Can Android Security Protect the Connected Car?
We are nearing a tipping point with connected technologies. The Internet of Things will include a variety of devices that may not have been designed with network security in mind -- such as your shiny new “connected” car. Such unsecured devices will be open for data mining, or worse. But in the future, your car may protect itself from malicious attacks originating from hardware and wireless access. Parental controls will issue alerts for unauthorized traveling outside a pre-set radius. Plug-n-play devices will be disallowed unless authorized by an administrator. Rogue apps will be prevented from accessing a vehicle's on-board systems to prevent shenanigans with braking, steering and other systems. Data transfer and storage will be encrypted. These are among many recommendations for in-car communications architectures required to better secure our connected vehicles. Security by obscurity has long been a practice among automakers. This lax approach has allowed access to critical functions through hardwired and wireless connections. Even air pressure monitors on tires are a gateway to attack. In their article “Towards a distributed secure in-vehicle communication architecture for modern vehicles,” Constantinos Patsakis, Kleanthis Dellios and Mélanie Bouroche explore the current state of vehicle security and offer a comprehensive approach to minimizing risk through a variety of methods used to secure modern computers and networks. Treating the connected auto as computer system can have drawbacks. Depending on an auto maker’s approach to user interface design, drivers could be bombarded with security requests as they get acquainted with their new vehicles. Consider Microsoft's approach to security in Windows Vista. Users had to allow and deny applications and processes at frustratingly frequent intervals. How much more frustrating might it be to encounter continuous alerts in your car? Balance between system safety and user access will be necessary, especially considering the dissatisfaction with infotainment systems reported by car owners in recent years. At this year’s Consumer Electronics Show, Audi and Google announced a partnership to include Android-based information systems in Audi’s models. I assume Audi plans to use the most current version of Android (4.4) for the added security. But the move raises more questions than it answers. Additional security meant for mobile devices can work very well in that arena, but how will the platform fair in a car? Is Android secure enough to mitigate attacks like those staged by researchers at the University of California San Diego and University of Washington? I hope the answer is "yes" for the sake of Audi aficionados everywhere.