Connected-Cars Could Cost Your Privacy

Uploaded on 2016-11-14 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Connected cars are poised to become one of the biggest changes in the driving experience since the invention of the automobile, and they could be on the road within a decade. They present many exciting opportunities, but also new threats to our privacy and security. In this post, we'll dive into exactly what lies behind the connected car concept and what it means for privacy.

The connected car is the ultimate goal of several different trends in the automobile industry, especially networking and self-driving cars. The connected car is a car that is increasingly connected to the Internet and, potentially, to the cars around it.

The final form of the connected car is a fleet of automated cars that drive themselves and communicate wirelessly with each other to determine traffic patterns, removing the need for defensive driving courses or any human intervention at all.

At an intermediate scale, connected cars are just cars like the ones we have today that make much greater use of the Internet. There is significant potential in better-streamed entertainment, improved connection to navigation software, and similar features.

The primary downside is the very thing that makes connected cars attractive: the Internet connection. Anyone who has paid attention to the headlines over the past few years has seen dozens of examples of companies of all sizes and all industries that have been hacked, causing the release of personal information and financial records.

These hacks have generally resulted in decreased trust in the companies involved, which range from Target to Yahoo. The sheer number of companies that have announced hacks has made it hard to put much trust in data security, at least for companies that consumers interact with on a daily basis.

By definition connected cars are Internet-facing. A significant amount of web traffic will flow to and from connected cars, and that traffic has to be meaningful for it to be valuable. It is likely to include personal information as well as location data and possibly financial information. That alone will make it interesting to hackers.

The potential benefits of hacking connected cars will be just as high as hacking a laptop, or even higher. For example, it would be possible to track a car's movements to identify when the owners tend to be away from home, so that the house is unguarded and an easier target for theft. That is an extreme example, but it is within the realm of possibility.

Consider something as simple as renting a movie to stream: credit card information would have to flow over the connection. At least for now, early prototypes of connected cars have not included extensive data security. It is possible that the fact that the base is a moving car and the demands of creating a good streaming connection to that moving target will make it harder to encrypt and protect the data in the stream. If so, security will be a problem for years to come.

The most insidious and dramatic example of hacking a connected car is the threat that a hacker could actually gain control over the car's function. This is not entire impossible: researchers have already demonstrated the ability to break into a car's system remotely and issue it some commands. While this is unlikely to result in kidnappings and other sensational outcomes, it does open up the possibility that hackers could proactively dive into the car's onboard memory and search for valuable data instead of just waiting for something useful to pass through the stream. Even basic identifying information can be useful for identify theft, and it is hard to imagine that connected cars won't need to keep some of that data on hand.

The upside for connected cars is entrancing for many reasons. However, that does not mean that the road will be smooth. There are a lot of problems to work out along the way, and privacy is one of the more important ones. It has the potential to expose even more Americans to damaging hacks, expanding the scope of what is already a worsening problem. The auto industry needs to commit to a serious investment in information security.

CTO Vision:              All Tesla’s Cars Will Have Full Self-Drive:

« Was North Korea Behind The IoT DDoS Attack?
Otto's Self-driving Truck Delivers Its First Payload »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

Security Magazine

Security Magazine

Security, the business magazine for security executives, focuses on management issues facing top security professionals and effective solutions being employed, both physical and cyber.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

Rogue Wave Software

Rogue Wave Software

At Rogue Wave, our mission is to simplify your hardest problems, improve software quality and security, and shorten the time it takes to deliver value.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

Open Cloud Factory

Open Cloud Factory

Open Cloud Factory is a European based security company, that strives to ease the pressure on IT managers, by providing tools to implement your Security Strategy in an effective and easy manner.

RiskRecon

RiskRecon

RiskRecon makes it easy to gain deep, risk contextualized insight into the cybersecurity risk performance of all of your third parties.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

Sevco Security

Sevco Security

Sevco Delivers Real-time Asset Intelligence to Identify and Close Unknown Security Gaps.

Great American Insurance Group

Great American Insurance Group

Great American's Cyber Risk Division offers cyber solutions for small and medium-sized businesses.

SRG Security Resource Group

SRG Security Resource Group

SRG Security Resource Group is a Canadian company dedicated to providing world-class Physical and Cyber Security services.

Valeo Networks

Valeo Networks

Valeo Networks is a full-service Managed Security Service Provider (MSSP). We partner with organizations to remove the burden of technology so that they can focus on growing their business.

Infinavate

Infinavate

Infinavate Fort CyberVault offers end-to-end services that comprehensively responds to the organization’s information security and privacy needs.

Advanced IT

Advanced IT

Reliable managed IT Security & support services that will help you take your business operations to the next level without breaking the bank!