We talk a lot here on the blog about new technologies helping fleets to work smarter. Here’s a look at the other side of the coin, and a warning to be safe with any new technology you may be using:
At last week’s Consumer Electronics Show, Audi chairman Rupert Stadler announced “There is a revolution taking place. Some of the most exciting new consumer electronics aren’t the ones in your living rooms or in your offices. They’re the ones in your cars.”
As the connected car becomes a reality, the so-called ‘attack surface’—the areas of vulnerability that could be exploited by hackers and assorted other bad guys—is expanding.
In March 2010, a worker laid off by Texas Auto Center used his password to access the dealership’s Web-based system to trigger the vehicle immobilization system on 100 cars. The system was installed by Texas Auto Center to enable easier repossession if buyers failed to make payments. Customers were unable to drive their cars for five days—until the dealership finally reset all employee usernames and passwords.
Look at Twitter-enabled cars, for example.
If they connect to Twitter.com, it’s fairly easy for a hacker to write a worm to infect the website, said Adriel Desautels, chief technology officer and president of NetraGard, a company that does vulnerability assessments and penetration testing on all kinds of systems.
“All the cars that pull info from Twitter.com will pull in the worm,” Desautels says.
When connected cars begin to be traded in the second-hand market, the industry needs to develop mechanisms that will both note the transfer of ownership and make sure the previous owner’s data doesn’t get transferred along with the vehicle.
[via Telematics Update]
Photo courtesy of quapan and re-used under the Creative Commons license.