Connected-Cars Could Cost Your Privacy

Connected cars are poised to become one of the biggest changes in the driving experience since the invention of the automobile, and they could be on the road within a decade. They present many exciting opportunities, but also new threats to our privacy and security. In this post, we'll dive into exactly what lies behind the connected car concept and what it means for privacy.

The connected car is the ultimate goal of several different trends in the automobile industry, especially networking and self-driving cars. The connected car is a car that is increasingly connected to the Internet and, potentially, to the cars around it.

The final form of the connected car is a fleet of automated cars that drive themselves and communicate wirelessly with each other to determine traffic patterns, removing the need for defensive driving courses or any human intervention at all.

At an intermediate scale, connected cars are just cars like the ones we have today that make much greater use of the Internet. There is significant potential in better-streamed entertainment, improved connection to navigation software, and similar features.

The primary downside is the very thing that makes connected cars attractive: the Internet connection. Anyone who has paid attention to the headlines over the past few years has seen dozens of examples of companies of all sizes and all industries that have been hacked, causing the release of personal information and financial records.

These hacks have generally resulted in decreased trust in the companies involved, which range from Target to Yahoo. The sheer number of companies that have announced hacks has made it hard to put much trust in data security, at least for companies that consumers interact with on a daily basis.

By definition connected cars are Internet-facing. A significant amount of web traffic will flow to and from connected cars, and that traffic has to be meaningful for it to be valuable. It is likely to include personal information as well as location data and possibly financial information. That alone will make it interesting to hackers.

The potential benefits of hacking connected cars will be just as high as hacking a laptop, or even higher. For example, it would be possible to track a car's movements to identify when the owners tend to be away from home, so that the house is unguarded and an easier target for theft. That is an extreme example, but it is within the realm of possibility.

Consider something as simple as renting a movie to stream: credit card information would have to flow over the connection. At least for now, early prototypes of connected cars have not included extensive data security. It is possible that the fact that the base is a moving car and the demands of creating a good streaming connection to that moving target will make it harder to encrypt and protect the data in the stream. If so, security will be a problem for years to come.

The most insidious and dramatic example of hacking a connected car is the threat that a hacker could actually gain control over the car's function. This is not entire impossible: researchers have already demonstrated the ability to break into a car's system remotely and issue it some commands. While this is unlikely to result in kidnappings and other sensational outcomes, it does open up the possibility that hackers could proactively dive into the car's onboard memory and search for valuable data instead of just waiting for something useful to pass through the stream. Even basic identifying information can be useful for identify theft, and it is hard to imagine that connected cars won't need to keep some of that data on hand.

The upside for connected cars is entrancing for many reasons. However, that does not mean that the road will be smooth. There are a lot of problems to work out along the way, and privacy is one of the more important ones. It has the potential to expose even more Americans to damaging hacks, expanding the scope of what is already a worsening problem. The auto industry needs to commit to a serious investment in information security.

CTO Vision:              All Tesla’s Cars Will Have Full Self-Drive:

« Was North Korea Behind The IoT DDoS Attack?
Otto's Self-driving Truck Delivers Its First Payload »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Security Compass

Security Compass

Security Compass, the Security by Design Company, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows.

Evok

Evok

EVOK is an IT Service provider specialized in installing, maintaining and supporting IT infrastructures for SMB's in Switzerland.

Cyfor

Cyfor

Cyfor provides digital forensics and eDiscovery in civil, criminal, intellectual property, litigation and dispute resolution investigations.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

CSO GmbH

CSO GmbH

CSO GmbH provide specialist consultancy services in the area of IT security.

Echoworx

Echoworx

Echoworx primary and exclusive focus is providing organizations with secure email services.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

CyberSat Summit

CyberSat Summit

CyberSat is dedicated to fostering the necessary discussions to flesh out and develop solutions to cyber threats in the satellite industry.

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF) of Armenia is one of the largest technology business incubators and IT development agencies in the region.

Wontok

Wontok

Wontok deliver innovative value-added data security services that fill the gaps left in traditional security solutions.

Paradyn

Paradyn

Paradyn-managed security services can provide a holistic view of your business environment, no matter how simple or complex it is.

Future Planet Capital

Future Planet Capital

Future Planet is the impact-led, global venture capital firm built to invest in high growth potential companies from the world's top research centres.

Tarlogic

Tarlogic

Tarlogic works to protect and defend your security with the highest quality technical team with next generation solutions to achieve the best protection.

Hexiosec

Hexiosec

Hexiosec (formerly Red Maple Technologies) is a technical consultancy and product company founded and run by engineers from the UK Intelligence and Defence communities.

TetherView

TetherView

TetherView provides leading virtual desktop and email security technology to help businesses stand up and manage digital workspaces.

Freeze

Freeze

Freeze prevents attacks before they can start by finding, removing, and stopping the spread of information about your organization and employees.