Connected car security has been a hot topic ever since the experiment in which hackers remotely ran an Internet-connected Jeep off the road. Even if the average driver isn’t necessarily scared that the same thing will happen to them, connected automobiles could disrupt our everyday lives in other ways. And, with an estimated 250 million connected cars expected on the road by 2020, these disruptions could be coming sooner than you may think.
Automakers are eager to put Internet connectivity to good use – tracking down stolen vehicles, preprogramming trip routes, and even making driverless cars a full-scale reality — which Tesla is actively working on, having just rolled out its highly anticipated self-driving features. But that doesn’t mean there won’t also be a few side effects. Richard Kirk, SVP at AlienVault, the Silicon Valley-based provider of unified security management and crowd-sourced threat intelligence, outlines a few scenarios.
Connected Car Risks
Click through for five risks you may not have thought about with regards to connected cars, as identified by Richard Kirk, SVP at AlienVault.
Commercials invading your personal space: First on the list is not necessarily a computer security risk but one of road safety. It has been well-documented that driver distraction is the top cause of vehicular accidents. With web browsers already popping up on center consoles, as seen in the Tesla Model S, the next generation of distraction appears to be on the way; car manufacturers are envisioning dashboards as mobile e-commerce platforms of the future. That means we may soon be able to expect uninvited location-based ads appearing in our cars, directing us to the nearest Starbucks or offering us vouchers for nearby service stations. This could be as distracting as it would be invasive.
Third-party apps: Devices like Vinli, the Automatic, the Mojio and the Zubie plug into your car’s OBD II port to connect you with third-party apps that the car’s manufacturer doesn’t have control over. While these legitimate devices and apps look like they could be remarkably useful for doing things like promoting safe driving and better fuel economy, they also could provide an easy avenue for intrusion into your car’s electronic systems and one that hackers looking to replicate the Wired-Jeep experiment could exploit. It took the security industry 10 years to secure USB ports, and we could be looking at a similar challenge here.
Grand Theft: Personal Data
Grand theft personal data: Now we have a new industry to trust with our personal data. Vehicles with Internet connectivity are already sending huge amounts of data to manufacturers, and while they have yet to do much with the information, it’s only a matter of time before they start monetizing it. Additionally, if your personal data is connected with your car, this will present a real incentive for hackers to treat it as an easy, high-value target, especially with the industry lacking experience in protecting sensitive data.
Glitches and Malware
Computer glitches and malware: Our cars become computers on wheels, making them susceptible to the same issues we face on a daily basis with our personal computers. When a PC or smartphone crashes due to malware or a non-malicious glitch, at least your physical safety is not in danger. If a large-scale botnet could disable brakes, steering, or other critical functions, it would be a different story. Similar to the Jeep hack, researchers recently were able to turn off a moving Tesla Model S by hacking the entertainment system. When driverless cars start to appear, the systems that control and coordinate them, perhaps running in the cloud, will also be prone to intrusion and failure.
Lose Your Device, Lose Control of Your Car
Lose your device, lose control of your car: Numerous connected car apps are on the way, which could mean that if someone else gets a hold of your phone or Apple Watch, they also gain access to your car. While having your devices connected can make your life easier, it also has the potential to open up Pandora’s box and give thieves another way in.
What Do We Do?
So what do we do? Regulation feels inevitable. Decades after Congress passed the 1966 National Traffic and Motor Vehicle Safety Act, ushering in a wave of new safety improvements, we may once again be in line for a new generation of safety standards. This will not happen overnight, and like many other complex cybersecurity challenges, it will involve multiple parties and will require some serious collaboration. As threat intelligence crowdsourcing takes hold in the security industry, with IT pros sharing vulnerabilities, threats and fixes, the auto industry has followed suit with the recent introduction of the industry’s upcoming intelligence sharing and analysis center (ISAC). The goal will be to work together on solutions that could be as revolutionary as the seatbelt.