Last year, numerous alarm bells were ringing about the lack of security being integrated into smart home products, which leaves them vulnerable to attacks from outside influences.
Those fears came to brilliant recognition after the DNS attacks on the servers of Dyn, a company that controls many of the domain name system of major internet companies such as PayPal, Twitter, Amazon, Netflix, Spotify and others. Hackers were able to turn smart home products into package generators causing distributed denial of service (DDoS) of the servers, crippling many parts of internet that are visited frequently.
The blame fell at the feet of product companies that were more interested in rushing smart home devices out the door instead of doing the proper due diligence to protect them. While this is still a concern, smart home makers are starting to turn the corner in terms of how they protect devices that were once very vulnerable.
However, now the automotive market is on the crux of enabling more connected options in cars in order to produce a greater level of comfort and entertainment options in vehicles. And once again, it may be coming at the expense of not properly securing these options before installing them in vehicles.
While there have been just a few instances where cars have been hacked — either taking over controls of the vehicle or taking control of the various programs inside the vehicle — the more connectivity options added to the car, the more it becomes a frightening possibility.
“In the smart home, the consequences of something going wrong or losing control over a system is limited, and we can identify easily how to get it back under control,” says Denish Kithany, senior principal analyst for smart home and appliances at market research firm IHS Markit. “But the consequences of something going wrong in a connected car is much more serious and life threatening.”
Kithany says automobiles are quickly becoming much like the extended smart home, and many cars even have sensors that can be recognized by smart home devices when a user gets close to a house. Given how many consumers desire a similar connectivity in their vehicle as they have at home, car makers are pressed to want to include more options and they are able to get way without a secure system because they assume the devices they recieve from semiconductor vendors and device makers are safe and not hackable.
“They are taking it for granted, and we have a long way to go before car makers and the devices being integrated into the connected car are indeed safe,” Kithany says.
Securing the connected car requires that the devices inside the vehicle can’t be hacked, but also that the devices that are being used to connect to the car are also secure. This involves authentication methods that are not currently in use by most major manufacturers, says Rod Schultz, chief product officer for Rubicon Labs Inc.
Rubicon is developing cryptography for the Internet of Things with secure authentication services that authorize device policies so that the car has authorization to communicate with outside devices or portals on the internet.
“We don’t see a lot of motivation coming from the automotive space,” Schultz tells IEEE Electroncis360 at the recent Internet of Things World conference. “Until someone becomes the ugly duckling in automotive cybersecurity, we don’t think there will be motivation.”
Schultz equates this lack of motivation in the connected car to other priorities influencing car makers. While car makers know they need to get there, they’d rather have Netflix available for consumers than having the connected car be secured.
“We don’t know the costs yet to this in how it will impact connected cars or the lives inside these vehicles,” Schultz says. “If you were going to tell me a year ago that baby monitors were going to be hacked, I would have said ‘Oh so baby pictures will be leaked onto the Internet?’ No one knew hackers would use these to attack other systems. We don’t know exactly what can be done to a car or with a car because we haven’t reached that point.”
Frans de Rooij, director of product management for automotive at TomTom, says it is understandable why car makers are being cautious about security in the connected car, because the stakes are huge.
“If your smartphone doesn’t work or the operating system doesn’t update, you accept it and the next day go to the shop to get it fixed,” de Rooij says. “It is not accepted from your car. You want it to work and if it doesn’t you have to take a whole day to bring it to a dealer resulting in a huge hassle.”
In order to avoid mass issues with cars because security doesn’t work on connected devices, car makers are being very careful to implement security measures despite knowing they need to eventually get there, de Rooij says.