ReadWriteDrive is an ongoing series covering the future of transportation.
Connected cars are computers on wheels, and before long they’ll do most everything our phones and tablets do now—store personal data, finalize transactions, play games. Oh, and catch viruses and other malware.
Security encryption flaws left Apple and Linux software vulnerable to hacks in the last month. Similar vulnerabilities in smart cars could have far worse consequences, starting with accidents that could injure or kill drivers, passengers, pedestrians or the occupants of other vehicles.
A variety of auto makers are already selling connected services, and the car hacks have followed on their heels. Last year, a flaw in the API of the Tesla Model S opened up the automobile to potential security breaches. None posed immediate danger—such as causing physical harm to the driver or passenger—but it could allow hackers to drain the batteries of these electric cars.
See also: Hacking The Connected Home: When Your House Watches You
Judith Bitterli, chief marketing officer for the online-security company AVG, predicts drivers will need to be aware of three tiers of hackers: professional hackers like those from Russia who essentially produce “malware for hire”; accidental hackers such as young gamers who, for instance, distribute malware-laced coins online; and hackers in your own car, like passengers who haven’t secured their own devices.
Consumers already struggle with securing information online. Almost two decades after the Internet burst into the mainstream, user passwords are still atrocious, leaving millions of people vulnerable to hacks. In 2013, the most popular password was “123456,” followed by simply “password.” Drivers of connected cars will need to become smarter about security, and sometimes rely on car manufacturers and dealerships to educate them before they drive off the lot.
“The shape of the dealership is going to change,” Bitterli told me in an interview. “I view dealerships as having a little Geeksquad in there, because you look at the Tesla and there is no engine. You’re focused on the operating system.”
Manufacturers are taking precautions to ensure vehicle security, and like many software firms, are hiring hackers. Tesla brought on Apple’s former “Hacker Princess” earlier this year to monitor and improve security in the software layer of its vehicles.
What To Do With Our Data
The Internet of Things will be a treasure trove of data. We already overshare on social media, and those companies we trust with our information are using it to make money. Most users don’t read websites’ terms of service—we click “accept” without understanding where our data goes and who is using it.
“We actually see two critical things [in connected cars],” Bitterli said. “One layer of security and another is a layer of privacy.”
Consider this simple but newly relevant question: If your connected car is in a serious accident, who owns the data stored in the crash? You? The auto manufacturer? Your dealer? Your insurance company?
Companies like AVG are pushing for data privacy “nutritional labels” that come with connected devices like cars and delineate what is connected, what it is shared, and how it is being used. By making that information available at purchase in a condensed, readable form, instead of hidden behind the legalese in which traditional terms of service are written, consumers can better own and protect their information.
It’s not just companies that are trying to own your data. The U.S. Department of Transportation has purview over the automotive industry and is trying to control what kind of technology goes into connected cars. Earlier this year, the DOT announced that connected cars will be required to have vehicle-to-vehicle communication technology that could potentially deter accidents.
See also: The Internet Of Cars Draws Nigh
According to Catherine McCullough, director of the Intelligent Car Coalition, some in Congress are concerned about Internet of Things security, and the White House has come out with a cybersecurity framework.
“When it comes to the legal framework and the ideas about who should be responsible for what, Washington is working on that already,” McCullough said at a tech conference earlier this week.
There is growing unease regarding government surveillance, especially in terms of collecting data on U.S. citizens. NSA whistleblower Edward Snowden released documents last year describing intelligence-community surveillance on a massive scale, elevating consumer concerns over whether and how companies and government agencies collect their personal information.
See also: Volkswagen: ‘The Car Must Not Become A Data Monster’
“If as a composite industry between technology and automotive, we don’t set the practices around privacy and data now, it will be bad business,” Bitterli said. “And the concern is that the government won’t do it in the interest of the consumer.”
Images via Selena Larson for ReadWrite