Connected Cars Show Great Promise, but Safety, Security Worries Persist
"We're creating innovation partnerships with foundries and labs, to figure out how can we take all of this connectivity and use it in a really meaningful way for our customers?" he continued. "Every day, I hear new ideas. ... We think this is a massive opportunity, for AT&T and for society as a whole." Securing the Connected Car "As with so many things," said Steven Durbin, vice president of the Information Security Forum (ISF), "there's so much potential—and then the security piece creates a roadblock." This summer, Twitter engineer Charlie Miller and security consultant Chris Valasek—who last year received a grant from the Defense Advanced Research Projects Agency (DARPA) to investigate the security vulnerabilities of connected cars—went on a press tour to show how, using a laptop or even a video game controller, they could take over a car's brakes, gas pedal, steering and even its horn.Miller and Valasek shared their findings with Ford and Toyota, whose cars they'd hacked into, and both carmakers said they were "taking the research seriously," NPR reported. This is another example of why connected car technology is a two-edged sword when the security implications are considered. If all that's been promised is enabled, said the ISF's Durbin, "I could be on the road on the way to the airport, I can be told on the way that there's traffic, the car can alert the airport to sell my ticket and book me on another flight. Which is amazing." But should bad guys gain control of the same systems, "they could divert me—tell the car there's a roadblock and take me off course," said Durbin. "There's this challenge of how you make the car secure, or at least very difficult for the bad guys to take advantage of these things." Durbin also brought up the instances, this summer, of people breaking into cars using what seemed to be key fobs. ("Breaking in without breaking in," said Durbin.) At the Black Hat hacker conference in 2011, researchers had similarly shown how they'd figured out how to remotely unlock and start the engine of a Subaru Outback. "I could care less if I could unlock a car door," Don Bailey, one of the researchers, told USA Today. "But the same system is used to control phone, power and traffic systems. I think that's the real threat." The ISF, which does research around topics of interest for its Fortune 500 member companies, began looking into the connected car issue years ago and has advised members about the potential for security-related threats around shipments being transported by road, or of abductions of high-value targets. There's also the potential for someone to hack in and create chaos, as a diversionary tactic while something else is going on, Durbin said. Somewhat more benign, he also offered the example of the little black boxes that young drivers in England often opt to have in their cars, as a way of proving their safe driving practices to insurance companies, in exchange for lowered fees. "That sort of information in the wrong hands, however, is a real issue," said Durbin, adding that encryption is a must. Another nagging issue is that fact that connected cars must constantly communicate with one another and with points along the road in order to operate as an efficient whole. A driver's whereabouts could be known at every moment (which, with GPS enabled on a smartphone, they could be anyway). It bears remembering, Durbin noted, that we're still in the early stages of understanding all the implications of this issue. "For automakers, safety components are their first port of call. Then, secondly, we'll see them move into security components. I always think it takes someone breaking in before people really take notice of the security issue," said Durbin. "You just hope that people aren't going to go too far." Follow Michelle Maisto on Twitter.
"If I'm an attacker and I break into, say, your radio, I can send messages [to the car's computer] and say, 'Hey, I'm the brakes, and I'm telling the engine to do this,'" Miller explained during a July interview on National Public Radio.