Over a million developers have joined DZone.

What Security Concerns Exist For Connected Cars?

The safety considerations that must be considered as vehicle-to-vehicle connected cars become more mainstream.

· IoT Zone

Access the survey results 'State of Industrial Internet Application Development' to learn about latest challenges, trends and opportunities with Industrial IoT, brought to you in partnership with GE Digital.

The fundamental problem is that the industry hasn’t created a thorough (and openly available) threat model that adequately considers what hackers might do. The analysis of V2V communications I’ve read focuses on safety issues — what happens under normal circumstances and even when crazy things happen on the road.  There are numerous engineering challenges here, but the analysis doesn’t include malicious actors.

These safety considerations are nothing compared to the circumstances when a hacker gets involved.  Consider the attacker jailbreaks a V2V communication system.  Now he can send arbitrary messages to any other vehicle at any time, tricking the device into issuing alerts to drivers.

What if the attacker can send a message that contains an exploit for the system in your car?  This provides the attacker the ability to do anything that is within the physical capability of the V2V system.  Even start to attack other reachable systems within the car.   To my knowledge, current V2V isn’t intended to allow access to brakes, steering, etc…  However, manufacturers are motivated to consolidate computer systems. Why deploy two when one will do?  The history of security isn’t good in these situations.  Attackers have been incredibly adept at bridging from one system to another.

On balance, though, I think V2V will be good for overall safety.  There will certainly be vulnerabilities, which we will fix. And there may be attacks, which may be disastrous. But I believe this will be a huge net positive for driver safety.  I just wish we didn’t have to always field technologies with massive security holes and then spend decades patching them up. Relying on unpaid security researchers seeking BlackHat fame just doesn’t seem like the right model when people’s lives are on the line.

The IoT Zone is brought to you in partnership with GE Digital.  Discover how IoT developers are using Predix to disrupt traditional industrial development models.

Topics:
cars ,iot ,security

Published at DZone with permission of Jeff Williams, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}