The risks of the Internet of Things:
Read time: 6 minutes
The risks of the Internet of Things: car hacking
According to The Economist, three things would help make the internet of things less vulnerable. Manufacturers should be compelled to ensure that their products can be patched to fix security issues. A proper liability regime is the second defence: the use of responsibility disclaimers for bad consequences of using products becomes untenable. And finally, rather than shooting the messenger, companies should embrace a culture of openness, in which researchers are rewarded for bug warnings.
The case: car hacking
The experiment reported on wired.com started innocently enough: the hackers/researchers turned on the vents at maximum setting, then the radio at full volume and subsequently the windscreen wipers. They continued toying with the digital display of the car. From a laptop at a 10-mile distance, the researchers hijacked the car, operating it remotely, leaving the driver powerless.
Wired.com reports that the research shows that hundreds of thousands of cars are vulnerable as a result of the use of Uconnect. Uconnect is an Internet connected feature enabling phone calls and controlling the car’s entertainment and navigation. Using Uconnect as an entry, the hackers then rewrite the car’s firmware *) remotely (no physical access is needed) and plant their code, giving them the ability to control the car.
Suffice to say that these hackers/researchers are the ‘good guys’, Charlie Miller being a former Twitter security researcher and NSA employee and Chris Valasek the director vehicle security research at IOActive, a consultancy firm. Although the industry does not approve of their methods, these researchers are showing the industry the weaknesses of car systems and enable the industry to take measures before less well-intended hackers get their hands on the technology. Whereas their earlier tests revealed weaknesses using a PC wired into the car dashboards, this test was entirely wireless.
Their research is now inspiring legislation on new digital security standards for cars. In addition, Miller and Valasek have been sharing their findings with the manufacturer of the cars tested. As a result of this research, the manufacturer in question has created a patch and has issued a recall for 1.4 million (!) cars.
Security and liability
Security and liability are major issues for developers of driverless cars. Regulators are particularly worried about hacked driverless cars becoming mules for criminal activities. And then there’s the question of liability: if responsibility shifts from the driver to the manufacturer, the impact on the motor liability insurance industry will be huge.