What Will it Take for Autos to Have Security?

   If you haven't heard about the Jeep hack that hit the news hard last week and the following large scale recall due to said hack, then I guess you've been to busy replacing your Windows 2003.  If you are, I'm pulling for ya to get that off your network.  What I think this story is really about is how long will it take for car manufacturers to realize the risk they are putting us consumers in by not keeping security at the fore-front of manufacture?

   I recently listened to a podcast from This American Life (which is one of my favorite podcasts) about a topic that mimics this situation quite well.  It was about the NUMMI plant in Fremont, CA.  What that episode is about is how Toyota had partnered with GM in 1984 to turn what was known as the worst plant in car manufacture to one of the best plants GM had owned.  There are a lot of parallels I found in this podcast with what we are seeing now with security in today's car computer systems.  The one consistent message is that reason why GM and other American car companies fell out of favor is they blamed everyone but themselves for their fall from grace.

This would make for
a bad day.

   We're actually seeing that now with security in the computer systems of cars.  There are two sentences in Chrysler's statement that say a lot about their attitude on this. "No defect has been found. FCA US is conducting this campaign out of an abundance of caution."  Granted, this is being taken out of context, but I've seen many people on the Internet express the same concerns over these two sentences as I do, but just because everyone else does doesn't make it truth, right?  How does that come off to you when there is an exploit (while it's being actively fixed) that could cause you to loose control of car... and there is no defect?  The thing that frustrates me the most is the security industry has known for years that cars were open to exploitation, this just happens to be the first time where someone could truly do it remotely.

   One thing I've been most looking forward to is self-driving cars.  After this news story, I'm a bit leery of that, unless it comes from Microsoft, Google or Apple.  Why do I trust software companies to provide a safe self-driving car experience?  Because they are software companies.  Smart cars are quickly becoming computers on wheels with an engine attached.  I trust my life with a company that has dealt with exploits and security for years over a companies that only seem to stick computers in there to take more money from us.  They may call them smart cars, I prefer to think of them as rolling Windows XP machines, with all the security that comes with it.

   Maybe what the big car companies should do is partner with someone who knows what they're doing with computers and has experience with security to ensure that us as consumers are getting a car that is actually safe, both from the automotive and computer standpoints.  I hope the car companies will figure this out before a lot of people get hurt.

And as always, stay safe goblins.

SHARE

About Jimmy R. Tassin

Jimmy Tassin is the IT Manager of Midwest Regional Bank and has been involved with the Technology field for over thirteen years. His two hobbies are overseeing the daily operations of OmniKraft, a Minecraft server community, and writing at Goblinbyte.com.