The automobile industry is facing a future in which hackers and crackers will be trying to turn off brakes and disable steering wheels. At best, IT, internal developers and security staffs working diligently to avoid the worst outcomes may have a shot at successfully protecting consumers from such malicious intent. However, companies steeped in cultures of deception obviously are getting in the way of security efforts.
Case in point is Volkswagen. This was a company with a very good reputation until recently. The company reportedly used software that enabled it to cheat on emissions testing. That misstep cost VW a large chunk of its value, and will have significant, long-term impact.
This actually was VW’s second walk on the dark side (that we know about) in recent months, as in a previous post, I discussed the company’s efforts to suppress security analysts’ assessments that keyless ignition technology in its vehicles from Megamos, a Swiss company, was flawed and could be used by thieves. VW had known about the problem since 2013 and worked hard to keep it quiet. In fact, it brought the researchers to court in an effort to shut them up.
Now, this is not a case of the company finding some rogue personnel and self-reporting. That would be serious enough, but somewhat understandable in this day and age. In this case, however, neither problem was reported by the company. The key fob issue was brought forth by the researchers and the VW emissions issue was reported by an outside group, according to Mashable:
Third-party tests performed by the International Council on Clean Transport (ICCT) uncovered the emissions issues. The tests set out to prove a hypothesis that VW's new generation of TDI diesel engines were cleaner than standard gasoline engines but unwittingly exposed the German carmaker's deception.
Turning a blind eye to thievery and cheating on emissions tests doesn’t hold a candle to turning off somebody’s brakes, of course. But what if the hack on the key fob actually included some malware that can grab control of critical systems?
At minimum, the way VW acted in both cases can be seen as gateway actions to things that could put people in real danger. I am not saying that VW doesn’t care about making safe cars, but corporate culture matters. When the corporate culture is deceptive and underhanded, it leads us to wonder about what else such companies let slide.
It is hard to believe that various folks at VW didn’t know or suspect that something was amiss in both of these scenarios. The question now is what else do they know or suspect and are afraid to talk about?
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.