The Office of the Australian Privacy Commissioner said that the Commissioner was meeting with representatives from Google this afternoon to discuss Google revelations that it had inadvertently been recording Wi-Fi data.
In a blog over the weekend, Google revealed the company would stop it's Street View cars for the time being after it discovered that the cars had been collecting data from unsecured wireless networks in over 30 countries over the past four years. The Office of the Australian Privacy Commissioner told ZDNet Australia in a statement that the Office could not state its position on the latest revelation until after a meeting with Google representatives this afternoon.
Last week, Electronic Frontiers Australia (EFA) and the Australian Privacy Foundation (APF) sent a joint letter in an email to Google Australia's head of policy Iarla Flynn, asking what Wi-Fi information Google's Street View cars were capturing as they roamed the streets of Australia.
EFA vice-chair Geordie Guy said the weekend's revelations went "a long way" to answering the questions in the letter and said the EFA and APF would now be pushing for an investigation by the Australian Privacy Commissioner.
"Our primary concern is that any information that has been captured that is private information about Australians is destroyed and is verifiably destroyed. It's our belief that the organisation that should be responsible for that is the Australian Privacy Commissioner," he added.
Guy said he would watch Australian Privacy Commissioner Karen Curtis' response with great interest.
"The Privacy Commissioner, when this first came to light, said nothing Google had said had led her to believe anything was amiss," he said.
"We would like to see if the Australian Privacy Commissioner sticks by her original suggestions that nothing is out of the ordinary or if she's now going to jump in there and do something where she was hesitant before."
Guy said Google Australia had not yet responded to the original letter but suggested that he had received an 'out of office' auto-reply indicating that Flynn's silence might be due to being absent.
With computers firmly in control of our cars and connectivity on the rise, car hacking could be the next big security issue. We speak with two researchers behind a paper on automobile and computer security.
A group of researchers from two universities tested their hacking skills on two cars and found that they could remotely lock the brakes, the engine and windows on a car; turn on the radio, heat and windshield wipers; honk the horn; and change the speedometer display.
They were able to do all of that in tests on two cars of unnamed make and model — a Chevrolet Impala is pictured in the paper — by connecting a laptop to the electronic control system and controlling that computer wirelessly using a second laptop in a separate car.
The paper will be presented by researchers at the University of Washington and the University of California at San Diego (USCD) at the IEEE Symposium on Security and Privacy being held in Oakland, California, on Wednesday.
"Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input," the paper says.
We interviewed two of the researchers — Stefan Savage of UCSD and Tadayoshi Kohno of the University of Washington — and talked with them about the tests and what their findings mean for drivers today.
CNET: We'd like to know more about what you did for the research. Did you need to have physical access to the car, or is there a way this could be done remotely?
Stefan Savage: In the paper we didn't focus on the different ways that one could do it. The paper focuses on the question of if someone were able to gain access to the car, how resilient would it be in our scenario? We connected our computer to the on-board diagnostics port — it's standard and is located under the dashboard on the driver's side.
Tadayoshi Kohno: This paper is not focusing on the specific threats. We are focusing on understanding the evolution of cars in the hopes that the industry can protect against adverse things happening in the future.
Savage: If you look at PCs in the early 1990's, they had all kinds of latent software vulnerabilities. It didn't matter so much because PCs were at home and not connected to everything else. Then they were connected to the internet and the latent vulnerabilities were exposed to outside attack. We see cars moving in much the same direction. There is a strong trend to provide pervasive connectivity in cars going forward. It would be good to start working on hardening these systems and providing defences before it becomes a real problem.
Can you give me a scenario where a car would be compromised?
Savage: You could have an adversarial mechanic, or a jealous boyfriend or girlfriend who temporarily has access to the car. They could connect to this component, download onto the car, disconnect and the code could do their bidding. I think at this point these attacks are much more fantastic than a real thing people need to be concerned about today.
Kohno: Today everyone is focusing on web security and botnets. We want to make sure that in five or 10 years we don't add cars to that list.
You have written a tool that enables this type of attack, called CarShark, right?
Kohno: The tool captures a lot of what we did. It's a software tool we wrote. It runs on a computer that plugs into the OBD-II (On-Board Diagnostics II) port and it can sniff (and inject) packets on the network.
Couldn't someone use that tool to compromise a car?
Savage: We're not releasing it.
But there are ways to do this remotely, right?
Savage: We're trying to find a balance in the research. We're not interested in taking an alarmist tone. We purposely are not focusing on that aspect here. Can I imagine it's doable? Yes. In the end it's all software, and software on your car is not fundamentally different from software on your PC.
Do you think anyone is actually doing anything like this, other than for legitimate research purposes?
Kohno: We have no reason to believe this is an issue today. One of our goals is to stay ahead of the bad guys before the threats really do manifest.
A Chevy Impala is jacked up, ready for some electronic control unit (ECU) hacking.
(Credit: Experimental Security Analysis of a Modern Automobile)
Have you talked to the car manufacturers about this?
Savage: We talked with the appropriate parties, which we can't name.
Did they take this seriously or dismiss it?
Savage: Everyone we've talked to has taken it seriously and been very positive.
Anything else you would like to add?
Kohno: It's a changing world of technology. Often when people hear the word "computer" they associate it with the meaning of laptop or desktop. And one of the things we'll see in the future is computer devices integrating themselves both literally and figuratively into our world. There will be computers integrated into cars, medical devices, homes and the smart grid. And I think that we need to be proactively thinking about security issues, not just on the desktops with botnets and web browsing, but think about where our computers will be in the future and what we can do today to protect them. This research on cars is part of that.
Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications.
For more news like this, make sure to check out my other blogs also:
http://andredicioccio1977.wordpress.com/
I didn't plan to pick a fight with Steve Jobs last night. It just sort of happened: An iPad advertisement ticked me off; I sent the Apple CEO an angry email; he told me about "freedom from porn."
The electronic debate proceeded from there.
Of course, there was a bit more to it than that. There's the context: Jobs'legal fight with my employer Gawker Media, over the handling of an iPhone prototype; mylong-simmering worries about Apple's growingpower to limit self expression through its lockdown on iPad apps; and the fact that my wife, who might normally (and quite sensibly) veto the idea of spending Friday night sending email flames, was out of town.
So in retrospect I was primed to lash out. But there was some serendipity too: Watching a new episode of 30 Rock on my digital video recorder, I somehow failed to skip over an Apple ad I'd never seen before, one that billed the iPad as nothing less than "a revolution." You can see an excerpt of the ad at the bottom of this post.
With a Stinger cocktail at my side, I dashed off a short, pointed question to Jobs' well-known email address.
A few hours later—after midnight here in California—he got back to me. And I got back to him. And so on.
I didn't identify myself as a writer for Gawker in my initial email, sent from myryantate.com email address. But, as you'll see in the exchange below, I eventually made my affiliation clear, and Jobs didn't seem bothered. Between that and the fact that Jobs regularly uses emails to disclose new information to the public, knowing full well recipients now regularly make the exchanges public, I feel fine reproducing the thread below.
It's a feisty discussion, as you'll see. And heated, especially on my part.
Rare is the CEO who will spar one-on-one with customers and bloggers like this. Jobs deserves big credit for breaking the mold of the typical American executive, and not just because his company makes such hugely superior products: Jobs not only built and then rebuilt his company around some very strong opinions about digital life, but he's willing to defend them in public. Vigorously. Bluntly. At two in the morning on a weekend.
As much as Jobs and his actions anger me, and as harsh as I was to him, I came away from the exchange impressed with his willingness to engage.
Some notes on the actual content follow after the emails. Click any message to enlarge:
A few notes on the emails:
And here is the end of the iPad commercial that set me off:
Send an email to Ryan Tate, the author of this post, at ryan@gawker.com.
