IT security risks of features in connected cars
In an effort to provide new conveniences as well as meet physical security standards, many new consumer vehicles are offering more complex features.
Click the image to view the complete infographic
According to the recent “Connected Car Market (2013-2018)” report, global connected car market shipments are expected to reach 59.86 million units and reach $98.42 billion by 2018. The introduction of features such as remote, self-diagnostics, satellite radios and built-in GPS systems, as well as features like keyless entry and ignition becoming commonplace, create a luxurious driving experience.
However, these features which use integrated telecommunication and informatics systems called “telematics,” can also introduce IT security consequences.
Veracode’s “Connected Vehicles: Too Smart For Their Own Good?” infographic outlines many of the features vehicle manufacturers are developing, as well as the potential risks these applications can introduce.
It includes recent examples of connected vehicles’ vulnerabilities such as:
- Researchers at UCal hacked into telematics software to control engines, brakes, locks, alerts and more.
- Researchers at BlackHat 2011 unlocked and started a Subaru Outback using only their smartphones.
- The Self Destruct Virus starts a 60-second countdown that ends with the virus turning off headlights, locking the doors, shutting down the engine and disabling the brakes.
“The development of features meant to improve the auto industry can also introduce security vulnerabilities that have the potential to cause harm or the loss of data,” said Chris Wysopal, co-founder and CTO of Veracode.
“Bottom line, smarter does not mean more secure, and information contained in vehicles should be treated much like data in a personal or corporate computer. As car companies continue to develop technology meant to make our lives easier, consumers need to be aware of the potential consequences, and car manufactures must take security into consideration throughout the development and implementation process,” Wysopal added.