A couple of years ago, loyal readers of this column will remember I wrote of getting into a crash with a wrong-way driver. That kicked off a column about information sharing and data management, where I posited what a wonderful world it would be if as soon as the crash occurred, the police, my body shop, a tow truck and my insurance company would all be notified. This could also speed up the processes of paperwork and parts procurement.
Now, it’s several years later, and we call this “the Internet of Things.” We think that technology can be counted on to remove human error and to automate processes, yet there’s always a loophole, it seems.
(Related: Early legislation to address security in cars)
In my case, technology existed that would force a driver with a previous driving-under-the-influence conviction to breathe into a device to turn on the car. If the device recorded a too-high blood alcohol level, it would deactivate the car. This might have stopped my driver from using her car, but it did not prevent her from borrowing a friend’s car, starting it, driving it, and ultimately crashing into me.
Lately, we’ve been reading a lot about cars that can drive themselves. They obey all traffic laws, and are loaded with sensors and braking systems that prevent the cars from crashing into each other. All the operator has to do it select a destination, sit back, and arrive in comfort. No stress, no fuss.
So then I thought, well, soon I won’t have to worry about this, because of all the development and testing of cars that can drive themselves. They obey all traffic laws, and are loaded with sensors and braking systems that prevent the cars from crashing into each other. All the operator has to do it select a destination, sit back, and arrive in comfort. No stress, no fuss.
Unfortunately, we’re still a long way away from that reality. Stories of human drivers crashing into these auto-piloted cars, and of hackers commandeering a Jeep Cherokee in July by exploiting security vulnerabilities in the car’s software, prove that.
According to The Associated Press, they used a laptop in Pittsburgh to take over the operation of a car in St. Louis by using the Jeep’s cellular connection to access its radio. From there, they got into the car’s controls, changing its speed and taking over the brakes and transmission.
Even as Fiat Chrysler recalls of 1.4 million Jeeps to patch a software vulnerability, lawmakers and experts warn the auto industry to move faster to find the entry points created by so much Internet connectivity built into today’s cars. They are also calling on the auto industry to isolate entertainment systems from critical operational computers, and to add software that will recognize a rogue command from outside the car to thwart this kind of malicious activity.
A recent KMPG study found more lines of code in the average new car (about 20 million) than in a Boeing 787. Thankfully, the hackers that commandeered the Cherokee reported their findings back to the auto company and did not go public with them. But someone else with a more malevolent heart could take over a car with a laptop, potentially causing injury or even death to the driver.
Car companies are starting to work like other software companies, in that they are able to release patches and updates to a car’s software to stay a step ahead of hackers. According to the AP, BMW and Tesla already can do this, and almost all other automakers are working toward that goal.
An organization called the Online Trust Alliance has created an Internet of Things Trust Framework, designed to give developers guidance when it comes to reducing attack surface areas and vulnerabilities in IoT devices.
So, as we look to make our lives safer, more convenient, and less reliant on our own human memories and abilities (or lack thereof), we must also be careful about the kinds of information our cars collect, to whom that information is sent, and that outside forces can’t break into our car’s computers and take us where we do not want to go.
Because, going back to my wreck, even if that woman wasn’t drunk and was driving her own car, there’s no telling that someone in New Jersey or Michigan could have taken the controls of her vehicle remotely and sent it careening right at me. Let’s get those security issues ratcheted up on the priority board to create safer roads. Otherwise, getting from point A to point B is still pretty much up to the luck of the draw.