Road trips are part of almost any American childhood, and more often than not, the stereotypes are true. Dad drives, getting lost at least once and refusing to stop for directions. Mom’s trying to make the car ride less boring with occasional family sing-alongs. Your brother zones out while listening to music on music on his cassette player. You’re trying to read, but really you’re just craving your Saturday morning cartoons.
But smart cars have changed the way that we road trip. Cars, especially family cars, now come fully equipped with different entertainment options such as WiFi, hotspot, Bluetooth, rear-seat DVD players, and mobile phone integration to name a few. GPS navigation systems have helped dad keep his pride intact. These features along with smartphones, tablets, and other mobile devices have made family road trip sing-alongs obsolete.
Smart cars have also become safer to drive with exterior cameras that can assist you while backing out of the driveway, smart brakes that compensate for poor road conditions and black ice, and other safety features.
Although smart cars have decreased the familial stress during road trips and even made driving safer, there are great risks that come with the technology and security of smart cars.
Hijacking Videos and Vulnerabilities
It’s no secret that there are major security risks with smart cars. In 2013, two security researchers Charlie Miller and Chris Valasek demonstrated that they were able to hack a Ford Escape and control the cars braking system, steering, horns, and dashboard displays. So, the knowledge that car hijacking is possible has been around for some time.
Later they published a book detailing the vulnerabilities they found in different car models. They tested which cars were safer and which ones were more vulnerable to hackers. One method they used to access the car’s network exploited security flaws in Bluetooth, the radio system, and WiFi. Once they were able to gain a foothold in one of those systems they were then able to gain access to the car’s critical systems.
Another car hijacking demonstration was featured 60 Minutes in February of this year. DARPA security researcher Dan Kaufman demonstrated that he could hijack a car remotely using a laptop, further proving the security risks of smart car technology.
At around the same time that the 60 Minutes episode aired, Senator Edward Markey released his car hacking report. In the report, Markey tells that he sent twenty car manufacturers a questionnaire about the security of their cars. Below are summaries of five of the report’s findings.
- Almost 100% of smart cars use wireless technology. This technology requires a wireless entry point (WEP). 100% of smart cars have at least one WEP and some have multiple WEPs. This technology has proven to have vulnerabilities. The report states that in 2011 a group of security researchers was able to exploit WEP vulnerabilities and take over the locks and brakes of the cars they tested.
- The report also showed that security measures for preventing wireless intrusion are either weak or non-existent. Some manufacturers did say they test WEPs but it was more for functionality of the feature rather than for security. Experts in the report stated that the security measures half of the manufacturers were using were insufficient and could by easily circumvented.
- When asked about software delivery and updates manufacturers answered that they provide them through authorized dealers. The report states that manufacturers assume a hacker could acquire the same technology a mechanic has access to.
- Of the twenty manufacturers in the report only two utilized capabilities to diagnose or respond to a wireless intrusion in real-time.
- Most car manufacturers collect and store data ranging from driving history, vehicle performance, and other information. Most of this data is shared with third-parties, and customers are often left in the dark about the data collection.
If the above hijacking demonstrations and report have not convinced you of the security flaws in smart cars, this may do it. Recently the popular German car manufacturer BMW found a vulnerability affecting over 2 million of its cars. The vulnerability would have allowed hackers to unlock these cars’ doors. As far as we know the flaw had not been exploited before BMW issued a software update to the vulnerable cars.
Consumers Are Informed
Consumers are in the know when it comes to data security. These videos, reports, and discovered vulnerabilities have received a lot of attention by both the security community and the public in general. The 2014 and 2015 TRUSTe Privacy Index reports show how concerned consumers are about data security and privacy.
- 89% of Internet users avoid companies that do not protect their privacy.
- 92% worry about their data privacy.
- 58% are concerned about businesses sharing their information with third-parties.
- 79% are concerned about the idea of personal information collected by smart devices.
- 87% are concerned about personal information being collected and used in ways they were unaware of.
- 78% are concerned their location would be revealed without their knowledge.
The findings from this report are exactly where car manufacturers were shown to be lacking in the Markey report. Consumers are very concerned about data security and privacy. Their concern may not stop them from buying a car, but these reports show that it does influence their decision in which manufacturers to buy from.
More Features Means More Vulnerabilities
Car manufacturers are always looking for a marketing advantage to increase revenue. Every year new car models flood the market and every new model touts an array of new features and accessories, many of them connected to the Internet. New features and accessories are the way car manufacturers establish a marketing advantage over their competitors.
These connected features are appreciated by drivers and passengers alike, but what is worrisome is that with more features in a car comes more vulnerabilities. More features and accessories increase the attack surface a hacker could exploit.
Security as a Marketing Advantage
IoT security and privacy is a must, not only for the integrity of the manufacturer but for the safety of consumers. Security vulnerabilities could:
- Put drivers in physical peril if their cars were remotely hijacked
- Cause the loss of a driver’s car and belongings
- Disclose sensitive location and other information to hackers
Lastly, a lack of security could diminish and even destroy a consumer’s trust in a manufacturer. While car manufacturers have the potential of losing customer trust with their security provisions, they also have the capacity of gaining customer trust by providing efficient security and privacy measures. By prioritizing security and privacy, manufacturers will stand out among competitors and earn the loyalty of customers.
Rather than continuing to add more features to cars in order to gain a marketing advantage, manufacturers should first prioritize better security for the connected features in the cars that are already on the market. The Markey report found that almost no manufacturers are giving security the importance it needs. If a car manufacturer were to release a new model that touted top-notch security as its newest feature, that manufacturer would be surprised to find that in today’s data-driven world, customer loyalty always follows security.