lack the congressional mandate to deal with privacy and consumer protection issues. Instead they express crocodile tears and pass the issue on to the states.
Chuck, having some way to detect tampering would be a good first step. This is difficult, though. The first time that this data was used in a legal proceeding, if there were not more safeguards, it would be challenged as not being secure. Another big concern is the one you point out in the article. If the data were tampered with on a large scale, it would be scientifically useless. One would have to develop a tampering model to estimate the effect. Safeguards would be a much better solution.
We recently posted an online slideshow called, “18 People You Didn’t Know Were Engineers.” Within hours of its publication, readers began to suggest names of other luminaries -- astronauts, politicians, athletes and actors -- who were educated or had worked as engineers.
In yet another sign that hydrogen is creeping into the consciousness of global automotive designers, sports car maker Aston Martin plans to run a hydrogen-fueled vehicle in a 24-hour Grand Touring race later this month.
One of the ugly truths of engineering is that life has a price. Cars, buildings, power plants, and industrial machinery can always be made safer for a cost, but manufacturers are at the mercy of the market.
Front-seat television technology is beginning to creep into the worldwide automotive market, but regulators, automakers, and suppliers say it’s unlikely to take hold in the US.
From Dell / Intel® New Paradigms in Design Work Scott Hamilton, vertical market strategist for Dell Precision workstations, 5/2/2013 3
Early in my career, I worked as a draftsman and remember the days of drawing on vellum with numbered pencils and Mylar with plastic lead. This was a fun experience in the sense that I ...
I've been using workstations for more than 10 years and love finding ways to get more performance from my system. With demanding professional applications that require more power each ...
A lasting memory from my first job as an engineer in an auto assembly plant is standing on hard concrete at six in the morning, vending-machine coffee clutched in hand, listening to ...
A quick look into the merger of two powerhouse 3D printing OEMs and the new leader in rapid prototyping solutions, Stratasys. The industrial revolution is now led by 3D printing and engineers are given the opportunity to fully maximize their design capabilities, reduce their time-to-market and functionally test prototypes cheaper, faster and easier. Bruce Bradshaw, Director of Marketing in North America, will explore the large product offering and variety of materials that will help CAD designers articulate their product design with actual, physical prototypes. This broadcast will dive deep into technical information including application specific stories from real world customers and their experiences with 3D printing. 3D Printing is
To save this item to your list of favorite Design News content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
23 
