Protecting yourself in a smart car will involve more than buckling your seatbelt. Vehicle cybersecurity is “dependent on the personal security hygiene of the user,” said General Motors director of cybersecurity Kevin Baltes. You’ll have to remember another variety of strong passwords for however many apps you use and change them often too. Whatever you do, don’t ever recycle one either. Unless it’s demanded by work, how many of us actually follow these best practices in our digital lives? What about your parents?
The hassles of online life have followed us into the driver’s seat. Because now, you have to keep both your digital and physical self safe when you get behind the wheel. Security researchers have found exploits and remotely commandeered GM vehicles (including braking systems) with a certain model of OnStar computers, and Jeeps in 2009 and 2015, respectively. It took GM almost five years to fully patch the exploit. Chrysler issued an update before the research paper published.
“When do we educate the consumer on cybersecurity?” moderator Jennifer Tisdale asked a panel about automotive security trends on the AutoMobili-D stage at NAIAS. Tisdale is a director at GRIMM, a Washington, DC-based cybersecurity contractor.
There were a few opportunities to explore, such as sections in the terms and conditions and owner’s manual, Baltes said. In other words, what we all scroll past as we blindly click “accept.” Burying important information in the fine print is nothing new; business have been doing it for years. Now, though, your vehicle data is at stake.
Baltes remained silent when Driven asked the panel if an owner’s manual or EULA agreement were acceptable education avenues, but the rest of the panel agreed customer literacy was an area for improvement. “What form does it take?” asked Tisdale. “That’s still a question mark at this time. But we’re trying to figure that out very rapidly.”
The problem is, people are buying connected cars today.