Fiat/Chrysler - recalled 1.4M cars, estimate 80+% will get fixed.
Tesla - pushed an OTA update, done.
That pretty much paints the future of "smart software" in cars.
That said, every science fiction book I've ever read where vehicles could be patched over the air, has been been used as a plot device and gone badly for the hero of the story. Interesting times indeed.
Has there been an incident where an OTA mechanism resulted in something bad? (E.g., MITM attack pushes down evil bits)
It could be argued that the existence of an OTA mechanism incentivizes lower quality (RTM patches); I'd counter that it might do so in the short term only, although I have no data.
If you read the Wired article I linked earlier you'll see that this is indeed a concern since the updates aren't signed. Tesla is relying on the two way verification of their VPN that is used to communicate between the car and Tesla to validate the software.
This at least prevents a MITM or a malicious actor from hijacking DNS, etc - since the car effectively ensures it's at least talking WITH Tesla. This doesn't prevent a malicious employee from gaining access to the update server and pushing out an update, but you're going to have to worry about that regardless.
This doesn't prevent a malicious employee from gaining access to the update server and pushing out an update, but you're going to have to worry about that regardless.
I'm pretty sure that if your car isn't connected in the first place, so that its essential control systems can't be updated remotely by a single malicious actor like that, then this isn't a significant concern.
Thought experiments are fun, but I am coming to a different conclusion. I agree that it changes the risk analysis, but I don't think that it's necessarily for the worse. Performance doesn't necessarily improve under pressure, and extreme risk aversion can cause some funny side effects - for instance working around known bugs rather than risk correcting them.
Is there any data to support the "only possible result" that you conclude? Or, maybe examples of high-quality software that doesn't have any kind of high-frequency automatic update mechanism?
It's pretty well-accepted that OTA updates for games lowered quality across the board.
Anecdotally, I've seen the same in general software.
Traditional product recalls are very expensive, but they centralize costs on the manufacturer, and disperse much smaller individual costs across all consumers. In doing so, they incentivize manufacturers to not screw up.
OTA externalizes costs to consumers, increasing their individual cost through the disruption of more regular updates and regressions, security issues, etc, while decreasing the manufacturers costs dramatically.
This -- surprise! -- incentivizes shipping crap.
Long-term manufacturers can lose brand goodwill due to shipping a buggy product, but if everyone is shipping crap, it's not like consumers have a choice or even particularly high expectations.
The Wired article notes that they could install a remote backdoor so they could later effect the car over the network.
There was also this problem:
> But they also found that the car’s infotainment system was using an out-of-date browser, which contained a four-year-old Apple WebKit vulnerability that could potentially let an attacker conduct a fully remote hack to start the car or cut the motor. Theoretically, an attacker could make a malicious web page, and if someone in a Tesla car visited the site, could gain access to the infotainment system.
But you're right it's not like FCA, because this happened:
> The company also engineered the car to handle sudden power loss in a graceful way. If power to the car were cut while the vehicle was in motion, the hand brake would kick in, and the car would lurch to a stop if it was traveling 5 miles per hour or less. It would go into neutral if traveling faster than this. But the driver would still retain control of the steering and brakes and be able to pull the car over. The airbags also would still be fully functional.
Tesla put thought into it. They designed their system with failsafes to minimize risk (to a degree) if the system got hacked. It's not perfect but it's a hell of a lot better than nothing.
It is isolated on a separate CPU for the infotainment system. However, that same system hosts the UI to configure the drive system (suspension height, range/power tradeoffs, traction control) so if you pwn the infotainment system you can attack the drive system over the car's internal Ethernet.
I wish they'd drop the browser in the dashboard. It's not a very good browser (sluggish, doesn't play audio or video), so despite the large screen it's better to just use my phone. And it's a huge attack surface.
Parenthetically, it's a sad state of affairs, certainly not what early web folks expected, that making a browser is so difficult that only 2 huge companies can make even sort-of-acceptable ones that still require constant bugfixes.
It's interesting that the Mozilla foundation, as part of a project to create a new rendering engine for Firefox (servo), determined that they needed a new programming language in order to do it right and produced rust.
Sounds like Tesla worked with these guys to patch this for all owners before it was disclosed. And they hired Chris Evans from Chrome/Project Zero to lead security. To me those are signals that they take this seriously.
If they took this seriously, they wouldn't have their cars connect to anything, or at the very least, the connected parts would be fully air-gapped.
How is it that we can be repeating the exact same mistakes made in software over the past 40 years, without anyone questioning whether the dangers of cloud-enabling cars is remotely justified by the features provided?
What makes you think that nobody is questioning it? I'm sure some people are, but the fact that informed consumers are purchasing these cars speaks for itself.
1) The features provided by Tesla extend far beyond those provided by "cloud-enablement"; the fact that "informed consumers" are buying the cars does not indicate that their purchasing decision came down to isolating cloud-enablement relative to cloud-features.
2) Your hypothetical informed consumers don't really exist, unless the only people buying cloud-enabled cars are computer scientists.
1) Sure - it's one factor among many in the purchasing decision. Never said otherwise. It would also be incorrect to assume that this was not a factor at all.
2) Ever looked at a tech company parking lot in South Bay? A lot of people with CS background are buying the Model S. Not all buyers are computer scientists but informed buyers most definitely do exist.
How do we know how well-informed or otherwise the people purchasing these vehicles are? There are relatively few people in the world who fully appreciate the implications of security issues and who can make rational risk assessments and take reasonable measures to limit those risks.
Of course, even being informed isn't going to help if this sort of poorly secured connectivity becomes the norm for new vehicles, which seems to be happening disturbingly quickly. If you rely on the independence offered by having a car but all cars have similar dangers, you might have only bad alternatives to choose between, but they're still bad.
[Edit: That last sentence was ambiguous. My intended meaning was that the alternatives to using a car at all might also be bad, for example incurring significant costs and disruption moving to live somewhere with viable public transport instead.]
> anyone questioning whether the dangers of cloud-enabling
So let me get this straight ...
They were able to plug in a laptop into the car and gain control. In fact, physical access is necessary.
Tesla used the cloud connected features to update the software, removing the physical vulnerability.
Yes, the connected nature of the car is an attack vector. But it seems there are other attack vectors which are far worse and the connected nature can be used to protect the vehicle.
Yes, the connected nature of the car is an attack vector. But it seems there are other attack vectors which are far worse and the connected nature can be used to protect the vehicle.
We need to be careful with this kind of risk assessment.
If Microsoft or Google messes up a Windows or Chrome update that is automatically installed, or a malicious actor compromises the update mechanism, maybe a few thousand PCs belonging to people who accepted the risk get broken and there will be some hassle restoring normal functionality afterwards.
If a car manufacturer messes up a firmware over-the-air update that is automatically installed, or a malicious actor compromises the update mechanism, maybe a few thousand cars belonging to people who accepted the risk get run into walls at 100mph.
It is far from clear that providing a mechanism for remotely initiated updates of fundamental system software is a win in this context. As we've seen with automatically updating PC software in recent years, not all updates work as intended, and as we've seen with modern malware, reprogrammable firmware is not always a blessing.
In first place let's frankly say that interconnecting entertainment system with anything that affects safety is dump idea. They top-notch security professionals should know that.
I was developing entertainment system for Volkswagen's cars a while ago. At the time their cars have several networks interconnected with a simple firewall. They were separated into domains, if I remember correctly it was core (engine, steering wheel), first level (reporting, airbags, etc.), second level (opening windows, etc.), and then entertainment system.
The firewall was one-way. Systems on lower level are able to intercept some messages from higher levels, but are unable to send anything to higher level (with some exception between core and first level). That also means that the entertainment system is unable to open/close windows for example - you have physical buttons for that.
It was a while ago and my memory is rusty. But you get the idea that car systems can be build securely with competent engineers.
I'm not sure if it was the case here, but Tesla has an over-the-air update channel, allowing to adjust overall performance envelope including acceleration, braking and suspension via update from the mothership. As long as you allow for that feature, the penetration vector is unavoidable and can't be engineered away.
I think it's telling that this is the kind of comment that's voted up.
Jeep remote exploit: "OMG, are you kidding, what kind of idiots would even allow this to be a possibility? Car control systems remotely accessible, etc?"
Tesla: "Kudos to Tesla for taking this seriously and working on it."
Tesla seems much better prepared to deal with this than most car manufacturers. A downloadable update is a world away from the recall Chrysler had to issue.
True. However, Tesla owners have to accept an 'always on' car, sharing who-know-what with Tesla over its cellular connection. Is there any way to just get OTA updates without giving away personal data (like location) to the company?
I meant that seriously--any functionality which can update the firmware can, by definition, remove your ability to tell that it's doing other things, too. See also "Reflections on Trusting Trust".
EDIT2:
And another downvote. Some people are absurd and clearly don't understand what is a completely reasonable comment about the nature of the security here.
It's not, "How would you (somebody unskilled in these things, snarf snarf, mere mortal compared to angersock) know (anything about this)?".
It's, "How would you (consumer without access to the source code being deployed) know (given that the machine can be made to fake output to whatever is most likely to make you think it's behaving normally)?"
I didn't read it that way at all. I read it as "how would you [any consumer] know if personal data was being shared?" not "how would you [comment op] if personal data was being shared?"
* Telematics Log Data: To improve our vehicles and services for you, we collect certain telematics data regarding the performance, usage, operation, and condition of your Tesla vehicle, including the following: vehicle identification number, speed information, odometer readings, battery use management information, battery charging history, electrical system functions, software version information, infotainment system data, safety‐related data (including information regarding the vehicle’s SRS systems, brakes, security, e‐brake), and other data to assist in identifying and analyzing the performance of the vehicle. We may collect such information either in person (e.g., during a service appointment) or via remote access.
* Remote vehicle analysis: We may be able to dynamically connect to your Tesla vehicle to diagnose and resolve issues with it, and this process may result in access to personal settings in the vehicle (such as contacts, browsing history, navigation history, and radio listening history). This dynamic connection also enables us to view the current location of your vehicle, but such access is restricted to a limited number of personnel within Tesla.
Maybe there is a way to opt out of this, but I can't see it.
If you want a Tesla, yes, you have to accept that. You don't need to purchase a Tesla though.
As a Model X reservation holder, I am both comfortable and accepting of Tesla having my location data and remote access to my vehicle. I understand that the telematics will allow them to continue to improve the product and future products, and have a better understanding of how their batteries and drivetrains perform in the field. I accept all of the above because they've earned that trust (and would even go further, allowing full access constantly to all autopilot sensor data).
Disclaimer: I am also a smaller Tesla investor. I am biased. I'm willing to make sacrifices for what I consider progress.
Yup, the bumped up the 0-60 time of the 85D from 5.4s to 4.2s just based on usage data after the first few months they were in the wild. They'd found that they'd greatly under-rated the motor and provided it as a free update.
As an 85D owner that was wonderful.
I'm sure they're also doing the same with autopilot. Imagine being able to use your entire fleet of 100k cars to aggregate data about how to best tune critical subsystems.
There isn't at the moment, but I don't see why you couldn't have an update procedure that tells you that you have an OTA update as you start the car and asks you to apply it. For that matter, I do not see why in todays day and age Chrysler can not release an update that customers could just download onto a USB stick, plug the stick into the USB port on the radio, and be done with it.
Oh, that's really cool, I had no idea. My friend works at a Chrysler dealer, and they have to connect a laptop to the car and update it like that. If it's available via a USB stick, why aren't they told to do that. I guess buy using the USB stick you can't justify billing Chrysler for 45min of work per car.
Hmm, well in that case it's beyond me why they have to take the car, drive it into the service station, connect it to the laptop, and have it sit there for 40min thinking. I'll show him that page, maybe they could do it with USB sticks as well, which would really speed up the process, because they can just get 10 USB sticks and have one guy do 10 cars at the same time.
For the most part, I think everything should be designed to be updated in this way.
I have a Harley-Davidson motorcycle that I can update simply by connecting a USB drive, turning the ignition switch on, and waiting about five minutes.
You can opt out but I don't know of anyone that has. Their language suggests you might not get updates, but I think that language is more of a cover every possibility than reality. They always install updates when the vehicle is serviced anyway. So it's not like you're entirely blocked from updates if you do opt out.
Rights and Choices
We give you many choices regarding our use and
disclosure of your personal information. You may opt
out at any time and free of charge from:
[snip some irrelvant bits]
Any processing of personal information for which you
have provided your prior explicit opt-in consent by
contacting us as indicated in the "How to Contact Us"
section below.
Our collection of Tesla vehicle data. If you no longer
wish us to collect Telematics Log Data or any other data
from your Tesla vehicle, please contact us as indicated in
the "How to Contact Us" section below. Please note
that, if you opt out from the collection of Telematics Log Data or
any other data from your Tesla vehicle, we will not be able
to notify you of issues applicable to your vehicle in real
time, and this may result in your vehicle suffering
from reduced functionality, serious damage, or inoperability,
and it may also disable many features of your vehicle
including periodic software and firmware updates, remote
services, and interactivity with mobile applications and
in-car features such as location search, Internet radio,
voice commands, and web browser functionality.
Our collection of real-time traffic feature data. We
only collect this data if the real-time traffic feature is
available to you and you elect to use it. If you no longer
wish us to collect or share data from your vehicle for this
feature, you can stop this collection at any time by simply
turning the feature and the data collection off via the
"TRAFFIC-BASED ROUTING" setting in Controls > Settings >
Apps > Maps & Navigation.
Off-topic - when did sentences and paragraphs become the same thing? I noticed this several times during the last months but may have overlooked it before. Is there something behind that?
I wonder if there's a difference for people writing for TV (this article is on the BBC website) and people writing for "print". It's hard to imagine the NYT publishing an article where each paragraph consists of a single sentence, short of that being the point of the article.
I posted about this in another thread about this Tesla "hack", but they required physical access to the INSIDE of the vehicle. An access port in the driver-side footwell.
How is this a security problem? If someone malicious has physical access to a normal car they could cut the brake lines or drain the oil, without even needing to unlock the car.
If I'm inside a car I own I think I'd PREFER it to know I can hack into the car's systems rather than it being totally locked down.
But they also found that the car’s infotainment system was using an out-of-date browser, which contained a four-year-old Apple WebKit vulnerability that could potentially let an attacker conduct a fully remote hack to start the car or cut the motor. Theoretically, an attacker could make a malicious web page, and if someone in a Tesla car visited the site, could gain access to the infotainment system. “From that point, you’d be able to use a privilege escalation vulnerability to gain additional access and do the other stuff that we described,” Rogers says.
Well, when they show, in practice, that such an attack is possible, then we can have news headlines about it.
By presenting it like this so Tesla had to patch it to save face, I'm sure they just closed the loophole that would allow consenting car owners to modify their car's software. As a gear-head and life-long tinkerer, I WANT to be able to mess with my car.
Needing physical access isn't a limitation here given the browser exploit, but even if it was it is still a security problem.
Cutting the brake lines and draining oil are very obvious methods of sabotage. Two minutes of investigation will make it clear that someone with malicious intent caused an accident.
Malicious code uploaded to a car is hard to detect. The inconveniences, property damage, injuries, deaths and the ability to frame the individual as the cause of those intended consequences are incredibly valuable.
The situation with security vulnerabilities in software maybe should be a warning to not use (network-connected) computers to control everything. The internet of everything will probably mean that everything will become hackable.
71 comments
[ 3.1 ms ] story [ 143 ms ] threadIt's also worth noting that Tesla pushed a patch to all of their cars for this yesterday.
Tesla - pushed an OTA update, done.
That pretty much paints the future of "smart software" in cars.
That said, every science fiction book I've ever read where vehicles could be patched over the air, has been been used as a plot device and gone badly for the hero of the story. Interesting times indeed.
It could be argued that the existence of an OTA mechanism incentivizes lower quality (RTM patches); I'd counter that it might do so in the short term only, although I have no data.
Rather than hacking all the individual cars, hack the Tesla server and push the updates. Happened few times to open source software.
Interesting, what are some examples?
I'm pretty sure that if your car isn't connected in the first place, so that its essential control systems can't be updated remotely by a single malicious actor like that, then this isn't a significant concern.
Is there any evidence of this? I think of automatic updates more like a safety net, or a seat belt.
Does the presence of those things change how acrobats or drivers perform?
Yes. They change the risk analysis; this can make the difference between acrobats performing at all.
As a thought experiment, just consider what you know about human nature and incentivisation of behavior.
Do humans tend to:
1) Prioritize long term concerns over short term concerns?
2) Prioritize high -- but incremental -- costs to others over costs to themselves?
3) Prioritize future risk amortized over many small events?
4) Prioritize costs that can be externalized onto others over their own costs?
Quiet OTA updates play to all of those weaknesses. The only possible result, as long as humans are involved, is lower quality software.
Is there any data to support the "only possible result" that you conclude? Or, maybe examples of high-quality software that doesn't have any kind of high-frequency automatic update mechanism?
Anecdotally, I've seen the same in general software.
Traditional product recalls are very expensive, but they centralize costs on the manufacturer, and disperse much smaller individual costs across all consumers. In doing so, they incentivize manufacturers to not screw up.
OTA externalizes costs to consumers, increasing their individual cost through the disruption of more regular updates and regressions, security issues, etc, while decreasing the manufacturers costs dramatically.
This -- surprise! -- incentivizes shipping crap.
Long-term manufacturers can lose brand goodwill due to shipping a buggy product, but if everyone is shipping crap, it's not like consumers have a choice or even particularly high expectations.
There was also this problem:
> But they also found that the car’s infotainment system was using an out-of-date browser, which contained a four-year-old Apple WebKit vulnerability that could potentially let an attacker conduct a fully remote hack to start the car or cut the motor. Theoretically, an attacker could make a malicious web page, and if someone in a Tesla car visited the site, could gain access to the infotainment system.
But you're right it's not like FCA, because this happened:
> The company also engineered the car to handle sudden power loss in a graceful way. If power to the car were cut while the vehicle was in motion, the hand brake would kick in, and the car would lurch to a stop if it was traveling 5 miles per hour or less. It would go into neutral if traveling faster than this. But the driver would still retain control of the steering and brakes and be able to pull the car over. The airbags also would still be fully functional.
Tesla put thought into it. They designed their system with failsafes to minimize risk (to a degree) if the system got hacked. It's not perfect but it's a hell of a lot better than nothing.
Parenthetically, it's a sad state of affairs, certainly not what early web folks expected, that making a browser is so difficult that only 2 huge companies can make even sort-of-acceptable ones that still require constant bugfixes.
Yes, they even build CTRL-ALT-DEL right into the steering wheel, seriously :)
How is it that we can be repeating the exact same mistakes made in software over the past 40 years, without anyone questioning whether the dangers of cloud-enabling cars is remotely justified by the features provided?
1) The features provided by Tesla extend far beyond those provided by "cloud-enablement"; the fact that "informed consumers" are buying the cars does not indicate that their purchasing decision came down to isolating cloud-enablement relative to cloud-features.
2) Your hypothetical informed consumers don't really exist, unless the only people buying cloud-enabled cars are computer scientists.
2) Ever looked at a tech company parking lot in South Bay? A lot of people with CS background are buying the Model S. Not all buyers are computer scientists but informed buyers most definitely do exist.
Of course, even being informed isn't going to help if this sort of poorly secured connectivity becomes the norm for new vehicles, which seems to be happening disturbingly quickly. If you rely on the independence offered by having a car but all cars have similar dangers, you might have only bad alternatives to choose between, but they're still bad.
[Edit: That last sentence was ambiguous. My intended meaning was that the alternatives to using a car at all might also be bad, for example incurring significant costs and disruption moving to live somewhere with viable public transport instead.]
So let me get this straight ...
They were able to plug in a laptop into the car and gain control. In fact, physical access is necessary.
Tesla used the cloud connected features to update the software, removing the physical vulnerability.
Yes, the connected nature of the car is an attack vector. But it seems there are other attack vectors which are far worse and the connected nature can be used to protect the vehicle.
We need to be careful with this kind of risk assessment.
If Microsoft or Google messes up a Windows or Chrome update that is automatically installed, or a malicious actor compromises the update mechanism, maybe a few thousand PCs belonging to people who accepted the risk get broken and there will be some hassle restoring normal functionality afterwards.
If a car manufacturer messes up a firmware over-the-air update that is automatically installed, or a malicious actor compromises the update mechanism, maybe a few thousand cars belonging to people who accepted the risk get run into walls at 100mph.
It is far from clear that providing a mechanism for remotely initiated updates of fundamental system software is a win in this context. As we've seen with automatically updating PC software in recent years, not all updates work as intended, and as we've seen with modern malware, reprogrammable firmware is not always a blessing.
I was developing entertainment system for Volkswagen's cars a while ago. At the time their cars have several networks interconnected with a simple firewall. They were separated into domains, if I remember correctly it was core (engine, steering wheel), first level (reporting, airbags, etc.), second level (opening windows, etc.), and then entertainment system.
The firewall was one-way. Systems on lower level are able to intercept some messages from higher levels, but are unable to send anything to higher level (with some exception between core and first level). That also means that the entertainment system is unable to open/close windows for example - you have physical buttons for that.
It was a while ago and my memory is rusty. But you get the idea that car systems can be build securely with competent engineers.
Jeep remote exploit: "OMG, are you kidding, what kind of idiots would even allow this to be a possibility? Car control systems remotely accessible, etc?"
Tesla: "Kudos to Tesla for taking this seriously and working on it."
EDIT:
I meant that seriously--any functionality which can update the firmware can, by definition, remove your ability to tell that it's doing other things, too. See also "Reflections on Trusting Trust".
EDIT2:
And another downvote. Some people are absurd and clearly don't understand what is a completely reasonable comment about the nature of the security here.
It's not, "How would you (somebody unskilled in these things, snarf snarf, mere mortal compared to angersock) know (anything about this)?".
It's, "How would you (consumer without access to the source code being deployed) know (given that the machine can be made to fake output to whatever is most likely to make you think it's behaving normally)?"
Jesus.
* Telematics Log Data: To improve our vehicles and services for you, we collect certain telematics data regarding the performance, usage, operation, and condition of your Tesla vehicle, including the following: vehicle identification number, speed information, odometer readings, battery use management information, battery charging history, electrical system functions, software version information, infotainment system data, safety‐related data (including information regarding the vehicle’s SRS systems, brakes, security, e‐brake), and other data to assist in identifying and analyzing the performance of the vehicle. We may collect such information either in person (e.g., during a service appointment) or via remote access.
* Remote vehicle analysis: We may be able to dynamically connect to your Tesla vehicle to diagnose and resolve issues with it, and this process may result in access to personal settings in the vehicle (such as contacts, browsing history, navigation history, and radio listening history). This dynamic connection also enables us to view the current location of your vehicle, but such access is restricted to a limited number of personnel within Tesla.
Maybe there is a way to opt out of this, but I can't see it.
If you would have started out with the variant at the bottom, I never would have thought about downvoting you.
As a Model X reservation holder, I am both comfortable and accepting of Tesla having my location data and remote access to my vehicle. I understand that the telematics will allow them to continue to improve the product and future products, and have a better understanding of how their batteries and drivetrains perform in the field. I accept all of the above because they've earned that trust (and would even go further, allowing full access constantly to all autopilot sensor data).
Disclaimer: I am also a smaller Tesla investor. I am biased. I'm willing to make sacrifices for what I consider progress.
As an 85D owner that was wonderful.
I'm sure they're also doing the same with autopilot. Imagine being able to use your entire fleet of 100k cars to aggregate data about how to best tune critical subsystems.
https://www.driveuconnect.com/software-update/
(In addition to having the dealers do it or sending USB drives to people that request them)
I have a Harley-Davidson motorcycle that I can update simply by connecting a USB drive, turning the ignition switch on, and waiting about five minutes.
From https://www.teslamotors.com/about/legal
[snip some irrelvant bits]"Experts Reveal Connected Devices Are Vulnerable to Hacking"
... I can't even get the radio to play anything other than a faint static hum.
How is this a security problem? If someone malicious has physical access to a normal car they could cut the brake lines or drain the oil, without even needing to unlock the car.
If I'm inside a car I own I think I'd PREFER it to know I can hack into the car's systems rather than it being totally locked down.
But they also found that the car’s infotainment system was using an out-of-date browser, which contained a four-year-old Apple WebKit vulnerability that could potentially let an attacker conduct a fully remote hack to start the car or cut the motor. Theoretically, an attacker could make a malicious web page, and if someone in a Tesla car visited the site, could gain access to the infotainment system. “From that point, you’d be able to use a privilege escalation vulnerability to gain additional access and do the other stuff that we described,” Rogers says.
Well, when they show, in practice, that such an attack is possible, then we can have news headlines about it.
By presenting it like this so Tesla had to patch it to save face, I'm sure they just closed the loophole that would allow consenting car owners to modify their car's software. As a gear-head and life-long tinkerer, I WANT to be able to mess with my car.
Cutting the brake lines and draining oil are very obvious methods of sabotage. Two minutes of investigation will make it clear that someone with malicious intent caused an accident.
Malicious code uploaded to a car is hard to detect. The inconveniences, property damage, injuries, deaths and the ability to frame the individual as the cause of those intended consequences are incredibly valuable.