Connected cars take data security concerns in new directions

Modern-day computers began trickling into the auto industry with cars like the 1971 Chrysler Imperial, which was one of the first to offer anti-lock brakes controlled by an electronic sensor system. Some 45 years later, the growth in computer-based car technology shows no signs of stopping. A number of Chevy vehicles, for instance, will provide you with a standard mobile Wi-Fi hotspot and 4G LTE connectivity for less than $20,000. And for folks who can afford a Tesla, that brand's "Autopilot" nearly lives up to its name. But as we've seen in other fields, as the potential benefits of connectivity increase, so does the potential for cybercrime.

Consider something as basic as mobile Wi-Fi. While Chevy is the only mainstream brand to supply that technology with 4G connectivity right now, a growing number of premium brands offer it, and a growing number of customers want it. Yet while mobile Wi-Fi gives you the same kind of online access as you'd get at your home or office, it also opens you up to all the same security issues you face there, from worries about passwords and personal data being captured, to concerns over the automakers' own security protocols.

But it is not just the drivers’ communications that are at risk. As more vehicles are being sold with sophisticated software systems, automakers are increasingly asking customers to download update packages for that software, for both functional enhancements and to address cybersecurity issues. And hackers are doing the same thing, according to a recent public service announcement from the FBI, the Department of Transportation and the National Highway Traffic Safety Administration (NHTSA). The difference is that the fake downloads are packed with malware that could, among other things, put your data at risk.

Similarly, many vehicles already have onboard telematics systems, which provide services such as automatic crash notification and stolen-vehicle tracking.  And to enable those functions, computers are monitoring a surprising amount of information about your vehicle at all times. Here, the question can become, "Who else is doing the monitoring?"

After all, experts previously have proven they can intercept that info and identify people based solely on their driving patterns. With automakers like Ford looking to track driver-health metrics in the same way in the near future -- to warn drivers of low blood sugar, for example -- future hackers could be looking at some very personal information indeed.

The push for better occupant safety also is guiding another vision for the future of connected driving: autonomous vehicles. Convenience and efficiency aside, self-driving vehicles have the potential to be much safer than traditional autos, since computers aren't going to be distracted by their smartphones or fall asleep at the wheel when they're supposed to be paying attention to the road. It's really the same thinking behind that very first anti-lock braking system.

Some futurists see us taking that to its logical conclusion, too, in which driverless cars create a sort of interconnected grid, with each vehicle "talking" to the other to ensure smooth, safe traffic flow. Of course, as with the country's energy grid, security for a national transportation grid would be vital.

A major push forward came last year with the introduction of the Security and Privacy in Your Car Act of 2015.  The SPY Car Act, as it is known, is currently under consideration by the U.S. Senate, and it directs the NHTSA and the Federal Trade Commission (FTC) to regulate key "motor vehicle cybersecurity" issues.

This would put explicit laws in place to protect against "unauthorized access" to a vehicle's electronic controls and driving data, as well as to mandate that vehicles "with accessible data or control signals ... be capable of detecting, reporting and stopping attempts" to get at that data.

It's a tall order that likely will take years to play out. But even if the SPY Car Act will help set the framework for the future of automotive cybersecurity, today's consumers should remember that, when it comes to putting data at risk while driving, the future is now. Just ask Wired writer Andy Greenberg, who reported last year on having his Jeep hacked (with his knowledge). The two hackers were able to gain control of Greenberg's audio and climate controls, and more, using a laptop. Or better yet, ask Fiat-Chrysler Automobiles, which had to recall 1.4 million vehicles after that news broke.

Photo Credit: Syda Productions/Shutterstock

As a car expert and writer for CARFAX, Charles Krome follows the latest trends in the automobile industry including technology and consumer safety.