Preparing for the Internet of Things – The Car Hacking Scandal
Once upon a time security could be confined to an office space, with only trusted computers used and protection reserved for those behind your firewall. IoT has changed all of this, and security is now being asked to spread outside of these perimeters, something that most businesses are simply not capable of doing.
As technology adapts and evolves, the ability of criminals to do the same and devise new ways to manipulate and ultimately hack the systems does too. In the UK alone there are tens of thousands of cars that have now been fitted with electronic security devices, intended to stop thieves being able to hotwire and steal your vehicle. Unfortunately for car manufacturers it was found that these devices were not as secure as they thought, with criminals disabling the system and driving off with the car. Despite research being done, the major manufacturers involved looked to hush the researchers, rather than deal with the issues. Bad publicity it may have been, but what the researchers were able to learn from the security hacks would have been invaluable to future prevention, had they been given the opportunity.
After two years of battling through the courts an agreement was eventually made and the details have now been released, citing Volkswagen as the manufacturer mentioned in the study. The device in question though, the Swiss Megamos Crypto system, is one of the most commonly used immobiliser transponders and also found in 25 other makes, from Audi and Ferrari, to Honda and Volvo. Its role is to verify that the ignition key being used to start the vehicle is the right one, with the key sending specific signals to the system to confirm this. Unfortunately this signal can also be intercepted, meaning that within 30 minutes it is possible to have the code and therefore the ability to start the car’s engine.
This particular security flaw is likely to set manufacturers back by millions, as both the immobilizer and the key fobs for affected vehicles will need to be exchanged. In many ways the movement to electronic security in cars has proved successful, with a reported 70% drop in car theft over the past four decades. We are now seeing a spike in electronic car thefts though that needs to be addressed, with 42% of stolen vehicles in London fitted with immobilisers. Unless stricter security measures are put in place, this is a figure that will continue to rise.
So with the Internet of Things gaining momentum, and more and more devices being given the ability to communicate via the internet, it is important that we treat them in the same way we would a computer. You would never use a laptop or PC without a dedicated firewall and anti-virus in place, so don’t allow your vehicle or fridge to either. What has become known as a ‘Car-Hacking Scandal’ should mean an increase in electronic vehicle protection for our vehicles. Just make sure that any new device you buy has the same thought put into its security too, so as not to discover too late that your information isn’t safe.