Tag Archives: Connected Car

The Connected Car: Your Smartphone’s Biggest Accessory and Security Threat

Over the last few years, technology’s merger with the auto industry has materialized in the form of advanced digital dashboards and mobile OS integration. While adoption has been slow, car manufacturers have been attempting to fill dashboards with Silicon Valley-grade technology, including Apple’s CarPlay and Google’s Android Auto.

Defying the status quo, Tesla has continuously outperformed traditional automakers since its inception. The fully electric sedan comes standard with a gigantic screen on the car’s console, resembling the cockpit of commercial airliners. Additionally, and perhaps most similar to the mobile OS’s consumers have grown accustomed to, the Tesla performs over-the-air software updates. Most recently, Tesla rolled out (and rescinded parts of) its ‘Autopilot’ feature in Model S sedans. The feature allows drivers to sit back and watch as the car drives itself using various sensor and GPS technologies.

Tesla isn’t the only company integrating this technology, among others, into their cars. Even before they released the ‘Autopilot’ feature, Google unleashed a squadron of driverless cars that can be seen testing their abilities (and getting pulled over for going too slow) around Silicon Valley. Apple has owned technology headlines for months as rumors of car development continue to surface for the first time since Walter Isaacson’s biography on late CEO Steve Jobs hit the shelves back in 2011. But it’s not only Silicon Valley giants like Tesla, Apple and Google that are developing technology and cars for the driverless era as automakers like Volvo and Ford have also thrown their names into the ring.

Other IoT features continue to make their way into consumers’ driveways. Many cars in the new Chevrolet lineup offer 4G connectivity on the road. Third-party dashboard accessory makers like Pioneer, Kenwood, and Alpine are developing add-ons for older cars wishing they had access to Apple’s Carplay and Google’s Android Auto. And several automotive giants are capitalizing on new device categories like smartwatches to provide a more simple and technological experience for their car-owners.

With the addition of connectivity in cars, drivers and passengers alike need to think about their physical safety and digital safety. As we’ve seen in the news recently, namely in a July Wired article, certain cars can be hacked and completely controlled remotely. Scary, yes, but that covers just the surface of security threats. Like every other IoT device, the data a connected car will produce is vulnerable to cybercrime. Picture driving down Main St. and passing your favorite pizza shop on your way to work in the morning, the same route you take every day. It’s Thursday, which means Pizza Night for the family. As you drive by, a coupon for two free extra toppings and a 2-litre soda bottle with any large pizza order appears on your dashboard or windshield, valid only tonight. Seemingly magically, based on past patterns, your IoT car knew to offer you a coupon for this pizza parlor on the night you’d need it.

A connected car has the potential to be your smartphone’s biggest and greatest accessory, but it also inherently comes with major security vulnerabilities, like the rest of the IoT, that need to be addressed.  Currently, traditional car companies are researching and developing their own self-driving/connected cars. Technology companies like Apple and Google, along with other rumored giants, are following suit. But a recent poll out of WEF and Boston Consulting Group, showed that 69 percent of consumers (6,000 polled from 10 different countries) want automakers and tech giants to work together to create the next big thing in automobiles. As awareness of the IoT, its vulnerabilities and connected cars grows, I see this number rising. What’s important is that the integration of security also grows, so we can help usher in the future we all want, as safe as it can be.

From Tesla to Baby Monitors: A Collaborative Approach to Security and Hackers

There was a “car hacking” area at Defcon 23 last week, where Tesla proudly displayed their brand and a new Model S. While there were a couple of other vehicles at the show (in various states of having their electronics torn down), the buzz was all about Tesla.

The Model S was hacked, and that was big news at the conference. After the hack, Tesla fixed the vulnerabilities and delivered patches to their vehicles using an Over The Air (OTA) update. With OTA, drivers didn’t need to bring their vehicles in for service or worry about managing software upgrades; updates happened automatically.

By being an active participant at Defcon, Tesla is showing how to build a positive, trusting and productive relationship with white hat hackers. When the hackers called Tesla with the vulnerabilities, Tesla quickly responded. As a result, they now have a more secure system and better separation between core car systems (engine, brakes, etc.) and the infotainment functions. The differences between Tesla’s approach and the Jeep approach are pretty stark.

Tesla

 

Manufacturers across industries should take note of Tesla’s engagement of the Defcon community as a model to follow. Companies need to engage and build trust with white hat hackers if they are to fully utilize the knowledge and expertise the community offers.

The Model S is just one example of a Thing connected to the Internet – an IoT device. A Tesla is a big-ticket item, with serious implications if it is compromised. From that perspective, Tesla’s investment in back-end infrastructure and OTA systems makes a lot of sense. Similar infrastructure should be in place for other IoT devices, but is often not.

Take IoT baby monitors, for example. None of the products tested at Defcon met even a minimal level of security, including several products that lack encrypted video and audio feeds. The problem is that a baby monitor is an inexpensive device (compared to a Tesla), and the economics make it harder to justify large investments in security and back end systems. This is a problem (and opportunity) the industry needs to address. Some security frameworks are emerging, but we don’t yet have a comprehensive approach. Until we do, we will see more IoT hacks. While they may not get the media attention the Tesla hack got, in many ways they are just as serious and are more difficult to fix.

We need to get to a place where more IoT vendors are proud to display their brands at Defcon (and other security conferences) because they understand the importance of security and are willing to engage positively with hackers. Perhaps next year, we will see many more companies alongside Tesla at Defcon, proudly displaying their brand.

Heads-Up Displays: A Driving Solution or Another Distraction?

You may have seen recent reports about the “heads-up displays” (HUDs) technology for cars, where information is projected onto the windshield of the car as you drive. The transparent display provides navigational assistance, speed and other dashboard components, lane change alerts, etc.

The HUD technology was originally developed by the military for fighter pilots, who could see target data and other important information without looking down. But now the technology has entered into the automobile sector and is something we’re going to be hearing a lot more about…

Recently, a startup called Navdy unveiled a link to the auto display and your smartphone information. Other formidable players in this space are Continental and Garmin, among others. Most players have focused to-date on the display of navigational, safety, and instrument information. But it’s clear that with companies such as Navdy, HUD is headed into a more interactive territory.

According to a new market research report published by MarketsandMarkets, the heads-up display space is expected to reach $8.3 billion dollars in five years. (It should be noted this projection isn’t limited to automobiles but also to such other segments as aviation as well. See here.)

Proponents of HUDs believe they will make our roads safer by keeping drivers from fumbling with their smartphones while driving, or even having to look down at their instrument panel. With the projected image on your windshield, the theory goes, you’re able to keep your eyes on the road.

Indeed, on any given day, Distracted.gov estimates over 660,000 vehicles are being driven by someone using a hand-held cell phone. This all too frequently, and often tragically, results in accidents.

A second part of the HUD business proposition may be a pragmatic one: people are going to be using their phones anyway, so this is a better alternative.

But the question is: is it?

Hands-free technology and voice-activation software have equally been touted as benefits for the same reason: users can keep their eyes on the road. Yet, both voice-activation software and hands-free are not panaceas.

In the case of VA technology, it still affects the cognitive part of your brain.  Many of the simple tasks that come with VA technology increase a driver’s cognitive workload. And, depending on the situation, that can be dangerous. Vehicle voice-activated “infotainment” systems that are more complicated or just take longer to navigate created the highest levels of driver distraction and safety risks, according to a recent AAA study.

Hands-free phone technologies also don’t solve the problem of having a conversation, especially an important or emotional one, while driving can be only a little less distracting than juggling a phone. It’s for the same reason: Cognitive distraction.  Many studies back this up, including a groundbreaking one from the National Safety Council.

It would appear that the same question of cognitive distractions applies to new HUD techs.

While we can all appreciate any tools that will make our roads safer— the question is whether turning your windshield into a computer screen is the way to go? For that, we’ll have to wait and see.

 

Image courtesy of PC Mag

Just how safe are connected cars?

Last week, Wired published an article ‘Hackers remotely kill a Jeep on the highway – with me in it’ detailing the actions of two well know hackers Charlie Miller and Chris Valasek. In the words of the journalist, Andy Greenberg, he agreed to be their ‘digital crash-test dummy’.

The hackers managed to remotely control many important functions of the Jeep, including braking, transmission and accelerator. They also controlled the wipers, air-con and radio, but the threat is very different when someone can control the driving and safety features of the vehicle.

Miller and Valasek proved in 2013 that they could hack a car, at that time a Ford Escape and Toyota Prius, but at that time they demonstrated it from the back seat and they needed to be physically connected in the car.

This latest demonstration of their skills show that in this instance they could control the vehicle remotely, which is of course a very different risk.

This story has so many similarities to the recent stories about the ability to hack an aircraft and control it. Experts in avionics were quick to disclose that only in a few aircraft have the infotainment systems connected to the control of the aircraft and in all cases the pilot has a manual control button in the cockpit to take control and fly without the reliance on technology in this way.

While similar stories they are two very separate industries, the automotive industry regulators would appear to be in catch up mode as opposed to setting definitive standards for the industry to follow in advance of deployment in the field.

My other concern raised by this and previous stories about car vulnerabilities is the method of deployment of the fix. There is a software update available for the Jeep, it can be downloaded and loaded through a USB stick. While this sounds simple it should not be left to the consumer to perform updates of this importance, if there was a manufacturing fault in the breaks of a car they would be recalled and a trained mechanic would repair them. While the dealer may load the software for you its my opinion that when a major vulnerability like this is found the car companies should be made to do a full recall and take responsibility.

I wonder how many car drivers of connected cars have the latest software loaded in the cars today? I suspect that many BMW drivers that were subject to the ‘unlock’ hack earlier this years are still driving around in a vulnerable car.

There is light on the horizon as US and UK Government departments that control standards in this area are both reportedly writing new guidance. I am sure that in the next few months they will be published but of course implementation in manufacturing takes time and the risk grows with every new ‘connected’ car that rolls off the production line.

 

The UK gets ready for automated vehicles

Earlier this July, the British government published “The Pathway to Driverless Cars: A Code of Practice for testing”, a fourteen page document clarifying the legislation around driverless vehicle testing in the UK.

As expected, the document is heavily skewed towards safety, with stipulations for operator overrides and emergency service procedures among others.

That’s not the part that I found interesting about the guidleines. That came later, and was more focused on data collection and cyber security.

As we have come to expect from our connected devices, data collection is inevitable. The government’s outlines mandate the following as minimum data recording functionality on the vehicle.

As a minimum this device should record the following information (preferably at 10Hz or more):

  • Whether the vehicle is operating in manual or automated mode
  • Vehicle speed
  • Steering command and activation
  • Braking command and activation
  • Operation of the vehicle’s lights and indicators
  • Use of the vehicle’s audible warning system (horn)
  • Sensor data concerning the presence of other road users or objects in the vehicle’s vicinity
  • Remote commands which may influence the vehicle’s movement (if applicable)

 

Add to these minimum prerequisites some other specific datasets such as location (for traffic updates etc.) and you begin to get the picture. Very soon our connected, driverless cars will become a hive of activity, bringing convenience to our daily lives but documenting it like never before.

In fact, immediately following the data collection requirements, the document then went on to establish expected behavior for handling this data.

“Testing is likely to involve the processing of personal data. For example, if data is collected and analysed about the behaviour or location of individuals in the vehicle, such as test drivers, operators and assistants, and those individuals can be identified.”

Will our own cars present a privacy risk to us in the future? Thorough data logs of everything we do and everywhere we go suggest that it might. Who knows, perhaps we’ll see an optional “incognito mode” like we see in some web browsers, where you can drive “off-record” for a limited time.

I was also pleased to see the inclusion of some basic cybersecurity standards included in the document. As our digital world rapidly merges with the offline, it becomes ever more important to safeguard the things that matter most from attack.

The document stipulates:

“Nevertheless, manufacturers providing vehicles, and other organisations supplying parts for testing will need to ensure that all prototype automated controllers and other vehicle systems have appropriate levels of security built into them to manage any risk of unauthorised access.”

This is hardly comprehensive but it does make developers consider cybersecurity from the outset.

While time will tell just how ready the people of Britain are for driverless vehicles, but it’s good to see that the government is addressing safety concerns both on the road and online.

Self-Driving Trucks Ahead  

The Freightliner Inspiration Truck is the first licensed autonomous commercial truck to operate on an open public highway in the United States and made its debut by driving across the Hoover Dam earlier this month.

Video

Freightliner Inspiration

 

Of course, the mix of radars, sensors, lasers and technology that enable autonomous driving is applicable to many other forms of transportation. But the self-driving truck is a very natural and promising extension of the category.

With its truck, Daimler promises to unlock autonomous vehicle advancements that reduce accidents, improve fuel consumption, cut highway congestion, and safeguard the environment.

The Freightliner Inspiration is only a prototype of what is could be reality in ten years’ time and, for now, Daimler has made it clear that it is still relying on drivers.

“The driver is a key part of a collaborative vehicle system,”  Richard Howard, Senior Vice President at Daimler said at the Freightliner Inspiration’s unveiling. “With the Freightliner Inspiration Truck, drivers can optimize their time on the road while also handling other important logistical tasks, from scheduling to routing. The autonomous vehicle technology not only contributes to improved safety and efficiency, but allows for improved communication through connectivity and integration.”

Autonomous trucks are already used by mining conglomerate Rio Tinto in Western Australia to haul millions of tons of material.

Automation for trucking and haulage is so significant as logistics are so important when it comes to shipments. Often, drivers are pushed to the limit to make deadlines. Combine human fatigue with mechanical failures, and the results can be deadly.  A 9,000 gallon unleaded gasoline tanker fire in Detroit and a school bus tragedy in California, are just two of the most recent and tragic examples where automated driving could have made a difference.

The latest statistics from the US Department of Transportation (DoT) showed that 342,000 large trucks were involved in traffic incidents during 2013 with 3,964 people killed and 95,000 people injured. Those are some scary stats and ones that make automation, or semi-automation, an imperative.

Don’t get me wrong. I’m not knocking the drivers. These are hard-working men and women who are up against crazy schedules and are often away from their families for weeks at a time.  Imagine driving full-time? It would be both physically and mentally exhausting.

The Walmart driver involved in the crash last June that seriously injured actor Tracy Morgan and killed his fellow passenger, the comedian James McNair, was reportedly nearing his drive-time limit when he rear-ended their car.  (Just this week, Walmart announced it had reached an undisclosed settlement with Morgan, after earlier settling with McNair’s family.)

On another cautionary note: just as car hacks have become a problem with autonomous cars, security is even more paramount with trucks and their automation systems.

As we previously reported, the remote car hack scenarios and vulnerabilities being experienced caught some of the top car manufacturers by surprise. I hope that when it comes to autonomous trucking, that manufacturers have taken note and are thinking further down the road.

Three Exciting Things In: Connected Cars

The motor industry is one of the most innovative spaces in business right now. From driverless technology to remote access and electronic cars, there is an abundance of exciting technology that promise to make a real difference to the way to move around our lives.

 

Augmented Reality Driving Goggles

Covered in this fascinating Wired article, these driving goggles (seen above) are being developed by the automaker Mini and have the potential to change the way we drive for good.

Mini Goggles

Headsup display: Make sure the most important information is available to you wherever you’re looking with speed and directions fed directly into the goggles.

Zero latency: Using special technology to predict how your head will move, the goggles approach to close to “zero latency” meaning that the augmented images displayed in the goggles are happening in real time.

Look through walls: By using cameras and microphones outside of the vehicle, you can look straight through the frame of the car to see potential hazards.

 

 

Remote Control Parking:

BMW recently revealed that they have developed remote control parking for the 2016 BMW 7 Series.

Video

2016 BMW 7 Series

 

But that’s not all, BMW are looking to change “interaction between the driver and the car” by introducing in-car gesture control to the 7 series and improved voice commands. This means no more fiddling with that radio or satnav.

BMW Gesture Control

 

 

Wireless Car Charging

Electronic cars are slowly but surely making their way into the mainstream. One of the largest obstacles to their adoption is the lack of charging stations. A research team at Qualcomm  has developed a wireless form of charging for electronic cars that could potentially make it much easier to charge vehicles.

Using inductive charging, the electronic car will charge wirelessly when parked over a magnetic plate.

Inductive charging

 

Inductive technology has only recently taken off in the consumer space with wireless smartphone charging stations so don’t expect to see these on the road any time soon.

 

The importance of privacy

As these three exciting technologies demonstrate, the Internet of Things is growing and advancing at an incredible rate. It’s important though to ensure that we are building and developing advanced functionality with privacy and security in mind.

The benefits of smart, connected vehicles are obvious for all to see but as AVG has highlighted several times already, vulnerabilities in system security can pose real risks to human safety and property damage.

New Concerns for Connected Car Hacks  

Last week, we reported on news of remote hacking of BMW cars that opened car doors and windows.  That episode was followed by a CBS News 60 Minutes report on DARPA and concerns about Internet of Things last Sunday, which included a renegade, runaway car that had been hacked remotely causing it to crash.

In the CBS demonstration, the victims were only some orange traffic cones. But the implications were real: two tons of moving steel out of the driver’s control.

Granted this may be the worst-case scenario but there are also implications for hijacking your data that give us cause for concern.

In that vein, a new report was issued last week (Feb. 9) in the U.S. on broader security and privacy vulnerabilities in smart vehicles. The report by Senator Ed Markey (D-Mass.) called “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” identified risks and proposes new safety standards for smart vehicles.

Senator Markey is a member of the Commerce, Science and Transportation Committee. His study is based on how 16 major automobile manufacturers responded to questions about how vehicles may be vulnerable to hackers, and how driver information is collected and protected.

Here are just a few excerpts of its data points:

  • All new cars on the market today include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
  • Few manufacturers are able to report past hacking episodes or could describe any current effective capabilities to diagnose or respond to hacks.
  • A majority of automakers collect and use data on performance and driving history in their efforts to improve customer experience, and often share it with third parties.

The full report is available here.

 

In a statement about the report, Markey summarized: “Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyber-attacks or privacy invasions. Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected. We need to work with the industry and cyber-security experts to establish clear rules of the road to ensure the safety and privacy of 21st-century American drivers.”

The Markey report illustrates the data and cybersecurity implications for privacy and security in connected cars that we in the industry have been talking about for more than the past year. I’ve written about smart car security and privacy issues and have spoken about the subject at many venues, including last year’s Connected Car Conference.

Our cars are becoming another of our digitally connected devices. But as our cars evolve, essentially into computers on wheels, they are vulnerable to the very same threats and attacks as home computers, laptops and smartphones.

I applaud Markey’s report. As frightening as it may be, it is a call to action for all of us in the auto, tech and security industries.