Connected-Cars Could Cost Your Privacy

Uploaded on 2016-11-14 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Connected cars are poised to become one of the biggest changes in the driving experience since the invention of the automobile, and they could be on the road within a decade. They present many exciting opportunities, but also new threats to our privacy and security. In this post, we'll dive into exactly what lies behind the connected car concept and what it means for privacy.

The connected car is the ultimate goal of several different trends in the automobile industry, especially networking and self-driving cars. The connected car is a car that is increasingly connected to the Internet and, potentially, to the cars around it.

The final form of the connected car is a fleet of automated cars that drive themselves and communicate wirelessly with each other to determine traffic patterns, removing the need for defensive driving courses or any human intervention at all.

At an intermediate scale, connected cars are just cars like the ones we have today that make much greater use of the Internet. There is significant potential in better-streamed entertainment, improved connection to navigation software, and similar features.

The primary downside is the very thing that makes connected cars attractive: the Internet connection. Anyone who has paid attention to the headlines over the past few years has seen dozens of examples of companies of all sizes and all industries that have been hacked, causing the release of personal information and financial records.

These hacks have generally resulted in decreased trust in the companies involved, which range from Target to Yahoo. The sheer number of companies that have announced hacks has made it hard to put much trust in data security, at least for companies that consumers interact with on a daily basis.

By definition connected cars are Internet-facing. A significant amount of web traffic will flow to and from connected cars, and that traffic has to be meaningful for it to be valuable. It is likely to include personal information as well as location data and possibly financial information. That alone will make it interesting to hackers.

The potential benefits of hacking connected cars will be just as high as hacking a laptop, or even higher. For example, it would be possible to track a car's movements to identify when the owners tend to be away from home, so that the house is unguarded and an easier target for theft. That is an extreme example, but it is within the realm of possibility.

Consider something as simple as renting a movie to stream: credit card information would have to flow over the connection. At least for now, early prototypes of connected cars have not included extensive data security. It is possible that the fact that the base is a moving car and the demands of creating a good streaming connection to that moving target will make it harder to encrypt and protect the data in the stream. If so, security will be a problem for years to come.

The most insidious and dramatic example of hacking a connected car is the threat that a hacker could actually gain control over the car's function. This is not entire impossible: researchers have already demonstrated the ability to break into a car's system remotely and issue it some commands. While this is unlikely to result in kidnappings and other sensational outcomes, it does open up the possibility that hackers could proactively dive into the car's onboard memory and search for valuable data instead of just waiting for something useful to pass through the stream. Even basic identifying information can be useful for identify theft, and it is hard to imagine that connected cars won't need to keep some of that data on hand.

The upside for connected cars is entrancing for many reasons. However, that does not mean that the road will be smooth. There are a lot of problems to work out along the way, and privacy is one of the more important ones. It has the potential to expose even more Americans to damaging hacks, expanding the scope of what is already a worsening problem. The auto industry needs to commit to a serious investment in information security.

CTO Vision:              All Tesla’s Cars Will Have Full Self-Drive:

« Was North Korea Behind The IoT DDoS Attack?
Otto's Self-driving Truck Delivers Its First Payload »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Asavie

Asavie

Asavie provide solutions for Enterprise Mobility Management and secure IoT Connectivity.

Eversheds Sutherland

Eversheds Sutherland

Eversheds Sutherland is a global multinational law practice offering a full range of commercial and IT law services including Privacy, Data Protection and Cyersecurity.

FireMon

FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management.

Yubico

Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

Siscon

Siscon

Siscon delivers tailor-made compliance solutions that are based on the customer's specific wishes and reality and then supplement with many years of experience in the field.

Semperis

Semperis

Semperis is an enterprise identity protection company that enables organizations to quickly recover from accidental or malicious changes and disasters that compromise Active Directory.

Matta

Matta

Matta is a cyber security consulting company providing information security services and solutions including vulnerability assessments, penetration testing and emergency response.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Atlantic Council Digital Forensic Research Lab (DFRLab)

Atlantic Council Digital Forensic Research Lab (DFRLab)

The Atlantic Council’s DFRLab has operationalized the study of disinformation by exposing falsehoods and fake news, documenting human rights abuses, and building digital resilience worldwide.

Global EPIC

Global EPIC

Global EPIC is an international cybersecurity initiative designed to combat growing world challenges by facilitating global collaboration in the field of cyber security.

Spohn Solutions

Spohn Solutions

Spohn combines highly-experienced staff with a vendor neutral approach to deliver optimal solutions for IT Security and Compliance.

Cyber Ireland

Cyber Ireland

Cyber Ireland brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

Brightworks Group

Brightworks Group

BrightWorks Group offer comprehensive technology operations and security operations consulting services, tailored to meet your specific needs.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.

Bedrock Security

Bedrock Security

Bedrock Security is at the forefront of revolutionizing data security in the cloud and GenAI era.