Technology is an amazing thing. Increasingly, almost any household appliance can join the IoT (Internet of Things) and create a seamless, simple lifestyle for you. But the biggest threat to this is insecure systems that can be hacked into.
It seems incredible, but in 2014, internet hackers broke into hundreds of thousands of gadgets in residential homes. Then, they used these TVs, routers, and fridges to send almost a million malicious emails. You read that right- your fridge could be used against you. Even worse, a smart fridge that’s not secure can be hacked and used to access your entire network, unearthing your Gmail account details and putting you at huge risk financially.
If your fridge can do this, what about your car?
Why is your car connected to the IoT?
New cars are coming with a range of smart functions. Connecting your car to the internet makes it a whole lot smarter and sensitive to its surroundings. While self-driving cars spring to mind, it’s about more than that. Data stored by your car regarding your car use allow insurers to give you more personalised car insurance. Your behavioural patterns might help you get a car loan. Your car plays your music, navigates, takes your calls, and can act as a hotspot so the kids can be quietly playing games in the back seat. It can make your driving safer, diagnose faults, and even park for you. It offers heightened security features and even alert emergency services if you have an accident.
The range of functions a smart car gives you is huge. But as we are learning, it presents an added element of risk for the non-tech savvy.
Security flaws discovered in Volkswagen and Ford cars
These two brands have recently been found to have a series of security flaws. These faults can allow hackers to access cars in order to gain personal information, like your phone number, or where you’ve been. More worryingly, it allowed them to tamper with tyre readings, so the car displayed incorrect readings, causing safety concerns.
Experts looked at the Ford Focus Titanium automatic 1.0L and Volkswagen Polo SEL TSI manual cars. They were able to find information about the tyre pressure system in the Ford. This doesn’t seem like a big deal, but someone with nefarious plans could manipulate the system to display incorrect information, such as saying the tyres are fully inflated when they are flat.
The experts could also access information about location, direct of travel, warning lights, levels of fluid and petrol consumption. Ford also tracks speed, acceleration, steering and braking, and this information is shared with affiliates and dealers. These vehicles also still have wifi details and passwords for the computer systems in the Detroit-based production line.
The Volkswagen flaws were even more worrying. Simply removing the VW badge from the front of the car could potentially give access to the front radar. This can then be used to tamper with things like the collision warning system, which is a huge safety risk.
The cars collect personal information using the ‘We Connect’ app, which includes access to calendars and USB storage. While this data is apparently only sent to third parties to fulfil contractual obligations, the wording of this is vague enough to cause concern.
What’s the problem here?
Largely, the big concern is the lack of regulations around this new in-car technology. While there are strict crash standards, there’s nothing in legislation about protecting cars from outside hacker attacks, or how and who data from the car can be disseminated to. This leaves your data available for anyone to use- from a hacker wanting to cause trouble, to large firms using your data in ways you may not like.
Governments should be working to ensure security measures are in place, and consistent across brands. While individual manufacturers do their own homework, there’s no guarantee the systems will be effective, as the results show.
As an individual, how much information are you okay with sharing? Things like mechanical faults are important to share with manufacturers. But are you comfortable with them knowing where you drive, how much you use your car, and at which speeds?
And a reminder; these were two cars selected at random. What weaknesses and gaps in security do other brands of cars have? If we don’t address these issues now, we may start to face some worrying problems. Famously, a Jeep was taken over by a hacker while it was driving and immobilised it. It could be as simple as taking over the radio controls, but it’s possible with poorly designed and maintained software. The future needs laws to control these systems and ensure they meet a minimum stand of security.