It’s a truism that people love their cars. When it’s time to trade up to a new one, it’s not uncommon for some folks to become a little misty-eyed at the thought of parting with their loyal steed. These days, however, most drivers aren’t in the doldrums for very long since cars now, of course, come equipped with cool new gadgets and features to get excited about. Anything from creature comforts like heated armrests to instant messaging and augmented reality. And it may not be long before driverless cars could become pervasive. Though I am more than a little skeptical about them after watching this Silicon Valley episode that depicted one of its main characters getting trapped in a sealed container that was shipped to Asia. You’ll laugh, you’ll cry…and you may never give up the keys to your car.
In addition to instant messaging and augmented reality, we’re also now beginning to see vehicles (especially in the luxury market) offering features like self-parking, adaptive cruise control, collision warning systems and auto breaking. As the author of this recent article in IoT Evolution points out, it’s only a matter of time for the technology to scale broadly and for acceptance of these features to increase.
Many, if not all, of these advancements in the automotive world are going to require the Internet of Things (IoT) to be “connected”. Not surprisingly, according to a 2015 survey from leading analyst firm, Gartner, by 2020 a quarter billion connected vehicles will be on the road.
All of these innovations hold promise and many consumers will welcome them with open arms. But there are also inherent risks that come with connected cars, especially knowing how many bad actors out there who do, in fact, want to wreak chaos, whether purely for fun, profit – or worse.
The Famous Hacking of a Jeep
Fortunately, to date there has not been a major automotive hack that’s caused any fatalities. But there has been at least one very notable incident, which is when Wired Magazine senior editor Andy Greenberg’s Jeep was hacked three years ago.
For those unfamiliar with the story, in the summer of 2015, automotive cybersecurity researchers Charlie Miller and Chris Valasek remotely hacked into Greenberg’s car, paralyzing it on a highway while he was driving in traffic. Not only did the researchers manage to disable the car's brakes at low speeds, they were able to control the vehicle in several ways, from acceleration and braking to turning the vehicle’s steering wheel.
The incident could have been deadly but, of course, the researchers never intended for anything that malicious to happen. But they certainly proved a point about the many vulnerabilities connected cars present. Not long after the hack, Chrysler issued a recall for 1.4 million vehicles that could have been impacted by a hackable software vulnerability in the carmaker’s Uconnect dashboard computers.
Securing connected vehicles
Most automotive and technology pundits believe that when it comes to the IoT and cars, it’s nearly impossible to be truly hack-proof. Though others, like David Pogue, have argued that cars aren’t that hackable, or as he put it, “still only a hypothetical threat.”, History shows that hackers are both a persistent and an unusually patient bunch and will find a way to discover a crushing vulnerability. But, there are steps companies in the automotive market can take to help reduce the chances of falling victim to an attack.
By constantly monitoring and addressing any security concerns, automakers will be better able limit vulnerabilities. If one is discovered, implementing Over-the-Air (OTA) updates will enable them to apply software updates and patches to connected vehicles on a broad scale. Of course, OTA updates can bring their own issues. Manufacturers need to ensure the cars will only install approved, legitimate updates and that the updates cannot be tampered with before they are installed.
And even before a vehicle is shipped, its connected services should be properly tested. This could help prevent a dangerous breach in the future and will also ensure that all connected parts of a car meet performance requirements.
In addition, automotive manufacturers should find an IoT vendor to conduct a threat assessment. This will establish what kind of risks exist, how serious they are and then create a plan of action.
Once it becomes standard practice for automakers and other industry players to put the proper, secure IoT technologies in place, the connected cars of the future will not only be enjoyable but safer, and (hopefully) a lot less worrisome.
GlobalSign’s IoT team has a great deal of insight into how companies in the automotive marketplace can greatly improve their security with our industry-leading PKI-based solutions. To learn more about our IoT solutions, and especially our recently launched IoT Identity Platform, visit https://www.globalsign.com/en/lp/iot-identity-platform/