Dumb and dumber or fast and furious
0 likes297 views
The document critiques the car industry's inadequate cybersecurity measures, comparing its current state to past failures in the software industry. It highlights how manufacturers are unprepared for cyber-attacks and questions their approach to data privacy. The author urges consumers to demand better security protocols and consider the implications of data sharing when purchasing vehicles.
Dumb and dumber or fast and furious
- 1. Dumb and dumber or fast and furious? Credit : Thinkstock Is the car industry is going to repeat the same mistakes the software industry made decades ago? It’s like a scenario out of a fiction book. Two forces join together and create a much worse universe than on their own alone. This is exactly what seems to happen to the car industry respectively to the car’s own IT services like connecting to the internet, control car functions and any other software based applications or system inside your car. These systems or applications the car industry offers or imposes on its clients fail to safeguard the most simple attacks. Just recently a teenager hacked with a 15$ dollar software kit into a car manufactures software and manipulated actors in the system like the horn and lights. You may say these are non- essential services but losing the lights at wrong time or your horn goes off at the wrong place could lead to fines or worse.
- 2. The car industry is now at the exact same point the IT industry was decades ago. The problem is security has not been built into those system rather is has been bolted on. It is saddening to see all the past failures of the software industry have to be repeated by the car industry. Let’s go there for a minute if history repeats itself we will have the first viruses soon, then we will have targeted attacks on specific car systems or manufacturers some will be more easy to hack others less. Some manufactures will state hidden or non-public source code is safer and other state public software and open source code is safer. As we all know this is far from the truth both models created a mess in the security landscape. All known software and applications had their fair share of vulnerabilities and mishaps. Next we will see system breakdowns formerly known as blue screens. Then maybe we will have car theft by ransomware meaning your car software will be encrypted and locked until you pay for the release of the encryption key. And lastly what about privacy? Do I really want to have my car sensory data hosted in the US? What influence do I have over my data? Can I ask for a deletion of my data? Will my data about speed, gear used, GPS coordinates shared with anybody or sold? Some location based ads when passing by a fast food place on your car display. Can the car industry resist the temptations of mobile advertising? I haven’t seen very reassuring signs form the car industry on how to tackle the most basic security scenarios. How is the car industry going to respond to country based privacy guidelines? Car companies’ lack fundamental understanding of how their own systems work and have little clue how to defend them, according to the report, which was released Monday by U.S. Senator Ed Markey (D-Mass). Only two automobile manufacturers of the 16 surveyed could describe how they would respond to a real-time infiltration of a vehicle, the report said. Six manufacturers avoided answering the question on their response time entirely, and six more answered with "vague mentions" of "appropriate actions." "Drivers have come to rely on these new technologies, but unfortunately the automakers haven't done their part to protect us from cyber-attacks or privacy invasions," Markey said in a written statement.
- 3. I advise everyone with an interest in cars, security and IT to read this comprehensive report. Here is the link to the full version:http://www.markey.senate.gov/imo/media/doc/2015-02- 06_MarkeyReport-Tracking_Hacking_CarSecurity%202.pdf For your next car buy you should ask the car dealership for an option to switch off these systems so you can have control over how and when your data is being exchanged and shared. Like the airbag for the passenger side. It would be encouraging to get signals from the car industry about taking security and ultimately privacy seriously. Maybe the appointment of some heavy weights from the security and privacy industry by the leading car manufactures could express commitment and highlight the seriousness of the topic. I wish you a good trip in your car on the commute from or to work! What are your observations? Do you trust your car manufacturer of choice with your data?