Consumers today are happy to share a significant amount of personal data with connected devices in order to make the service more functional and convenient. The same applies to new cars and mobility solutions, and in future, autonomous shuttles. However, the consequences of losing control to a hacker may not simply be inconvenient or embarrassing, but potentially life threatening.
“We are putting more information out there and more trust in these vehicles, but it is important to bear in mind that the information we are sharing is personal,” said Chuck Brokish, Director of Automotive Business Development at Green Hills Software. “Users today are revealing their location, where and when they travel and which services they use. All of that information essentially tracks us as individuals.”
The risks have already been made clear. In 2016, a UK-based Nissan Leaf was hacked all the way from Australia. At the time, the NissanConnect smartphone app only required a car’s vehicle identification number (VIN) to take control, and by copy and pasting URL codes into an Internet browser, the researcher was able to access details such as where and when the car had recently been driven. Hacks such as this may not lead to the vehicle causing havoc on the road, but it could to your home being burgled while you’re at work, or even a coordinated hijacking.
Imagine how horrible it would be if you ride-hailed and a couple of days later found out that your bank accounts had been drained
It is not only location information or personal preferences on offer. In order to unlock a shared e-scooter or pay for a ride-hailing service, personal financial information must be accessed. Industry stakeholders are also pushing for new vehicles to feature an ‘e-wallet’ to pay for services such as tolls and fuel seamlessly.
“At this point, you are frankly looking at the risk of identity theft,” warned Brokish. “Imagine how horrible it would be if you ride-hailed and a couple of days later found out that your bank accounts had been drained.”
Autonomous vehicles
Consumers are taking greater risks with mobile devices in general, observed Brokish, and that mind set is spreading to new vehicles as well. But as elements of automated driving make their way onto the road, concerns around cyber security are amplified exponentially.
“As more autonomous capabilities become available, we will not be putting our lives in the hands of a driver, but in the car itself,” he said. “As such, we need to make sure no one can alter the path of that vehicle, or the functionality of critical driving functions. It is not just about securing our personal information, it is about securing our life.”
It is not just about securing our personal information, it is about securing our life
Indeed, the risks associated with an unsecured smartphone are relatively minor. A hacker may be able to access your contact list or browser history, but there is no immediate safety threat. With an autonomous vehicle travelling upwards of 60 miles per hour through busy streets, the lives of its passengers, other road users and pedestrians are at stake. The now infamous hack that left Wired journalist Andy Greenberg stranded on a St. Louis highway after the brakes and steering had been hacked remotely by researchers is testament so.
“The autonomous vehicle has your life in its hands,” said Brokish. “Each step in automation means the need to keep that mobility device secure grows exponentially. It is vital that applications in the vehicle are properly separated and have freedom from interference. That will require mandatory access control, so we can manage who has access to what and when.”
A threat to society
Sharing all this data creates a pleasing user experience, but it does come at a risk. As more services and features enter a mobile device, consumers will naturally become more reliant on it. The panic of a lost phone today only underlines the issue: the financial value of a smartphone is easily eclipsed by the potential risk of private data falling into the wrong hands.
The idea of securing the future of mobility is absolutely critical to our core concerns
Despite this, consumers are likely to provide mobility devices with even greater access to their personal information than they do with their smartphone. The fallout of that information being accessed by a hacker extends further than a leaked address book—it could cripple societies.
With private vehicle ownership expected to fall, many will instead depend on reliable and safe mobility services. If those services go down, it could leave consumers isolated. “For every good that all of these tools bring into our life, we are also becoming more dependent on them,” said Brokish. “If we do not have our own vehicles any more, we are relying on mobility to get to work, hospital or play. But if someone shuts the system down, we will be paralysed.”
For companies such as California-headquartered Green Hills Software, tackling these challenges is front of mind. “The idea of securing the future of mobility is absolutely critical to our core concerns,” affirmed Brokish. “We need to ensure that all aspects of the design are secured. This means every port, every connection and every critical task, because hackers are relentless when it comes to discovering vulnerabilities.”
