The Internet of Things is growing, bringing new technologies to the table on a constant basis to make lives easier and enhance the way we interact with the world. Smart sensors are making data collection a more streamlined process and are helping every echelon of society connect in more meaningful ways with the technologies around them.
However, there is a dark side to the IoT, as well. With all the new capabilities being brought about by the IoT, it's also creating more potential vulnerabilities within the networks and systems that support it. Gartner's estimate of 20.8 billion connected devices by 2020 could be viewed as a mountain of opportunity by hackers around the world. Malicious actors see the IoT as a treasure trove of information and as such, they are constantly finding new ways to exploit it.
Hacking electric cars: Why is it a big deal?
One of the most dangerous potential security flaws in the IoT is in the automobile industry. IoT-connected vehicles like the Nissan Leaf allow drivers to use remote start capabilities, control the air conditioning and turn on heated seats, if the car comes equipped with those. All of these functions serve to make operating a vehicle more comfortable and efficient.
As cars become smarter, however, so do hackers. Various manufacturers have recently been faced with finding ways to combat security flaws in their vehicles' computing systems. Wired contributor Andy Greenberg wrote in July 2015 that as part of a test conducted by two hackers named Charlie Miller and Chris Valasek, his Jeep Cherokee was commandeered by the hackers themselves on the highway in St. Louis. Miller and Valasek performed a zero-day exploit on the vehicle, which allowed them to change Greenberg's radio channel, turn on the windshield wipers and eventually bring the car to a stop.
The aforementioned Nissan Leaf has been the subject of recent debate, as well. Tech Insider contributor Paul Szoldra noted that security researcher Troy Hunt found a vulnerability wherein the electric car's battery could be drained while a hacker tampered with the internal atmospheric settings. The issue here is that by triggering the heated seats or air conditioning, hackers could suck the life out of the all-electric car, leaving the driver stranded.
This hack could be perpetrated by gaining access to the car's smartphone app interface, which doesn't rely on passwords to protect the user's information – only a car's vehicle identification number is required.
"If I was to monitor your movements over the course of the week and learn when you go to and from work, shortly after you got to your office, I could run the heating for the remainder of the day," Scott Helme, a cyber security researcher who worked with Hunt, said in an interview with the BBC. "That would potentially leave you with very little power. Certainly not enough to get back home."
Indicative of a bigger issue
The IoT brings a new world of possibilities and benefits, but consumers and car manufacturers need to ensure their data and information is secure. In February 2015, Trend Micro researchers reported that several security loopholes in the BMW ConnectedDrive Store had become apparent to the company. Certain vehicles were vulnerable to abuse of remote services features and were able to be tracked. In addition, hackers could have potentially enabled and changed phone numbers in the emergency call function of several cars.
The company immediately took steps to correct this vulnerability, but this incident, and the events surrounding other electric cars, point to a troubling truth: Automobile companies need to account for these kinds of issues when designing and manufacturing their vehicles in today's hyper-connected age.
"The modern car is not just a mechanical machine, it is also a computer that is online as much as a smartphone or PC is," Trend Micro researchers wrote. "Therefore, it is something that users will have to protect moving forward, and car manufacturers should move to secure their products before any real-world attacks become apparent."
Forbes contributor Doug Newcomb noted that even lawmakers are starting to take note of the dangers this kind of hacking poses to consumers and businesses alike. Democratic Sen. Gary Peters of Michigan is putting his support behind the auto industry's efforts to strengthen cyber security within their products. Others in Congress have rallied around giving citizens more protection and not putting cyber security all on the shoulders of the car companies. In all, these efforts will hopefully lead to a more secure IoT in the future for car owners everywhere.
Hackers keep getting more inventive these days, making use of the IoT to potentially wreak havoc on consumers and businesses alike. It will be worth keeping abreast of any developments in this ongoing saga of hacker versus the emerging IoT.