The National Highway Traffic Safety Administration (NHTSA) proposed a rule this month ordering automakers to put so-called "black boxes" in all new vehicles by late 2014, but some experts are concerned that the new rule won't protect the security of the data stored inside.
A member of a working group at the Institute of Electrical and Electronics Engineers (IEEE) has cited problems with the new rule because electronic data recorders (EDRs, also known as "black boxes") could reportedly be accessed by anyone who wants to tamper with data after an accident. "We're all for event data recorders," Tom Kowalick, chairman of the IEEE Global Standards for Motor Vehicle EDRs and an author of seven books on EDRs, told Design News. "But we're also for some kind of basic consumer protection."
Kowalick contends that numerous companies already make software-based solutions for downloading and altering data after a crash. "Last time I looked, there were 23 companies making products that allow someone to erase your crash data," Kowalick told us.
An IEEE working group says that event data recorders won't maintain security of vehicle crash data. (Source: Tom Kowalick/AirMika Inc.)
Today, data can be easily collected with legitimate data retrieval systems that link up to a vehicle's onboard diagnostics (OBD-II) connector. Devices such as Bosch Diagnostics' Crash Data Retrieval systems make data accessible to professionals -- automakers, insurance investigators, accident reconstruction experts, and law enforcement agencies -- using the right software tools.
But Kowalick worries that the methodology leaves an opening for aftermarket products specifically targeted at tampering with the data. A simple search on YouTube using the terms "erase crash data" reveals numerous software products aimed at erasing or changing EDR data, he said. Some of those YouTube videos show tens of thousands of hits. Those systems, he said, enable others to change such data as wheel speed, engine speed, throttle position, steering wheel angle, airbag deployment, or other parameters after an accident has occurred. "Why would 100,000 people be looking at this?" Kowalick asked us. "Don't you think it's possible that someone is buying this software and using it?"
NHTSA's proposed mandate calls for all light passenger vehicles to install EDRs, beginning Sept. 1, 2014. A press release on the agency's website explains that the installed devices would only monitor such parameters as vehicle speed, brake usage, crash forces, throttle position, seat belt usage, and air bag deployment, among others. It added that the devices, which are now installed in as many as 96 percent of new cars, would not monitor personal identifying information. NHTSA did not respond to calls from Design News regarding data security issues, however.
Kowalick told us that he wants NHTSA to incorporate a set of IEEE standards (IEEE1616 and IEEE1616a) into its EDR description. The standards call for EDRs to use 86 additional data elements that reportedly aren't called out in NHTSA's description.
Kowalick also proposes addition of a mechanical lockout device that would help prevent data tampering. He is founder of a company called AirMika Inc. that makes an automotive cybersecurity lock.
Kowalick emphasized that the IEEE is not against the proposed NHTSA mandate. "There's no going back now -- the toothpaste is out of the tube," he said. "We're just saying that the data should be secure at the time of the crash, so it will still have scientific value."
Engineers have only themselves to blame for developing crap like this. No matter what you make the bean counters (and politicians) will put it to "un-intended consequences".
To quote (somewhat) one of the inventors of radar at MIT during WW2 "we had better hope the cops don't find out about this"
I like this idea and the technology has already existed for quite some time, though generally used for the opposite effect - disabling reads from a programmed device (ROM, microcontroller ROMs) to protect IP. This has also been done in a non-desctructive way where memory read/write can be re-enabled, but only after erasing the contents.
) Take that existing tech, repurposed to write-protecting the memory
) add in on-board logic that monitors the sensor values of interest and locks the memory to read-only after a catastrophic event was detected
) possibly add the ability to re-enable writes (so the hardware could be reused), but only after incrementing a non-resetable, non user-writable counter that indicates writing was enabled after a catastrophic event.
DO NOT blame all engineers for the creation of this concept and package. I may have been the first to suggest something, but my idea was a system to record seatbelt usage, the idea was that if occupants wee not wearing their belts that the insurance company would not need to pay anything. I still think that it would be a very effective incentive towards belt use. It would allow freedom of choice, but of course it would not allow freedom from consequences. But it does not ever seem to have been taken seriously.
I'm all for software that allows you to erase the info. That information will never help you. It's there to let the government fine you or your insurance company to raise your rates. Whatever they'll feed you about the data being helpful to science and there to save lives is a bunch of BS.
The issues brought up here need to be sorted out and fast. The technology (e.g. OnStar) is upon us so that no physical contact with the vehicle is necessary in order to suck out the memory contents of a VDR. We can still buy a car that doesn't have a VDR but that is going away soon. How long will it be before cars will be required to have a cellular based wireless data connection. When that cuts in the vehicle owner will be the LAST person in the data access permission chain.
You raise a bunch of good points, TJ. One, quite notably, is "who is behind this initiative?" If you consider that 96% of vehicles already have the technology, and the manufacturers did so without the prodding of a mandate, it tells you a lot.
This has nothing to do with saving lives or public safety. Follow the money, folks. This is all about about making sure the proper party gets blamed and they are sued to the hilt. They only want to make sure the data can't be tampered with so it will stand up in court.
As has already happened (i.e. rental car companies), data will be collected about where and how fast you were going (via GPS) for the purpose of revenue collection. You will simply get a speeding ticket in the mail informing you of the infraction. Again, its just money folks. "Public safety" is just a smoke screen to make the program appear palatable.
A new book by Thomas Edison's great-grandniece takes on the notion that he was a lone-wolf inventor and replaces it with an image of a man who ascribed great value to the ideas of colleagues.
In response to rising interest in autonomous vehicles, the federal government has called upon states not to authorize operation of self-driving cars, except for the purpose of testing.
With LEDs dropping in price virtually every year, automakers have begun employing them, not only on luxury vehicles, but on entry-level models, as well.
Using almost 200 light-emitting diodes in the front and back of the new 2014 CTS, Cadillac designers are showing how LEDs can change the character of a vehicle.
From Dell / Intel® New Paradigms in Design Work Scott Hamilton, vertical market strategist for Dell Precision workstations, 5/2/2013 5
Early in my career, I worked as a draftsman and remember the days of drawing on vellum with numbered pencils and Mylar with plastic lead. This was a fun experience in the sense that I ...
I've been using workstations for more than 10 years and love finding ways to get more performance from my system. With demanding professional applications that require more power each ...
A lasting memory from my first job as an engineer in an auto assembly plant is standing on hard concrete at six in the morning, vending-machine coffee clutched in hand, listening to ...
For industrial control applications, or even a simple assembly line, that machine can go almost 24/7 without a break. But what happens when the task is a little more complex? That’s where the “smart” machine would come in. The smart machine is one that has some simple (or complex in some cases) processing capability to be able to adapt to changing conditions. Such machines are suited for a host of applications, including automotive, aerospace, defense, medical, computers and electronics, telecommunications, consumer goods, and so on. This radio show will show what’s possible with smart machines, and what tradeoffs need to be made to implement such a solution.
To save this item to your list of favorite Design News content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
23 
