One of the big “new” problems surrounding cars is the ability for hackers or nefarious people to access and use the data collected. I say new because the issue has been growing for a while thanks to electronics.
With the rise of consumer style technology and the ability to apply a sensor to many components in a vehicle, the volumes of data collected per journey is increasing significantly. This data is very valuable for many parties:
1. the driver – to see how they could improve their fuel economy.
2. the manufacturer – to see how the vehicle is performing for reliability purposes.
3. insurance companies such as Metromile – to provide better policies.
4. the police – to prove the car was in an area when it shouldn’t have been.
5. criminals – to map your typical journey and to understand when to perform the illicit action.
6. and probably many others!
Every generation of vehicle has had security issues, in the early days it was simply picking locks and then moved to spoofing electronic keys and now security is fundamentally based around the coding used for the devices fitted. I have a pet hate about technology – 30 odd years ago, a coder would test the code and know every path that was possible through the subroutines and branches. Today we have gone backwards, in that often the code isn’t tested thoroughly or there are too many layers that are incompatible. We see this with consumer devices every week.
An example of this was in 2015 when Land Rover recalled 65,000 vehicles because there was a code failure that allowed the doors to be unlocked without any dashboard warning. At the time there were also unrelated reports of “black boxes” being used to spoof keyless locking and ignition systems that meant that cars could be stolen very easily. BMW had a similar problem with their security code.
Importantly, it is the access to corporate databases that is a concern. FIAT Chrysler (FCA) had an issue where a criminal team would target a car, open it with a fake key unit and then access an FCA database using data collected from the car to figure out the chassis number and then look up the ignition key code, grab it and download it to their own fake key, subsequently stealing the vehicle and taking it from Texas to Mexico. Clearly the team had either been given the access to the database from an inside source, or they had hacked in without FCA knowing – until a vehicle owner had given the police security video showing the team at work.
With more and more data collecting devices in a vehicle, the manufacturers have to be careful about how that data is used and by whom, how it is stored and what the life of the data points should be. They also need to careful that data collected does not have any personal “tags” that allow someone to review who is using the vehicle.
With the current focus on autonomous cars, security must be paramount. There is too much data being collected that can be tied back to a driver that could be used for many purposes – some of which are illegal. The manufacturers need to ensure that the data collected is summarised such that each journey cannot be recreated forming a trend that could be used to interfere with the car’s route and change its destination.
30 years ago, autonomous cars were sci-fi – they are now getting real and so is the concern about the data collected. Many experts believe that autonomous cars are more secure because they are more intelligent that most drivers – I actually read that in an article from a mainstream media outlet! I prefer to flip that statement: humans write code and they drive cars so that would suggest that the code in autonomous cars aren’t much better! A cheeky comment, however we see code failures written by humans all too often and we see major data breaches happen regularly too.