Will smart cars present a danger to your organization?
You know the IoT, the internet of things? It’s where machines, devices, and systems interact with a network environment for “smart” features, a customized approach to a user’s specific interests. Smart devices come in a variety of shapes and sizes, from IoT based machine assistants to something as simple as a coffee maker.
Inherently, there’s nothing wrong with that, but what sounds good on paper doesn’t translate so well to real life. Given we’re careening towards a dangerous cybersecurity world, the addition of access points en masse is just another complication to an already tangled web. A variety of reasons exist for these problems. An IoT compatible device has some “communication” ability with the network, and like any connected device, it requires protection and security updates. Said updates and security, unfortunately, are left to the discretion of the manufacturer.
So now, we enter some other unexplored territory: the slow introduction of smart cars and the problems they present from a cybersecurity perspective. Like the mentioned IoT devices, smart cars can access multiple network features, even operating as a hotspot. The problem is, this is a car, designed differently from a standard computer setup or mobile device. And, it’s a new, evolving technology which puts us in a tricky spot.
What can happen in a remote hack event?
Smart cars are not a mainstream thing just yet. It’s true you can purchase vehicles with smart functions, typically electric models or climate-conscious ones. But we’re likely decades away from mass adoption of anything close to “everyone has a smart car” territory. That’s probably a good thing, given the state of cybersecurity in general.
Doesn’t mean there are no pitfalls. Even as far back as 2015, red flag scenarios occurred, the kind of nightmare scenario you don’t want. A smart-Jeep was remotely hacked and effectively turned off as part of a data gathering exercise, something you might imagine happening in a sci-fi film. In that scenario, hackers used a zero-day exploit, a concern we’ve touched on at Bytagig many times. Zero-day exploits are already a serious concern in the cybersecurity world, but extended to something as critical as a vehicle, it’s not a pretty scenario. Because of the exploit, the vehicle’s functions were at the mercy of the hackers, from basic services to completely cutting off the transmission.
Aside from the complications presented by hacking a remote vehicle, there also lingers a precedent: someone understands the problem for the driver, much like a mechanic understands the problems with a vehicle.
A mobile attack surface
Because modern smart vehicles provide remote connectivity and even wireless hotspot functionality, they’re a mobile attack surface. As you know, an attack surface is a potential node of intrusion from anywhere on any device, so long as said device can connect to an enterprise network.
Because smart-cars can operate as an attack surface, malicious strikes are possible from them. For example. A DDoS is a common tactic. Those same tactics can be used against smart vehicles, shutting off important services. That paints a very interesting scenario of potential threats. On the way to work with important files? What if you’re subjected to an attack and can’t make it? Or worse?
The primary issue is that security standards and good practices for smart vehicles are not in place. Even today, we don’t have universal governance of good cybersecurity hygiene. And, that’s only come into focus because of remote-work adoption. Because smart cars are a growing, new technology.
Much like the IoT we’ll see how they impact the cyber landscape in the decades to come. If you’re concerned about securing your enterprise, you may need additional assistance.