Will Your Next Car Steal Itself?
As vehicles offer an ever-growing number of digital features, they could present several security threats--unless automakers manage these technologies effectively.
Thu, May 10, 2012
CSO — As vehicles offer an ever-growing number of digital features, they could present several security threats--unless automakers manage these technologies effectively.
That's the thinking of Dave Miller, CSO at cloud-based platform vendor Covisint. Miller says that in a world of smarter cars, there are five key vehicle identity and security issues to consider. Now Miller believes that cloud services provide the answer to these threats, and given the obvious vested interest, it might be tempting to dismiss the whole concept. But his observations are interesting--read on to see whether you find these concerns compelling (and to get a reality check from a Gartner analyst).
Five automotive security and identity challenges
One challenge is identifying the right owner of the vehicle. "Technology, through password combinations or other similar methods, will bind us to our future cars, enabling us to operate, drive and maintain these vehicles," Miller says.
In some instances, this will require two-factor authentication, such as the car's legitimate owner physically having his mobile phone on him before the car will operate, Miller says. But if this authentication process doesn't happen correctly, criminals can obtain access.
[Also see Robert McMillan's With hacking, music can take control of your car]
Miller's proposed solution is a strong, repeatable and independent (outside of the vehicle) validation process managing this type of transaction.
The second issue is deprovisioning. This involves managing the process when an owner sells a car, and making sure that the previous owner can't still remotely start the car. "If the user [identity] isn't automatically deprovisioned from the old owner to the new owner, the old owner can still control the car's operation," Miller says.
(This is the basis for the title of the article: With capabilities like remote starting, smart parking, collision avoidance, et cetera, built into next-generation vehicles, you can conjecture a scenario in which a thief moves a vehicle without actually getting into it.)
Once the car is sold and the title is transferred, all of the vehicle's operations and access points should immediately and fully be transferred from the old owner to the new owner, Miller says.
The technology solution is "a single, independent system that sits in the middle, ensuring that the old owner is deprovisioned and the new owner is provisioned," Miller says. "Link this independent entity to the public title records to ensure that the transfer of ownership changes the status the old and new digital owners."
Another concern is a lack of two-factor authentication services. The password combinations used for owner access to the vehicle are insecure and hackable, Miller says. "Passwords can easily be guessed," he says. "Computers can be stolen and hacked into."