This post requires a quick disclaimer. Not only am I a member of the information security industry, but I am also a lifelong car guy.
Growing companies tend to use technology to increase productivity and decrease overall costs per employee. This is most often accomplished by keeping employees as busy as possible, even during dead times in their schedules, such as, in airports, coffee shops, hotels, etc.
Enter automotive Wi-Fi, a new tool to increase employee productivity while on the go. This tool can be used by executives and employees who require connectivity to the office. Typical uses are downloading and uploading data and sending emails while sitting in parking lots and traffic jams before or after meetings. Wi-Fi is the less expensive option to sending data over cellular networks.
Today, almost every new high-content vehicle comes with an infotainment system featuring GPS, Internet streaming content (such as, Pandora, etc.) that is customized for the driver, and Bluetooth connectivity. As General Motors explains, “Many of our vehicles offer an advanced suite of infotainment services. Our vision for infotainment is to empower our customers to maximize their enjoyment and customize their in-vehicle entertainment experience – simply and with a robust array of choices.”
Nice marketing fluff, but what would prevent a thief from grabbing the signal from the vehicle and installing a virus? And what about if someone wishing to cause havoc activated the GPS (global positioning signal) in order to follow the vehicle to the owner’s home or office?
And here’s another unintended scenario: Someone could insert malware on the computer being used in the vehicle so that emails, contacts, and banking information could be accessed and stolen. Remember, once a virus gets into your computer and you return to your office, it’s inside your firewall. Now, it doesn’t matter what security procedures you have in place because once inside the firewall, the virus can run rampant and cause damage. In midmarket businesses, that damage can be substantial from losing client data to shutting down internal networks. The risks are high. Data can be irreplaceable if not protected properly resulting in loss of integrity, availability, and most likely, confidentiality.
I’m sure automotive designers have considered these implications, but it was not their first priority – instead, they focused on being first to market with this new technology. I bet that automotive wireless systems will use either weak or nonexistent encryption. I wonder, how many people other than those in the infosecurity industry actually think of security settings first and foremost when confronted with a wireless device? Although manufacturers say that the networks between automobile and Wi-Fi are separate, you can be sure that identity thieves and crackers (bad guys) are also thinking about ways to infiltrate automotive Wi-Fi.
The reality is, any computer system can be tampered with. Adaptive cruise control, lane warning systems, and automated braking can all be altered. Improbable? Maybe. Impossible? No. Tuners have been modifying performance parameters for years using plug-in devices and laptops. Why can’t the bad guys do the same thing via a poorly-protected wireless access point?
As the saying goes, “Innovation is anything but business as usual,” and there is no denying that to move a company forward, there must be innovation and attempts at new ways of doing things. How often have you assembled teams of talented individuals to discuss, create, and recreate new products or line extensions for existing customers and/or new customers? There is nothing wrong with innovation. However, it is critical when creating, launching and introducing new technologies that will be used by millions of people that all safety and security issues are addressed and solved BEFORE bringing the technology to market.
I don’t know about you, but I’ll stick with classic cars.
Further Reading from GM and Ford:
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I’ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don’t necessarily represent IBM’s positions, strategies or opinions.