The Connected Car Expo begins tomorrow (November 18-20,2014) in Los Angeles alongside the Los Angeles International Auto Show. The question of Car or Computer? is at the forefront of this expo. In this second blog I will share some of the intriguing threats and strategies that experts see down the road for the security of complex connected cars.
There are as many as 100 million lines of code in the average high-end car’s software. We depend on that software for operation, for safety and, yes, for connectivity these days. Does that scare anyone? The security of the connected car is not something the manufacturer or supplier can solve by changing one or two things.
There is simply too much surface area to cover. Consumers think of a car’s technology as a house with one big, think door to enter and exit. Today, that could not be further from the truth. In fact, today we have lots of doors and windows into that house. today’s car, by necessity, has a lot of way to get into it. Then once you add additional communications connecting the car and the outside world, a car is no longer a self-contained system.
Why would someone be interested in hacking into a car?
Some might want to steal personal data to make a point or to show off their skills. Some may be competitors intent on stealing intellectual property such as manufacturer or supplier designs. And some may be from a disruptive source…some call them terror communities, although I find little to be terrified of, seeking to shut everyone’s engine off during rush hour. But perhaps the most likely threat is to steal personal data for monetary reasons, stealing identities or even stealing the vehicle.
In the future one can envision walking up to their vehicle and their smart phone connecting to the car, instantly sharing your information and apps. When that happens, you call will be connected to all your contacts, banking information, personal history…well you get the point. It is not about “will the connected car get hacked…it is when.”
When the manufacturer says it is hard to secure everything but we will take care of it…that is not very reassuring. Partnering with top-notch providers such as IBM, Cisco and AT&T, each with a strong focus on security will ensure that the intelligent transportation system will have a secure connection to the cloud.
Experts say that companies need to review the connected vehicle architecture to identify “threat vectors and attack surfaces”. Security must be built into the entire supply chain, into every chip and board that is installed in a vehicle, throughout its lifecycle, including maintenance and repair.
John Valasek of IOActive said, “Just hoping that no one breaches security is not the way to go. Designing systems while being security
conscious is a step in the right direction, as well as knowing when to ask third-party experts for help.”
I could not agree more!