Big Data // Big Data Analytics
News
3/18/2014
09:06 AM
Connect Directly
Google+
RSS
E-Mail
50%
50%

Internet Of Things Meets Cars: Security Threats Ahead

As the Internet of Things extends to automobiles, security and privacy threats come along for the ride.

CES 2014: Cisco's Internet of Everything Vision
CES 2014: Cisco's Internet of Everything Vision
(Click image for larger view and slideshow.)

The tech and automotive industries are aggressively promoting the connected car, a 4G-enabled vehicle that brings smartphone-like capabilities to personal transportation. Distracted-driving issues aside, the Internet-ready vehicle brings with it a host of security concerns related to the data it will generate.

"There's a myriad of questions that we're going to have to go through on data ownership and disclosure -- the apps that go into the car, who owns the information. I think that's a huge topic," said Judith Bitterli, chief marketing officer for security software firm AVG Technologies, in a phone interview with InformationWeek.

Bitterli recently participated in a discussion panel at the South by Southwest (SXSW) conference in Austin, Texas. Titled "The Car Hacks are Coming -- How the Auto Industry Can Safeguard Connected Cars," the session explored key security and privacy concerns involving Internet-enabled vehicles.

One major topic is how to collect data while protecting the vehicle owner's privacy. In a post-SXSW blog post for AVG, Bitterli wrote, "Technology will resolve the security, but AVG would like vehicle manufacturers to be clear about what data they are collecting and how they are using it. We'd also like them to be clear about what's being done with the data if the car is resold or traded. Can there be a mechanism to reset the vehicle to factory default upon ownership change?"

[Read about Apple's new car tech offering. Read Apple CarPlay: Siri At The Wheel.]

Today, this factory-default reset button doesn't exist, a potential privacy problem as consumers start to buy and sell used connected cars. "I wipe my iPads before I give them to my nieces and nephews and friends," Bitterli pointed out. "We're going to have to have an easy way as consumers to do that in our automobiles, because I don't want my driving record, driving history, and how much I'm going over the speed limit transferred to a third party."

Data ownership is another unresolved matter. "If bought the car, my assumption would be that I own that data," said Bitterli. "And in the tech world, you have to ask permission from the user before you use that data."

(Image: thepu.sh)
(Image: thepu.sh)

Auto manufacturers, she added, realize the need for clearer privacy rules, which they see as crucial to retaining customer loyalty. "I talked to one CTO of a major automobile manufacturer last week, and they're very receptive to it. They view their market much longer-term than most of us do. They believe that someone buys a car... and five years later, they come back. They see that repeat rate and don't want to do anything to screw it up."

Vehicle-based apps bring the threat of car-hacking as well. "There are very professional, malware-for-hire organized crime syndicates in places like Russia that are going after your money. So if you're doing banking transactions through the console on your car, or doing e-retail, that's going to be the next target for them," Bitterli warned.

Then again, the "hacker" may simply be your five-year-old kid using a backseat touchscreen to inadvertently purchase something via an online retailer's (all-too-convenient) one-click-buying feature. "While we're driving, we're going to have kids in the backseat with full access to everything we have access to in the car," Bitterli said.

On the regulation side, as tech companies venture further into the automotive market, they'll encounter a greater degree of governmental control than they may be used to. A month ago, for instance, the US Department of Transportation's (DOT) National Highway Traffic Safety Administration (NHTSA) announced plans to enable vehicle-to-vehicle (V2V) communication for light vehicles. This technology is designed to allow vehicles to "talk" to each other -- exchanging speed, position, and other safety data up to 10 times per second -- to avoid crashes. The NHTSA is also developing a regulatory proposal that would require V2V devices in new vehicles "in a future year."

"It's a whole new world for tech companies that are at the convergence of tech and auto," said Bitterli.

Engage with Oracle president Mark Hurd, NFL CIO Michelle McKenna-Doyle, General Motors CIO Randy Mott, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. See the full agenda here.

Jeff Bertolucci is a technology journalist in Los Angeles who writes mostly for Kiplinger's Personal Finance, The Saturday Evening Post, and InformationWeek. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
3/22/2014 | 12:09:19 PM
More security woes
While I love the idea of connected cars, the worry for me is that if they are indeed capable of V2V communication, the types of malware tools that could potentially hijack the signal would mean an additional threat to road safety.  Especially if they are able to disable a vehicle remotely (we know police services would love this feature to be built in), or somehow interact with another vehicle while it is in motion poses a huge risk towards the safety of not just the passengers but anyone else in proximity.
J_Brandt
50%
50%
J_Brandt,
User Rank: Ninja
3/31/2014 | 10:55:56 PM
Re: More security woes
The illusion is that your car will be like KITT (Knight Industries Two Thousand) with William Daniel's voice and the power of three IBM Watsons.  How to protect against malware is a huge issue.  One that will eventually be worked out, but unfortunately not without a few bumps along the way.
6 Tools to Protect Big Data
6 Tools to Protect Big Data
Most IT teams have their conventional databases covered in terms of security and business continuity. But as we enter the era of big data, Hadoop, and NoSQL, protection schemes need to evolve. In fact, big data could drive the next big security strategy shift.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.