A smart phone on wheels
Buoyed by today's smart cities and the need for the world's 1.2 billion motor vehicles to be able to navigate the world's streets more safely, there has been a substantial rise of what is commonly referred to as the 'connected car'. In fact, some 12 per cent of all cars on the roads are predicted to be connected to the internet by the end of the year(1). Internet-connected cars can enhance the driver's experience by providing driver-assistance apps, as well as information and a plethora of entertainment services.
Connected cars are already one of the biggest exponents of the Internet of Things (IoT) revolution to affect consumers. In the US, smartphone penetration has hit a saturation point and there are now more cars being added to mobile networks than actual mobile phone handsets.
A breach of public safety
But whilst the market is firmly in fifth gear, the security that underpins connected car technology is still spluttering in second at best. There have already been a number of pre-planned hacks such as a well-publicised one on Jeep last year where hackers took over the controls wirelessly and sent commands through the car's entertainment system. This enabled access to its dashboard functions, steering, brakes, and transmission with the driver unable to override them(2).
Until now, security and safety have been considered as two completely separate entities, but the potential breach of a connected car could lead to a driver, passenger or pedestrian sustaining physical harm. This is one of the first times that computer security is intersecting with public safety, with serious ramifications.
A shift in focus
Automotive manufacturers have been focusing so much on adding functionality and usability in line with customer demand that they haven't been properly considering the threats. A shift in focus is needed. Manufacturers have to start placing security front and centre, and take the potential human safety impact much more seriously. Many of the systems being put into connected cars can be downloaded from the internet, so are accessible to all, including those with nefarious intentions, putting the safety of the public at risk.
Source of the problem
Whilst the attacks on connected cars so far have been limited to pre-planned hacks, it is no stretch of the imagination that criminals could use a similar technique to the Jeep hack to gain access and take control of a car innocently parked on your driveway. To minimise the risk, it is imperative that quality assurance and security is embedded across the development lifecycle by car manufacturers, ensuring that robust security protection is baked in from the very beginning.
A constant battle
Security is an ongoing process. New vulnerabilities and new methods of attacks are always being developed and discovered. Until now automotive manufacturers have been complacent in their attitude to security. It was, more often than not, a token gesture tacked on at the end and not taken seriously. This needs to change and we, as consumers, can demand it.
Security is not a complete solution and a system can never be truly 100% secure. However, by placing security at the same level of importance as human safety when it comes to automotive manufacturing, there will be both an immediate risk reduction and a process in place. After all, the cost of testing is a small price to pay for increased public safety.