One of the very surreal and prophetic meetings I had was years ago was with the On-Star division of GM. I was invited in by one of the executives I’d met while he was working in IT for a large consumer goods company. He had recently joined the On-Star effort, which was in its infancy at the time, and was appalled at the lack of security over the technology. I was running the firm’s security practice at the time and was brought in to talk some sense to the executive team who largely blew me off. I thought as I left that this wouldn’t end well and we’ve recently seen some rather frightening demonstrations, even though they were with Chrysler not GM, that the auto industry just didn’t take security seriously.
Intel has been working with a variety of car companies over the years to develop some rather interesting solutions, like a headlight system that can pierce ran and even snow. This is actually pretty amazing and could be a real life saver in a storm. But while car makers are new to security, Intel isn’t having bought McAfee a few years back to address the near out of control problem with security on PCs and servers. So Intel can hit the ground running and largely as a result of these automotive security breaches, they have formed the Automotive Security Review Board to try to help the car industry fix what is now a nasty problem.
Let’s talk about how you might want to buy an older car over a new one until these problems are solved this week.
Old Is Safer
Older cars had physical connections between the steering, engine control (throttle), and braking systems. You could remote control them but only if you spent days installing controls, servos, and remote control technology in the car and making all of that stuff invisible would have been nearly impossible.
But newer cars have drive-by-wire systems where the throttle, brake, and even the steering wheel aren’t physically connected they just interface with a control unit that then interfaces with the car. The positives for this are that you can better adjust what they do based on conditions and speed and they are far easier to install because you just need to run wiring and connect to power and a common network which, increasingly, could be wireless.
But now if someone wants to take control of your car, they just need to wirelessly hack into the network and while this still largely requires some type of physical access to the car, the control unit is very small and easily hidden.
This suggests that if you are concerned about security you would be far safer in a car that was older than 2005 from the standpoint of security but then you are faced with problems associated with the car starting to fall apart. Low mileage well cared for older cars may suddenly be in relatively high demand once folks catch on that newer cars can be easily hacked and made unsafe.
Fixing the Problem
It isn’t trivial to address what has been a serious oversight for some time. Granted, few of the automakers were as careless as Chrysler and haven’t connected their entertainment and car operating systems together. But the idea that you can secure an increasingly connected car by leaving critical systems unconnected won’t work if someone comes up with an easy to use plug in remote control module. Or, for future cars, (and Tesla) just hacking into the network that controls the car. (I should point out that Tesla, at least, took security seriously but even they were vulnerable.
To fix this requires a top to bottom change in the way cars are built and secured and that is what the Automotive Security Review Board’s mission is. Every component that is connected has to be secured (a few years back a bunch of VWs where hacked through their wireless tire pressure system in the tires and disabled, a later test showcased a hacker could do far more which subsequently happened in Texas).
And, particularly when we move to full autonomous driving, if there is a way to break in someone will find it and this effort is to give the folks building the cars a fighting chance in making sure we don’t become the proof they didn’t get this right.
Wrapping Up: Old May Be Better
While it is great to have a lot of electronic gadgets on our cars, right now, they represent a potentially deadly risk to our safety. As a result you may want to favor new and older cars that don’t have drive-by-wire systems and can’t be taken over without a massive amount of work. If it’s easy than any kid could do it and you don’t want anyone in your family to be the statistic of a prank gone wrong, which, right now is more likely than a criminal or terrorist attack. However once these cars are all connected and able to drive autonomously a hostile agency could take over hundreds and simply issuing a command that took them to maximum speed would have massive deadly consequences. It is critical that programs like Intel’s take the car industry where it needs to be before a large percentage of us become some kind of distributed 9/11. Personally I’m thinking it will be a while before a buy a new car.
President and Principal Analyst, Enderle Group
Antivirus software is not enough. Apex Technology Services used its decades of IT and cybersecurity
experience to create budget-friendly network security packages every company needs.
Please take a moment to fill out your information so we can contact you directly regarding your request.
Is Web3 a thing yet? Click here to learn about the 2024 Web3 story so far.
Shabodi, an Application Enablement Platform (AEP) provider unleashing advanced network capabilities in LTE, 5G, 6G, and Wi-Fi 6, announced they have l…
Endpoint protection, also known as endpoint security, is a cybersecurity approach focused on defending computers, mobile devices, servers, and other e…
Databricks is an innovative data analytics platform designed to simplify the process of building big data and artificial intelligence (AI) solutions. …
Blue/green deployment is a software release management strategy that aims to reduce downtime and risk by running two identical production environments…