Last week, Wired’s Andy Greenberg experienced what every driver dreads, losing control of your car on a highway. Thing is, he hadn’t blown a tyre, or hit another vehicle. Instead some coders ten miles away had hacked into his car using some smart technology and a mobile phone.
This was not a new version of the classic John Carpenter 1983 movie “Christine”, featuring a rather autonomous (and criminal!) 1958 Chrysler Plymouth Fury but instead a car with a number of security weaknesses. These allowed Charlie Miller and Chris Valasek to send remote commands through the entertainment system to its dashboard functions, steering, brakes, and its transmission. The hackers are due to publish their findings at this year’s Black Hat conference, and fortunately had been in touch with Chrysler for many months about this particular exploit.
If manufacturers thought that their systems were secure and hacking of this type was only possible in movies, they are facing a wake-up call now. Following publication of the story, Chrysler has begun a 1.4 million car product recall to patch the system.
The Internet of Things is a huge opportunity, but if the security is inadequate, trust will quickly be lost. Thankfully, nothing serious happened during Andy Greenberg’s experience, but many who read the story couldn’t believe that he tested it out on a highway with other drivers who were completely unaware.
We’re big fans of connected cars, and have covered them a lot on this blog over the past few months. They have the potential to revolutionise driving, by enhancing safety, lowering insurance fees, and one day driving themselves. But one accident caused by a malicious hacker could have severe consequences. That’s why in the United States, Senator Richard Blumenthal has proposed legislation to set new digital security standards for cars and trucks. He hopes this will ensure drivers are protected as connectivity continues to advance.
To complement this move, car manufacturers should also look into implementing security solutions that authenticate, secure and protect all data as it flows from the car to the network. This would build trust with consumers and let them know car manufacturers are taking their safety seriously in this new digital age. We’ve been working with them on solutions to ensure that a connected car’s infotainment systems, telematics, data, applications and networks are secure.
We believe this partnership is vital as car manufacturers and OEMS are experts in dealing with security of the internal systems when the car is not connected. But once the car goes online, things change. And as the Wired story showed, it is now imperative that connections to the outside world do not open up any back doors into the car, its communication systems or underlying infrastructure.
This is also true of many other devices as that are being brought online for the first time, and why we’re working hard to secure the Internet of Things. Personally I would not like my toothbrush to gain the same “feelings” as the one “Christine” had for its owner.
The future of the transportation industry will rely on communication and security between cars and other IoT connected elements such as street lighting systems and even other vehicles. It is an exciting time, but clearer than ever that security must be at the heart of innovation.
What do you think of the Wired story? What do you think we need to do to protect connected cars from hackers? Let us know either @Gemalto or in the comments here.