Connected cars are changing the way we drive, featuring active safety technology that can reduce the risk of accidents, and time-saving benefits like alerting us to traffic patterns and car maintenance needs. They provide infotainment features that can enhance our enjoyment of life behind the wheel, and allow us to connect so our home office can travel with us. However, with this added convenience, safety and efficiency, come risks. Indeed, connected cars come with vulnerabilities that can pose a significant threat to our privacy.
Privacy and Safety Risks
Data Theft. Connected-car technology is still quite new, and this means that the automakers providing these products have a relative lack of real-world experience when it comes to protecting your valuable personal information. But as the number of connected cars sold grows, so too does the volume of data our cars collect. The International Association of Privacy Professionals predicts that over the next five years, between 60-75 percent of cars on the road will be able to receive, create and share web-based data. And much like your laptop or your smartphone, many connected cars can offer thieves a direct link to your personal and financial information.
It’s easy to see how these vehicles could be tempting targets for hackers: vulnerable data includes your name, address, email address and credit card information, not to mention driving habits and whereabouts. Think of the information that a GPS alone can provide: where you go, when you go and how you got there. Combine this with your personal data, and a hacker suddenly has a lot of power.
Vehicle Control and Access. A couple of well-publicized cases have shown that hackers can remotely hijack a vehicle and digitally assume control of its systems, including the car’s radio, climate control system, brakes and even the steering wheel. Thankfully, these hacks have been conducted with the aim of improving security, without malicious intent. Still, this capability in the wrong hands presents obvious safety risks, and can risk privacy as well: Remote hackers have the ability to track, unlock and access a vehicle and its contents.
Another key area of weakness on this front concerns connected-car apps. These apps allow you to govern various automotive features via your smartphone, including monitoring the health of your vehicle and alerting roadside assistance or emergency responders during an accident. They certainly add convenience, but they also provide thieves with another way of accessing and controlling your vehicle. If you lose your smartphone or if it falls into the wrong hands, you could be giving someone a means of breaking into your car.
Third-party apps present yet another vulnerability. Vehicle manufacturers have no oversight regarding these apps, and this can make them inherently less secure. It’s not difficult to imagine a scenario in which these apps are used by hackers as gateways.
A Strategy for Risk Reduction
It’s clear that the success of increasingly connected and autonomous cars is largely dependent on the security they can offer. In fact, a survey conducted by ABI Research revealed that when it comes to the major barriers of the adoption of autonomous vehicles, security concerns were second only to legislation hurdles.
For those in data-centric positions, the most powerful strategy for reducing risk involves industrywide sharing of information. An attack on one automaker can have repercussions across the entire automotive industry, and such an event may even affect the technology industry as a whole. With this in mind, it’s essential for security executives across a wide range of companies to work together to improve risk mitigation.
It’s this thinking that fostered the launch of the Automotive Information Sharing and Analysis Center (Auto-ISAC). This organization is committed to improving automotive cybersecurity via tools such as crowdsourcing.
Personal data and safety is not only vulnerable to the hacking of connected cars. As the cars begin to communicate with each other and with city infrastructures, they are also more susceptible to viruses, which can affect everything from the data collected to the operation of the vehicle itself. Software programs like the one from Argus Cyber Security aim to reduce these risks, by working with car manufacturers to bake anti-virus software into the car’s system.
We Are All Connected
One thing’s for sure: Connected cars are here to stay, and their scope and reach will only grow more wide-ranging in the years ahead as more and more car buyers adopt the technology. As data-centric professionals, we can help reduce the risks and growing pains associated with this nascent technology by pooling our resources to develop smart solutions.