Recent headlines on the hacking of connected cars over the internet has had an impact both on the regulatory side (with a US Congressman sending letters to automakers requesting information on their security practices) and on the automakers’ side (with security roadmaps and measures implemented such as, enabling direct download of software updates).
Automakers are finally beginning to understand that connected cars should be treated just like any other IT system. You wouldn’t access the internet without antivirus protection, outdated software or non-password Wi-Fi access, would you? Well that is exactly the mind-set automakers were in until they received the recent wake-up call. And it seems that security is still an afterthought as they pile up connected modules in the car to appeal to hyper-connected individuals even more.
Fortunately, the same people that exposed the internet hacking threat have come up with a physical device that can act as an intrusion detector. It works in the same way as antivirus software; constantly scanning the computer and internet browser. It is not anticipated to be commercialised, but rather seen as a proof of concept to show that, with sincere concern and an effort to step up security measures, such a solution is well within reach of the automobile industry.
Automakers are actively working on developing the next generation of connected cars. Ford and St Petersburg State Polytechnic University in Russia are collaborating on the future of car-to-car communication. They are using the same technology principles the International Space Station uses to control Earth-bound robots. In short, cars would use other cars as relays when there is no other reliable communication medium to broadcast important traffic-related information.
Although this seems like a very promising idea, it’s surprising that potential security issues were not mentioned once. If such a system was installed in all cars, one could imagine how easy it might be to spread malware from an infected car to the next. It would be difficult to segregate a genuine relay signal from a malicious communication trying to takeover control of a car.
Looking at the terrible track record of the automakers on how they have handled the cyber security issues so far, one should be genuinely concerned about this new communication system being implemented without thinking through the security properly. The current generation of connected cars indicates that security is added as an afterthought rather than integrated early at the design stage. Automakers should utilise knowledge of the IT experts and cybersecurity domain specialists to implement a ‘secure by design’ approach to the development of future car models and tackle the issue of cybersecurity for connected cars. This would ensure that their specialist expertise in pinpointing vulnerabilities in IT systems and designing secure architecture helps in developing a safer next generation of connected cars.