Often, I get the feeling that the future is already here. My father’s 1970 Ford Escort was manual, it didn’t have air-conditioning, or even seat belts in the back seat, because who wore those back in the day. For some reason, though, it never crossed his mind that there was something unsafe about driving around in his brand-new, shiny white Ford without a seat belt on. Who would have thought that 45 years later electric cars with Tesla-grade technology would be on the market, and that the next big thing for automotive would be autonomous vehicles?
The futuristic revolution unfolding in the automotive industry holds great promise, but it also poses significant threats. Not just to the individual, but to entire nations on a global scale. Now, before you accuse me of exaggerating, let me explain. These smart and connected cars are essentially mobile IoT devices that remain an integral part of the automotive manufacturer’s organizational network long after they leave the dealership.
This translates into technological dependence on the manufacturer to confirm that the car is secure, that its software is patched and that there are no ways for hackers to carry out attacks that could potentially put lives at risk. To put some of these concerns into context, in 2015 two hackers, Charlie Miller and Chris Valasek, were able to hack the Uconnect system in a Jeep Cherokee, cutting the vehicle’s transmission and brakes while it was in motion. The duo completed the hacks, which also included remotely commandeering the wheel while the vehicle was in reverse (terrifying!), presenting the severe vulnerabilities they discovered in this “smart car” to the automotive community. The hack was carried out in a test environment, but if the vehicle had been on the road, such a hack could have had severe, life-threatening consequences.
It’s safe to say that the latter example is only a preview for the level of risk inherent in self-driving cars. Because the entire process and skill of driving is automated, there is significantly more room for dangerous hacks. What if the passenger falls asleep? They might end up causing a major accident or tragedy without even knowing it. Could these drivers be held accountable for negligence? Who is to blame is such a terrible situation — the passive passenger or the automobile manufacturer?
Charlie Miller, the same researcher who discovered the vulnerability of the smart car, was tasked with researching the potential security breaches in autonomous vehicles. He found, and we should probably heed his words that, “Autonomous vehicles are at the apex of all the terrible things that can go wrong.” Because autonomous cars are at the mercy of computers, there is even more room for hacking operations, potentially on the scale of a full-force terror attack.
Given the myriad security challenges inherent in automotive transformation, how can car manufacturers safely drive their networks? Protecting cars against these ever-evolving threats must be an on-going and active pursuit. Public key infrastructure (PKI) authentication is one way to address the security of automotive networks. PKI’s role in IoT is to provide robust authentication, using appropriate certificates that systems, devices, applications and users need to safely interact and exchange sensitive data. If connected cars are not developed with proper security measures, they will not stand a chance against the attackers waiting beyond the assembly line.
Connected and autonomous vehicles are here, heralding in the most significant technological revolution since the invention of the automobile itself. However, the thought that they pose significant security threats — not just to information, but to physical people — makes me want to get back in the back seat of my father’s old Ford. True, we didn’t have seat belts back then, but at least I trusted the driver.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.