When you hear the words “Smart Car” you may have once thought it meant a car with great mileage or affordable for all it offers. Nowadays, the term, Smart Car refers to an automobile with some form of cloud management device, such as a remote starter, Bluetooth compatibility or a car that is simply connected to your cell phone. The truth is, that most of us already drive a car that is somehow connected to “the cloud”. During the most recent RSA Conference, which took place last week in San Francisco, Charles Henderson at IBM Security, discussed a major security risk, for previously owned Smart Cars, in a video interview with eWEEK’s Sean Michael Kerner.
The risk, in short, is that the former car owner can still have access to the car, even after a legitimate sale. Essentially, a car that connects to a wireless device like your cell phone, does so with the use of a mobile app. What you may not know is that the mobile app is connected to a cloud on the back end, which allows it to function properly. Sure you can delete the app from your phone. However, deleting the cloud or user access is not exactly doable. In fact, Henderson’s research, which was primarily based on manual testing, uncovered that there is no solution as of yet. The former car owner’s devices, may remain in the system for years, even after the device is sold to a second user.
So what happens if the former car owner sells his or her cell phone to someone else? The scary reality is that the new car owner’s devices are not the only one’s connected. Even more frightening, is that this security risk, is not exclusive to the automotive industry. This is a growing problem in Smart homes and other IoT purchases as small as Smart Light switch.
Henderson explains the problem lies in lack of financial incentive between the second owner of the car and the Internet of things vendor. Note: the Internet of things is best explained as the inter-networking of actual devices that connect to other devices, like a vehicle and a cell phone. These devices or gadgets are embedded with software and a network connection so the two devices can communicate with each other. If the IoT vendor has nothing to gain, what incentive is there to getting the cloud management piece of IoT fixed to protect the second owner of the car?
Henderson’s goal is to continue bringing awareness to the consumer population in hopes that starting the conversation about a solution, will help motivate companies in the consumer electronic space, to begin to address this growing security concern.
“We must understand that access control at near enterprise level is required to protect the average family. In my mind, the best solution is a centralized access control industry wide, a federated access control, where user can look up their smart switch or smart hub.” – Charles Henderson, global head of X-Force Red at IBM Security
To view the full video interview, Click Here