Last month, Andry Rakotonirainy from Queensland University of Technology's centre for accident research and road safety told it like it is.
Security protection on cars is virtually non-existent, he said, calling it more akin to the level a 1980s desktop computer. “The basic security requirements such as authentication, confidentiality and integrity are not strong,” he concluded bluntly.
His voice is one of many in a growing and understandably concerned chorus.
The emergence of the smart and connected car is as inevitable as it is exciting and potentially terrifying.
Fast forward to 2030, and Lux Research believes that technology for self-driving cars alone will be an $87 billion market.
According to Google, self-driving cars could be hugely desirable and could reduce road traffic accidents by over 90%, with around 30,000 fewer deaths and two fewer injuries by 2020.
But are we really ready to be ferried around in a car essentially recast as a smart device on wheels, and do we have what it takes to shoulder the associated security challenges?
While the sci-fi-esque scenario of widespread adoption may still be a while off, the connected car security debate is at least gaining notable traction in mainstream forums.
The list of expository hacking exploits keeps growing, cranking up the industry’s fear factor and forcing people to get serious.
Last year, hackers Charlie Miller and Chris Valasek used laptops to commandeer the steering and brakes of a Ford Escape and a Toyota Prius.
In China, Zhejiang University students recently hacked the Tesla Model S with an attack that enabled them to open its doors and sun roof, switch on the headlights and sound the horn – all while the car was driving along.
At the Def Con 22 hacking convention, a collective of security experts – the valiantly titled I Am the Cavalry – fired off an open letter to jumpstart the automotive industry into action.
In a five-point plan, the group detailed the need to improve rigorous testing and transparent design, third-party collaboration, a consistent method to capture malfunction evidence (deliberate of otherwise), frequent security updates, and the segmentation of vital systems, like braking, from the infotainment system.
Big names know they need to be on top of these issues and are starting to stand up and be counted.
Recently, Mercedes announced it was preparing for a driverless future using a cloud-computing setup to protect data as cars’ mobile links and software expand.
Apparently, the technology will, among other things, enable those in the vehicle to control how much data is externally accessible.
The automotive industry has big challenges moving forward and it will need to be intimately aligned with technology developers and providers to keep drivers of the future safe.
For example, there will be an intense added responsibility of not only protecting data collected from consumers from things – in this instance, cars – but also the application programming interfaces (API), in other words the channel through which it is delivered.
Clearly, with applications already under fire from constant and mutating threats, service providers need a game-changing approach when it comes to securing and authorising the use of these APIs.
For the internet of cars to rev up in earnest, access and identity services will also have to be far more scalable, flexible and dynamic as masses of data is generated and potentially exposed.
Cutting-edge context-awareness is another impossible factor to ignore, with systems needing to be able to intricately and comprehensively discern at the logical perimeter whether or not access should or should not be granted.
We are speeding towards a point in time where the information superhighway bleeds into, informs and orchestrates activity on actual asphalt.
Now is the time to ensure the infrastructure likely to empower the connected car of tomorrow is fine-tuned, realistic and, above all, safe.
Sourced from Gary Newe, F5 Networks