Road trips are part of almost any American childhood, and more often than not, the stereotypes are true. Dad drives, getting lost at least once and refusing to stop for directions. Mom's trying to make the car ride less boring with occasional family sing-alongs. Your brother zones out while listening to music on music on his cassette player. You're trying to read, but really you're just craving your Saturday morning cartoons.
But smart cars have changed the way that we road trip. Cars, especially family cars, now come fully equipped with different entertainment options such as WiFi, hotspot, Bluetooth, rear-seat DVD players, and mobile phone integration to name a few. GPS navigation systems have helped dad keep his pride intact. These features along with smartphones, tablets, and other mobile devices have made family road trip sing-alongs obsolete.
Smart cars have also become safer to drive with exterior cameras that can assist you while backing out of the driveway, smart brakes that compensate for poor road conditions and black ice, and other safety features.
Although smart cars have decreased the familial stress during road trips and even made driving safer, there are great risks that come with the technology and security of smart cars.
It’s no secret that there are major security risks with smart cars. In 2013, two security researchers Charlie Miller and Chris Valasek demonstrated that they were able to hack a Ford Escape and control the cars braking system, steering, horns, and dashboard displays. So, the knowledge that car hijacking is possible has been around for some time.
Later they published a book detailing the vulnerabilities they found in different car models. They tested which cars were safer and which ones were more vulnerable to hackers. One method they used to access the car’s network exploited security flaws in Bluetooth, the radio system, and WiFi. Once they were able to gain a foothold in one of those systems they were then able to gain access to the car’s critical systems.
Another car hijacking demonstration was featured 60 Minutes in February of this year. DARPA security researcher Dan Kaufman demonstrated that he could hijack a car remotely using a laptop, further proving the security risks of smart car technology.
At around the same time that the 60 Minutes episode aired, Senator Edward Markey released his car hacking report. In the report, Markey tells that he sent twenty car manufacturers a questionnaire about the security of their cars. Below are summaries of five of the report’s findings.
If the above hijacking demonstrations and report have not convinced you of the security flaws in smart cars, this may do it. Recently the popular German car manufacturer BMW found a vulnerability affecting over 2 million of its cars. The vulnerability would have allowed hackers to unlock these cars' doors. As far as we know the flaw had not been exploited before BMW issued a software update to the vulnerable cars.
Consumers are in the know when it comes to data security . These videos, reports, and discovered vulnerabilities have received a lot of attention by both the security community and the public in general. The 2014 and 2015 TRUSTe Privacy Index reports show how concerned consumers are about data security and privacy.
The findings from this report are exactly where car manufacturers were shown to be lacking in the Markey report. Consumers are very concerned about data security and privacy. Their concern may not stop them from buying a car, but these reports show that it does influence their decision in which manufacturers to buy from.
Car manufacturers are always looking for a marketing advantage to increase revenue. Every year new car models flood the market and every new model touts an array of new features and accessories, many of them connected to the Internet. New features and accessories are the way car manufacturers establish a marketing advantage over their competitors.
These connected features are appreciated by drivers and passengers alike, but what is worrisome is that with more features in a car comes more vulnerabilities. More features and accessories increase the attack surface a hacker could exploit.
IoT security and privacy is a must, not only for the integrity of the manufacturer but for the safety of consumers. Security vulnerabilities could:
Lastly, a lack of security could diminish and even destroy a consumer’s trust in a manufacturer. While car manufacturers have the potential of losing customer trust with their security provisions, they also have the capacity of gaining customer trust by providing efficient security and privacy measures. By prioritizing security and privacy, manufacturers will stand out among competitors and earn the loyalty of customers.
Rather than continuing to add more features to cars in order to gain a marketing advantage, manufacturers should first prioritize better security for the connected features in the cars that are already on the market. The Markey report found that almost no manufacturers are giving security the importance it needs. If a car manufacturer were to release a new model that touted top-notch security as its newest feature, that manufacturer would be surprised to find that in today's data-driven world, customer loyalty always follows security.