{"id":334,"date":"2009-01-08T17:57:17","date_gmt":"2009-01-09T01:57:17","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=334"},"modified":"2009-01-08T17:58:48","modified_gmt":"2009-01-09T01:58:48","slug":"current-event-lexus-to-begin-sending-messages-directly-to-drivers","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/01\/08\/current-event-lexus-to-begin-sending-messages-directly-to-drivers\/","title":{"rendered":"Current Event: Lexus to begin sending messages directly to drivers"},"content":{"rendered":"<p>According to a recent article in <a href=\"http:\/\/www.usatoday.com\/money\/autos\/2009-01-07-lexus-talking-car_N.htm\">USA Today<\/a>, Lexus will begin including new technology to allow the company to send audio messages to the computers present in their cars.  It appears to be similar to an e-mail system, where the user receives messages and can play them at his\/her own discretion.  This inclusion is simply part of an even larger electronic upgrade to the autos, simply known as Enform for now.  While this definitely raises some concerns about how far into our lives marketing messages (i.e. spam) are allowed to be, it&#8217;s even more critical to be worried about what sorts of security measures will be implemented in their system.  <\/p>\n<p><!--more-->If the auto manufacturer has the capability to send messages to drivers, it seems very possible to spoof a Lexus Corporation ID and then send whatever you wish to a car.  Especially considering the <a href=\"http:\/\/www.scmagazineus.com\/Mobile-virus-infects-Lexus-cars\/article\/31715\/\">Bluetooth vulnerability<\/a> of a few years ago, who knows what other security holes the Lexus computer&#8217;s operating system could have.  Altering the car&#8217;s GPS data, planting scamming messages, installing malware, stealing contact data &#8211; all are not immediately life-threatening, but are still great security risks.  Lexus needs to implement strong security to prevent these &#8211; including, but not restricted to, encryption of data transmitted to on-dash computers, limitation of the operating system with regards to file and program permissions, and more basic things like restricting buffer write size and strong password creation and use. <\/p>\n<p>While this isn&#8217;t a security hazard yet, the drive to keep upgrading our existing possessions with computing technology to entice buyers is only a good one if done carefully.  The overall impact of this introduction will ultimately depend on how secure the technology is as well as how many people decide to adopt and use it.  Admittedly, the messaging service is completely optional, but who knows what other services Lexus will bundle together in Enform?  And further from that, what capabilities those services could give malicious hackers?  Lexus needs to secure this system well ahead of time &#8211; and people should adopt this technology with caution and the foreknowledge of possible security hazards.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to a recent article in USA Today, Lexus will begin including new technology to allow the company to send audio messages to the computers present in their cars. It appears to be similar to an e-mail system, where the &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/01\/08\/current-event-lexus-to-begin-sending-messages-directly-to-drivers\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":77,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,1,8],"tags":[],"class_list":["post-334","post","type-post","status-publish","format-standard","hentry","category-current-events","category-miscellaneous","category-policy"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/77"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=334"}],"version-history":[{"count":10,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/334\/revisions"}],"predecessor-version":[{"id":511,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/334\/revisions\/511"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}