Internet Of Things Meets Cars: Security Threats Ahead
As the Internet of Things extends to automobiles, security and privacy threats come along for the ride.
CES 2014: Cisco's Internet of Everything Vision
(Click image for larger view and slideshow.)
The tech and automotive industries are aggressively promoting the connected car, a 4G-enabled vehicle that brings smartphone-like capabilities to personal transportation. Distracted-driving issues aside, the Internet-ready vehicle brings with it a host of security concerns related to the data it will generate.
"There's a myriad of questions that we're going to have to go through on data ownership and disclosure -- the apps that go into the car, who owns the information. I think that's a huge topic," said Judith Bitterli, chief marketing officer for security software firm AVG Technologies, in a phone interview with InformationWeek.
Bitterli recently participated in a discussion panel at the South by Southwest (SXSW) conference in Austin, Texas. Titled "The Car Hacks are Coming -- How the Auto Industry Can Safeguard Connected Cars," the session explored key security and privacy concerns involving Internet-enabled vehicles.
One major topic is how to collect data while protecting the vehicle owner's privacy. In a post-SXSW blog post for AVG, Bitterli wrote, "Technology will resolve the security, but AVG would like vehicle manufacturers to be clear about what data they are collecting and how they are using it. We'd also like them to be clear about what's being done with the data if the car is resold or traded. Can there be a mechanism to reset the vehicle to factory default upon ownership change?"
Today, this factory-default reset button doesn't exist, a potential privacy problem as consumers start to buy and sell used connected cars. "I wipe my iPads before I give them to my nieces and nephews and friends," Bitterli pointed out. "We're going to have to have an easy way as consumers to do that in our automobiles, because I don't want my driving record, driving history, and how much I'm going over the speed limit transferred to a third party."
Data ownership is another unresolved matter. "If bought the car, my assumption would be that I own that data," said Bitterli. "And in the tech world, you have to ask permission from the user before you use that data."
Auto manufacturers, she added, realize the need for clearer privacy rules, which they see as crucial to retaining customer loyalty. "I talked to one CTO of a major automobile manufacturer last week, and they're very receptive to it. They view their market much longer-term than most of us do. They believe that someone buys a car... and five years later, they come back. They see that repeat rate and don't want to do anything to screw it up."
Vehicle-based apps bring the threat of car-hacking as well. "There are very professional, malware-for-hire organized crime syndicates in places like Russia that are going after your money. So if you're doing banking transactions through the console on your car, or doing e-retail, that's going to be the next target for them," Bitterli warned.
Then again, the "hacker" may simply be your five-year-old kid using a backseat touchscreen to inadvertently purchase something via an online retailer's (all-too-convenient) one-click-buying feature. "While we're driving, we're going to have kids in the backseat with full access to everything we have access to in the car," Bitterli said.
On the regulation side, as tech companies venture further into the automotive market, they'll encounter a greater degree of governmental control than they may be used to. A month ago, for instance, the US Department of Transportation's (DOT) National Highway Traffic Safety Administration (NHTSA) announced plans to enable vehicle-to-vehicle (V2V) communication for light vehicles. This technology is designed to allow vehicles to "talk" to each other -- exchanging speed, position, and other safety data up to 10 times per second -- to avoid crashes. The NHTSA is also developing a regulatory proposal that would require V2V devices in new vehicles "in a future year."
"It's a whole new world for tech companies that are at the convergence of tech and auto," said Bitterli.
Engage with Oracle president Mark Hurd, NFL CIO Michelle McKenna-Doyle, General Motors CIO Randy Mott, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. See the full agenda here.
Jeff Bertolucci is a technology journalist in Los Angeles who writes mostly for Kiplinger's Personal Finance, The Saturday Evening Post, and InformationWeek. View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.