One of my biggest complaints with security is that it so often reactive, especially on the business level. The security protections are minimal at best at a lot of places – until something happens. Then security gets a more serious look.
So it was good to hear a story about some proactive security measures, and in an area you don’t automatically think about IT security – your vehicle.
It’s easy to forget that today’s cars and trucks are run as much by a computer system as they are by gas. We don’t think about our car’s computer until something goes wrong. And now with built-in GPS, satellite radio, all of the interactive gadgets, our vehicles are one giant, gas-powered computer. Just as I talk about the importance of remembering that our smartphones and tablets are powerful handheld computers that need the same security considerations as a desktop, it makes sense to think that a car also needs to be thought of as a computer and is at risk for attack.
And that’s exactly what’s happening at Intel. According to Reuters, ethical hackers are working with Intel’s McAfee division to search for the bugs that could make a vehicle’s computer system vulnerable to a hack or a virus.
I said this research is proactive, rather than reactive. That’s because, as of this writing, there have been no known violent attacks on a vehicle computer system. However, as the Reuters article pointed out:
“Yet, Ford spokesman Alan Hall said his company had tasked its security engineers with making its Sync in-vehicle communications and entertainment system as resistant as possible to attack.”
Could you imagine how nice it would be if this was the standard security approach?
Of course, the car industry is used to innovating safety features before they become standard. Anything that makes a car safer and easier to drive is a big deal to consumers. That the auto industry would move to the next safety feature – computer security – makes sense.
And there are signs that a problem could be looming. According to CNET:
Studies have already proven that it is technically possible to hack into a car's on-board warning systems and alter its tire pressure, as well as prevent it from using its brakes.
Not that the car industry is perfect here. Reuters pointed out that, according to security experts, car manufacturers have been slow to adopt computer security, and that leaves the vehicle vulnerable to an attack. A hack into a vehicle computer system could impair the car’s ability to operate and could result in a crash. Reuters sprinkled around words like “lethal” and “violent” in its article to describe potential virus attacks, words not usually used when you think of malware on your computer (beyond the Blue Screen of Death). But violent and lethal outcomes are exactly what happens if a driver loses the ability to control the vehicle because the computer system failed. In this case, a virus really could be deadly.
Computers have become so ubiquitous in our society that we forget in how many instances we depend on them. Computer security for a vehicle makes perfect sense. Now I wonder, what other everyday items should have improved computer security...