Connected-Cars Could Cost Your Privacy

Connected cars are poised to become one of the biggest changes in the driving experience since the invention of the automobile, and they could be on the road within a decade. They present many exciting opportunities, but also new threats to our privacy and security. In this post, we'll dive into exactly what lies behind the connected car concept and what it means for privacy.

The connected car is the ultimate goal of several different trends in the automobile industry, especially networking and self-driving cars. The connected car is a car that is increasingly connected to the Internet and, potentially, to the cars around it.

The final form of the connected car is a fleet of automated cars that drive themselves and communicate wirelessly with each other to determine traffic patterns, removing the need for defensive driving courses or any human intervention at all.

At an intermediate scale, connected cars are just cars like the ones we have today that make much greater use of the Internet. There is significant potential in better-streamed entertainment, improved connection to navigation software, and similar features.

The primary downside is the very thing that makes connected cars attractive: the Internet connection. Anyone who has paid attention to the headlines over the past few years has seen dozens of examples of companies of all sizes and all industries that have been hacked, causing the release of personal information and financial records.

These hacks have generally resulted in decreased trust in the companies involved, which range from Target to Yahoo. The sheer number of companies that have announced hacks has made it hard to put much trust in data security, at least for companies that consumers interact with on a daily basis.

By definition connected cars are Internet-facing. A significant amount of web traffic will flow to and from connected cars, and that traffic has to be meaningful for it to be valuable. It is likely to include personal information as well as location data and possibly financial information. That alone will make it interesting to hackers.

The potential benefits of hacking connected cars will be just as high as hacking a laptop, or even higher. For example, it would be possible to track a car's movements to identify when the owners tend to be away from home, so that the house is unguarded and an easier target for theft. That is an extreme example, but it is within the realm of possibility.

Consider something as simple as renting a movie to stream: credit card information would have to flow over the connection. At least for now, early prototypes of connected cars have not included extensive data security. It is possible that the fact that the base is a moving car and the demands of creating a good streaming connection to that moving target will make it harder to encrypt and protect the data in the stream. If so, security will be a problem for years to come.

The most insidious and dramatic example of hacking a connected car is the threat that a hacker could actually gain control over the car's function. This is not entire impossible: researchers have already demonstrated the ability to break into a car's system remotely and issue it some commands. While this is unlikely to result in kidnappings and other sensational outcomes, it does open up the possibility that hackers could proactively dive into the car's onboard memory and search for valuable data instead of just waiting for something useful to pass through the stream. Even basic identifying information can be useful for identify theft, and it is hard to imagine that connected cars won't need to keep some of that data on hand.

The upside for connected cars is entrancing for many reasons. However, that does not mean that the road will be smooth. There are a lot of problems to work out along the way, and privacy is one of the more important ones. It has the potential to expose even more Americans to damaging hacks, expanding the scope of what is already a worsening problem. The auto industry needs to commit to a serious investment in information security.

CTO Vision:              All Tesla’s Cars Will Have Full Self-Drive:

« Was North Korea Behind The IoT DDoS Attack?
Otto's Self-driving Truck Delivers Its First Payload »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Veridify Security

Veridify Security

Veridify Security (formerly SecureRF), develops and licenses quantum-resistant, public-key security tools for the low-resource processors powering the Internet of Things.

Cyber Senate

Cyber Senate

Cyber Senate is dedicated to bringing Operators of Essential Services together with global subject matter experts to address the challenges of evolving cyber threats to critical infrastructure.

Akheros

Akheros

Akheros develops cybersecurity learning algorithms which anticipate, detect and prevent offensive and incongruous behaviors of M2M interactions.

Vysk Communications

Vysk Communications

Vysk is an award-winning mobile security firm that has developed the world’s most secure system for voice communication.

HoxHunt

HoxHunt

HoxHunt is an automated cyber training program that transforms the way your employees react and respond to the growing amount of phishing emails.

Ingenio Global

Ingenio Global

Ingenio is a specialist recruitment business for SaaS companies. Our purpose is to source exceptional talent in areas including cyber security for leading SaaS companies in the UK and Ireland.

CertiK

CertiK

CertiK uses rigorous Formal Verification technology to provide hacker-resistant smart contract and blockchain audits, thorough penetration testing, and customized security integrations.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

TrustMAPP

TrustMAPP

TrustMAPP automates cybersecurity & privacy assessments, with universal workflow, allowing teams to generate analytics and recommendations to align priorities for improvement.

Beyond Identity

Beyond Identity

Beyond Identity employs an elegantly simple concept, the personal certificate authority and self signed certificates, to replace passwords.

Maritime Cyber Threats Research Group - University of Plymouth

Maritime Cyber Threats Research Group - University of Plymouth

The Maritime Cyber Threats research group of the University of Plymouth is focused on investigating marine cyber threats and researching solutions.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

Enea

Enea

Enea is one of the world’s leading specialists in software for telecommunications and cybersecurity. Our products are used to enable services for mobile subscribers, enterprise customers and IoT.

Financial Services Information Sharing and Analysis Center (FS-ISAC)

Financial Services Information Sharing and Analysis Center (FS-ISAC)

The Financial Services Information Sharing and Analysis Center is the only global cyber intelligence sharing community solely focused on financial services.

AHAD

AHAD

AHAD provides cybersecurity, digital transformation, and risk management services and solutions to Government, Fortune 500, And Start-Up Companies in the Middle East region.