Someone recently stated that the development of the Internet of Things is the modern-day equivalent of the Industrial Revolution, and they may well be right. It is exciting to imagine a world where we can control literally everything from a smartphone. But what concerns me is where security sits within the grand scheme of IoT, particularly in the motor industry. And does it? I have my doubts.
There are many plausible uses for having full remote control over vehicles, and science fiction is rapidly becoming reality. Some of the applications include fleet management and control, location of stolen vehicles, pre-programming journey routes as well as emergency assistance in the case of accident. But since car manufacturers foresee vehicles becoming mobile ecommerce platforms (iPhone on wheels), we can soon expect location-based ads appearing on our car dashboards, such as where the nearest Starbucks is or where to buy fuel once the car realises that your tank is close to empty, perhaps with a voucher for a Whopper. Of course there are other concerns too, including the real possibility of distraction whilst driving. UX designers and safety campaigners are already getting worked up about how many accidents will result from the rapid deployment of these devices, however I am more worried about the first hack that sends you down a blind alley, or worse still, starts collecting personal data about your driving habits.
There are several reasons why we need to take this seriously, mostly because connected cars are like an iPhone on wheels, and consequently susceptible to all of the same issues we face on a daily basis with computers. But let’s not forget that cars are big hunks of metal and when not in control, can do a lot of damage.
Where is this going to take us? More often than not, businesses are driven by profit and only invest in safety innovation when required to do so, either by governments, peer pressure or customer demand. We know this because safety studies in developing nations continue to show the dreadful outcome of not wearing seat belts or tolerating drinking and driving, so we should take this into consideration when thinking about how to avoid the consequences of insecure connected vehicles. And if we think even further ahead, what happens when driverless cars start to appear on our roads? Based on recent reports, serious trials are about to start on public roads. This also raises concerns about physical safety, since the systems, perhaps running in the cloud, controlling and coordinating the vehicles are all prone to intrusion and failure. If the US government can’t keep its personnel records secure, what hope is there for a car manufacturer?
All of this is of course speculation, but what we do know is that the Internet of Things is here to stay and connected cars are becoming a common sight on our roads. We will see innovation occur much faster than ever thought possible as the ubiquity of fast networks collides with the availability of high-powered software. The supporting hardware is ready and waiting. I would subscribe to the view that the security industry has both an obligation as well as a huge opportunity in our midst. As usual it will not be the large companies that provide the innovation. It will be left to an entrepreneur with a vision to save the world.
By Richard Kirk of AlienVault