Security of Things (SoT) Takes A Ride
Our internet connected automobiles could be a security risk, but the SoT has different plans.
Much has been written about the security risks surrounding the Internet of Things. Generally it’s feared that as these networked gadgets become part of our everyday lives, we will forget they contain personal user information and are vulnerable to hacking. But the good news is alongside the IoT’s growth, we’ve seen an equivalent in the Security of Things (SoT).
Internet Hops In
While many IoT devices are quite small —think thermostats or clocks— one larger connected device poses a more existential threat: automobiles. Cars are becoming increasingly connected and networked in ways their users might not even realize.
Recently, during an investigation into the SoT of connected vehicles, Wired undertook an experiment in which it enlisted two security researchers to wirelessly hack a Jeep Cherokee. The pair were able to commandeer control of the vehicle from its driver, first by remotely controlling the entertainment system and windshield wipers and then finally by removing the driver’s ability to control the brakes and the accelerator. The car ultimately ended its ride by swerving into a ditch (though the complicit driver, was not hurt.).
Not So Smart Cars
How were these security researchers able to do this? As the Wired account explains: “It’s only possible because Chrysler, like many other car makers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an internet-connected computer feature in hundreds of thousands of Fiat Chrysler automobiles controls the vehicle’s entertainment and navigation, enables phone calls and even offers a wifi hotspot. A vulnerability is therefore inevitable without additional security.
Also, thanks to one as yet unnamed vulnerable element, Uconnect’s cellular connection also lets anyone who knows the car’s IP address to gain access from anywhere in the country. “From an attacker’s perspective, it’s a super nice vulnerability,” Miller says.
This experiment should be extremely alarming to both drivers and automobile makers. As the latter group has raced to make their cars technologically advanced, they have failed to make them secure and safe for drivers.
How Do We Keep Our Cars Safe?
There is more research being done into how to maintain the security of automobiles. One initiative, called Uptane, has been collaborating with the US Department of Homeland Security, to create a “highly flexible system…that counters a comprehensive array of security attacks.” The academic research team have created Uptane so automakers can transition to it easily. They’ve also put their open source software on Github and invited researchers to point out any vulnerabilities.
The Security of Things
The concern around SoT of connected vehicles points to one of the biggest changes that cyber security is facing today: we can no longer just worry about central databases of private data that need protecting; we need to think about the distributed data sources we’re all carrying around.
As Forbes put it “with the growth of the IoT, we will be seeing more and more systems in which functionality and information—and vulnerabilities—are pushed to the endpoints. Systems of the future will be less and less like castles that need to be protected with high walls and a moat. Unfortunately, too many of today’s cybersecurity approaches are wedded to the castle moat mentality.”
It’s obvious we need to transform our thinking and perspectives. Indeed, while it’s easy to get excited about new technology and the “automobiles of the future,” it is incredibly foolish to allow connectivity to outpace security. We need to develop the mindset that any new piece of technology doesn’t serve us unless its security protocols are adequate and its creators have taken every step to locate and fix potential vulnerabilities.