Fiat Chrysler Auto Recall Highlights Rising Fears About IoT Hacking
It's fair to ask Fiat Chrysler why the company waited as long as it did to decide to make the software update the subject of a recall, especially since the flaw was apparently known to the company's engineers as early as January 2014. The National Highway Traffic Safety Administration has announced that the agency has launched what's called a "recall inquiry" to determine if Fiat Chrysler is performing an adequate fix. In addition, it appears that the recall only happened at the NHTSA's urging. 2015 model year vehicles already have the new software and don't need to be updated, according to information provided by Fiat Chrysler. It's worth noting that Chrysler isn't alone in its exposure to potential risk. The NHTSA has already launched a study into exactly this problem. In fact, the agency is well along into developing requirements for vehicle cyber-security, including specifications for how future vehicle-to-vehicle communications would be secured and for the level of encryption and authentication that should be required. Fiat Chrysler also isn't alone in finding vulnerabilities in its vehicle data systems. Earlier this year, General Motors' OnStar system was hacked by researchers at the Defense Advanced Research Projects Agency. And earlier, a German auto club discovered a vulnerability in BMW's ConnectedDrive system that allowed remote operators to open and close windows and lock and unlock doors.The same can't be said for the vast majority of IoT devices that exist on the periphery of networking. These ubiquitous devices, which may be in anything from building HVAC systems to climate monitoring or vehicle toll systems and traffic lights, exist in an area where security is fairly rare. While you may hope that the seemingly facile control over traffic lights that you see on television is only fiction, the reality is that it may not be. So far, much of the security in the IoT has been due to obscurity. But obscurity is not really a long-term security solution. At some point real security is necessary, or our "things" will become unmanageable. And then we really will be in trouble.
The reason that you're hearing about vulnerabilities in cars suddenly is mainly because they're the most visible implementation of the Internet of things (IoT), but they're by no means the only IoT devices that are vulnerable. In fact, cars have an advantage in terms of solving security problems because they have capable onboard computers and robust networks.