Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
?
EE Times-Asia > Networks
?
?
Networks??

Ensuring the security of connected cars

Posted: 21 Nov 2013 ?? ?Print Version ?Bookmark and Share

Keywords:application programming interfaces? API? cloud? IoT? Internet of Things?

With the phenomenal advancements in cloud, mobile, and social technologies, there has been an explosion in the usage of lightweight web application programming interfaces (APIs) to link applications together across this new world and provide the backend for “Internet of Things? (IoT) devices. This has created an ?API economy,? one driven by the demand for access to information ? anytime, anywhere.

The automotive sector is making great strides in the IoT space. Cars increasingly include sensors which produce a stream of data, creating a phenomenon called the "connected car," which uses web APIs to feed information to the consumer and manufacturer. This produces a huge amount of data which must be managed. In addition, APIs are used to control vehicle functionality.

For example, a car owner can use a mobile application to remotely lock/unlock their vehicle and activate the air conditioning five minutes before they get in. This mobile app connects to an API in order to interact with the connected car. In addition, within the transportation industry, an organisation can remotely monitor its fleet to ensure its drivers are not driving longer than permitted, potentially falling asleep at the wheel. Car manufacturers such as Ford, Audi, Toyota, and BMW have already jumped on board the connected car trend, and it's only going to grow as car companies start collaborating with external developers. In fact, cars are on track to soon outnumber mobile apps as API consumers. The sheer amount of data sent to APIs by sensors in cars is staggering.

The rise of the connected car promises a host of benefits, but as with the rise of any new Internet-connected device, data privacy could become a stumbling block to adoption. When it comes to data ownership, the lines between the driver and the manufacturer have the potential to become increasingly blurred. Indeed, in the case of data collected for maintenance purposes and to ensure good service from the manufacturer, it may be assumed that the data belongs to the manufacturer. But what happens for connected cars that provide access "through" the car to Internet services? Whom should the user grant ownership of his/her data to? And consider the scenario of someone driving a car across national borders C how will the car/user, producing a stream of data including sensitive information such as geographical location, impact privacy?

Currently, there are very few regulations around privacy specifically for the connected car. Therefore, organisations need to be able to manage the exchange and processing of data when cars are using APIs from various regulatory jurisdictions with differing data privacy policies. For now, let's discuss how car manufacturers can soothe privacy fears, manage the APIs that consume data from connected cars, and how this will be fundamental to data security in the future.

In an age of data paranoia, will the current lack of transparency doom the success of the intelligent vehicle? Anything connected to the Internet (including cars) has an "attack surface", or entry point for malicious activity. Simply trying to keep the system secret is not good enough. An example is Tesla, whose APIs were sniffed and reverse engineered, further demonstrating that you cannot rely on "security through obscurity."

In a Forbes article earlier this year, reporter Kashmir Hill discussed just how much our cars can know about us. Data recorders in Tesla's Model S know the temperature settings in the car, the battery level throughout the trip, the car's speed from minute to minute, and the exact route taken. A Tesla's wireless communication system allows the vehicle to send information to Tesla Service using cell phone signals. And Tesla isn't the only car manufacturer monitoring data.

According to the same article, 85% of new cars have black boxes that capture information about the few seconds before and after a crash. Even the US Department of Transportation wants cars to go wireless so they'll be able to communicate with each other in order to prevent crashes. All of this communication will be conducted through APIs.

Security expert Bruce Schneier said, "[The Tesla controversy] gives you an idea of the sort of things that will be collected once automobile black boxes become the norm. We're used to airplane black boxes, which only collected a small amount of data from the minutes just before an incident. But that was back when data was expensive. Now that it's cheap, expect black boxes to collect everything all the time. And once it's collected, it'll be used. By auto manufacturers, by insurance companies, by car rental companies, by marketers. The list will be long."

1???2?Next Page?Last Page



Article Comments - Ensuring the security of connected c...
Comments:??
*? You can enter [0] more charecters.
*Verify code:
?
?
Webinars

Seminars

Visit Asia Webinars to learn about the latest in technology and get practical design tips.

?
?
Back to Top