> ...

> It's absolute madness that we have cars companies that generally don't know a ton about software building technology that's generally insecure, will not be updated and mass producing it at scale and being used by 10000s (or even 100000s) of people worldwide.

This! This a thousand times!

Last year I bought a new car, and one of my main deal-breaker criteria was the presence of an LTE modem. I don't want an internet-connected computer-on-wheels built by a company that has no idea how to build secure software and that doesn't have an engineering culture that's compatible with security. There's a too-large chance that they'll mess up and someone would ransom my car for a bitcoin (in the best-case hacking scenario).

It was tricky to figure out what cars had network connections, since the salespeople don't understand the technology, just the sales pitches. The questions that worked best for me were "Does this car have connected features such as remote door unlocking available?" followed by "If I want those features after I buy the car, will I have to take it back to get something installed?" Some cars, like Subarus ship without the connected car features, but the dealership can enable them remotely once you sign up for the monthly charges. That means their cars have an always-on LTE modem.

IMHO, it's going to take at least ten years for 1) car companies to learn the hard way how to develop secure software* and 2) develop a reliable and safe self-driving car that works in my climate. I figured now was the time to buy one of the "last good" cars that I could drive until this stuff is sorted out.

Turns out the one I got has a Android center console that's rootable through a well-known method, but at least I have to manually connect to a Wifi network for that to happen. And, frankly, who does that?

* IIRC, Microsoft took a similar path, first having comically insecure software, to taking security seriously, to actually getting good at it.

I had to do something similar to a sound system I owned. For some reason, they added Bluetooth with absolutely no authentication, so anyone in range could pair to it. I just removed the Bluetooth adaptor (it uses I2C and/or SMBus to communicate with the rest of the system).

You had a great point (about FCC) and I'll see if I can do something about this for the cars I plan on getting.

If I were to hazard a guess, the actual modem you are looking for if in the dash, as it seems that is where the "entertainment brains" are.

Because of the engineering culture. As an example, I've interviewed at GM for software positions and i've interviewed at actual tech companies for similar positions and their process, questions and answers all show how different software is thought of by upper management.

it's changing ofcourse, but it's slow and in the mean time people will get hurt.

> Ford. Ford started with Sync. Mentioning Tesla is a outsider move.

Ford started it with Sync. But no one cared about Ford. You don't see youtube videos of excited people claiming their Ford can be remotely started via an app on their phone for example. It was a sales/marketing pitch by Ford.

Tesla on the other hand...brought the your car is a phone on wheels concept to the masses and popularized it to the point that other car companies feel the need to add it all to cars whether they have the skills or not. (not that Tesla is any better, as that recent post by an ex-engineer showed)

> Why would you think billion dollar fortune 500 companies wouldnt hire programming and security experts?

This is like asking why Equifax would not hire programmers and security experts yet they as we all know...even after that massive data breach, Equifax has yet to change their culture or process or hiring.

Link to post please?

They're not a software company, so not only do they lack experience, they lack the company culture. As a PG essay once pointed out (in the context of American car design), if your manager lacks knowledge of a thing, then they also lack knowledge necessary to identify a competent expert to hire.

The company is world-class at systems integration. If you want a giant component built in Italy to mate with a giant component made in Japan, they can manage to deliver the specs, have them built and tested independently, shipped to their factory floor, and joined perfectly. And repeat the manufacturing process, every day, for years.

If you suggest that the database should use a transaction for saving a crucial piece of data, they're lost. They've got internal policies that work great for bolts and wires (standardize all the things!), but suck for software (every software system must use the same database system, which we selected 30 years ago, i.e., it's no longer maintained). Specs are written like hardware specs which will change only minimally (we need a larger bolt), but of course they change all the time in significant ways (need to add a new core feature to the software which will require a completely different schema). Release cycles are literally measured in months, and they have a culture of hard public deadlines, so most problems simply can't get fixed in time, even if they're identified.

It doesn't surprise me in the least that car companies are having problems with software.