Should You Buy a Connected Car?
Computer sales are moribund; tablet sales are tanking; even iPhone sales are slowing down. Hardware makers are desperate to find The Next Big Thing to reignite their revenue growth, and they think they have found it. They’re going to connect everything! But do you really want your car connected to the Internet? Read on...
Should Your Car Be On the Information Superhighway?
Back in the early 90's, it was common to refer to the Internet as the "Information Superhighway," and "travel" from one website to another via your desktop computer. But now, you can actually visit websites *with* your car, while traveling on a real superhighway. It seems everything is being connected, but are we really ready for that?
From coffee pots to cars, the Internet of Things is that Next Big Thing that is being relentlessly pushed upon us from every direction. A coffee pot that can be controlled remotely is one thing, but a car? I don’t know if I would buy a so-called “connected” car given the current state of their security.
Let's start with a definition: a "connected" car is one that can communicate interactively with systems other than its own internal ones, e.g., smartphones, computers, cellular towers, GPS, and the Internet.
Just over a year ago, a reporter for Wired magazine wrote about the terrifying experience of having hackers take control of a Jeep - while he was driving it! The air conditioning came on full blast. Windshield wiper fluid sprayed unbidden, The radio blasted at top volume. The on-board digital display showed the two hackers, laughing.
And then things got serious. The transmission was disabled and the driver could no longer control the accelerator. Then the brakes were disabled and the Jeep ended up in a ditch.
Fortunately, this was a test; the attack stopped short of being fatal, but it very well could have been. Chrysler had to download firmware updates to nearly 2 million vehicles to prevent a real catastrophe that would, no doubt, have put the company in greater legal jeopardy than Volkswagen. People - a lot of people - could have died.
Are Connected Cars Vulnerable?
In February, 2016, white-hat hackers demonstrated a vulnerability in the Nissan Leaf electric car that allowed them to take control of non-critical systems such as climate control and entertainment systems.
In June, 2016, the Mitsubishi Outlander’s on-board WiFi access point - essentially, a wireless router like the one you have at home - proved vulnerable. Mitsubishi recommends that owners disable the access point until a patch is created.
“When you start thinking about a car, you quickly realise the integrity and vulnerability threats are much worse than confidentiality threats and there's real risks to life and property here," legendary security expert Bruce Schneier told the recent InfoSecurity Europe conference in London.
“It'd be really bad -- and it'll happen in a year or two -- when someone figures out how to apply ransomware to the CPUs of cars,” he continued. “That's not going to be fun, but as long as there are computers it'll happen.”
Imagine your $60,000 car sitting there in the garage, completely useless, while the screen in its console displays instructions for paying $500 in Bitcoins to an unknown hacker in a dark corner of the Internet.
More Focus on Safety and Security is Needed
The problem is that computer security is still an alien concept to auto manufacturers. Some of them don’t see what the big deal is if a hacker can adjust the volume of your car’s radio. “Mission-critical” computers that control brakes, accelerator, transmissions, etc., are totally isolated from these “options,” they assure us. But as the Wired reporter discovered, that’s no guarantee of safety.
The advent of self-driving, or "autonomous" cars is a related concern. It's encouraging that Google's self-driving cars have driven more than 1.5 million miles with no fatalities and only one minor accident. But a recent story about a fatal accident involving a Tesla Model S operating in "Autopilot Mode" does give me pause. There was no foul play or hacking involved in this case, but still it tells me that we've not yet reached a point in time when we can fully trust in technology such as connected and/or autonomous vehicles.
Security is a full-time, pervasive, top-to-bottom and end-to-end mindset. Whether it's the engine or the “accessory charger” (formerly known as a “cigarette lighter") it must be considered a potential backdoor into the most life-threatening parts of a car. And auto makers don’t have this mindset.
I think I will wait until they do, which will probably be a decade after dozens of people die and some company is hit with a multi-billion-dollar judgment. Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 11 Jul 2016
|For Fun: Buy Bob a Snickers.|
Google Wants To Track You More, But It’s Optional
The Top Twenty
Data Brokers: What Do They Know About You?
There's more reader feedback... See all 28 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Should You Buy a Connected Car? (Posted: 11 Jul 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved