If you would like to contribute to the "World's First Automotive Black Box Cyber Security Lock Project" visit this website:Kowalick has already produced 4,000 AutoCybs in advance of his launch on Indiegogo and aims to raise $132,000 through the crowd-funding site by May 14. For $33, backers get an AutoCyb and Kowalick promises that all pledges will be fulfilled as soon as the Indiegogo campaign ends.
If his crowdfunding goes well, Kowalick hopes to make an NFC-compatible unit that will let drivers unlock the device with a smartphone.
http://www.indiegogo.com/projects/world ... ck-project
From: http://www.wired.com/autopia/2013/04/au ... -firewall/
You might not know it, but your car has the automotive equivalent of an airplane’s “black box.” It’s called an Event Data Recorder (EDR), and anyone with a handheld scanner and access to the port under your steering column can download a wealth of information about your car.
That worries Tom Kowalick, one of the engineers responsible for developing the EDR, so he’s crowd-funding a device that lets drivers lock up that data. It’s called the AutoCyb and it’s a deceptively simple solution: a mechanical dongle that plugs into a car’s diagnostic port, and locks in place with a key.
“In concept, it is as simple as locking your glove compartment or the front door of your house,” Kowalick tells Wired.
It may be low-tech, but the device is the first security hardware built to protect a glaring information security hole in your car: the Onboard Diagnostic Port (or OBDII), a small jack underneath the steering column found on every vehicle manufactured since 1996. The ODBII port is what your mechanic uses to determine why the “check engine” light is on in your car. But if you crash, the port also provides access to logs showing exactly what was going on with the car’s systems before, during and after the moment the air bag deployed — everything from speed to seat belt use.
Photo: Tom Kowalick
The animating principal of the AutoCyb is that the vehicle’s driver owns that data, and nobody should be able to get access to it with the driver’s permission.
“It is their data to begin with,” Kowalick says. “And they are merely securing it from others who possess the ability to alter, delete, modify or just plain zap it with an electronic tool. They went from point A to B. They created it. Why should others access it?”
It’s a reasonable question, and one that raises concerns about what happens to your car after a crash. Several Internet vendors sell products that can alter or completely erase crash data in an attempt to defraud insurance companies. Since vehicles are normally removed from a crash scene soon after the incident, neither the owner nor the insurer will be able to keep tabs on exactly where the vehicle is and who has access. That opens up a window for nefarious activity.
“The data belongs to the owner of the vehicle,” Bob Passmore, senior director of personal lines policy at the Property Casualty Insurers Association of America told Wired. “I see this … as a protection for the owner.”
According to Passmore, keeping this data out of the wrong hands is in the interest of both the vehicle owner (the policy holder) and the insurance company. “The only issue is if the policy holder blocks access,” says Passmore. But if it comes down to a court case, the insurer could petition the court for a subpoena.
Kowalick has already produced 4,000 AutoCybs in advance of his launch on Indiegogo and aims to raise $132,000 through the crowd-funding site by May 14. For $33, backers get an AutoCyb and Kowalick promises that all pledges will be fulfilled as soon as the Indiegogo campaign ends.
If his crowdfunding goes well, Kowalick hopes to make an NFC-compatible unit that will let drivers unlock the device with a smartphone.