Should we be worried?
It is worth reflecting on how far vehicle development has come over the last 40 years. Without delving into great detail, it does not require too much effort to track back to fairly recent times when cars were almost devoid of any electrical components to assist with what was really considered to be the raw joy of driving an almost entirely mechanical beast. Aside of the requirement for a spark to ignite the fuel and rudimentary lighting and indication systems, cars in the 1970s and early 1980s were predominantly electronically unassisted. No ABS or Traction Control and nothing to keep the chassis in line when pushing that little bit too hard down the country lanes. Limited interior electronics and keep fit windows were standard along with mechanical door locks.
One of the first electronic developments came in the form of fuel injection systems and helped the engine to be more efficient and controlled. This was just the start of a period of rapid development that saw electronic and subsequent computer assistance control so many different areas of a car via a plethora of Electronic Control Units secreted in almost every area of the vehicle body. Where manufacturers were once proud to have one or two ECUs in their latest models, some of the latest most technically advanced cars now have hundreds.
This kind of technological advancement is common place today and consumers both trust it and take it for granted. Our in car safety, comfort and entertainment also rely on it but what happens when this starts to break down? Apart from the fact that it is intensely frustrating, it can also be exceedingly expensive as diagnosis can be very time consuming. At times, the problem may not even be an ECU but part of the intensely complex wiring looms that hide just below the surface of the interior or in many cases are installed in the very depths of the cars structure whilst it is being manufactured. In some cases there are examples of vehicles that cannot be repaired and have to be written off and scrapped just because of ECU or electronic failure.
Whilst we have come to terms with what would now be described as essential computer controlled systems and the associated repair costs, it is the Infotainment systems that have been the focus of development from a consumer perspective. Today's Direct Debit Generation, that may genuinely buy a car purely on what bluetooth system and media package connects best with any given mobile phone or tablet, is persistently looking for new ways in which they can enhance their in car communication and entertainment experience. The manufacturers have responded to this and there are a variety of new and exciting advances added to each car with every new model year. The size of in car screens and flexibility and complexity of these systems is now quite astounding.
Unfortunately it is this level of complexity and requirement for communication with the outside world that can cause issues. For some years, motorsport teams have pioneered the latest in car communication systems and fans of F1 and Sports Car racing will be well versed with the facts that not only can the teams read vast quantities of very detailed information fed back to them in real time, but they can also make contact with their cars or parts of the engine to tweak performance. However, it goes further than just the odd performance enhancement and changes can be made to a number of different on board systems, whilst the racing driver is doing his job to the best of his ability to further enhance his ability to win a race.
Security within these in car environments is incredibly tight and vast amounts of money are spent and many layers of security are put in place by each team to make sure their competitors cannot access each others' on board computers or systems. There would be an incredibly small chance that another team would be able to interfere with or shut down any part of another teams' machinery.
For some time there have been a number of people questioning whether it would be possible for this to happen to a road going car and there have been a number of rebuttals from manufacturers explaining how this could not happen. Unfortunately in recent weeks there have been a number of instances where road cars have been affected. Now it would appear that in each of these cases the cars have been hacked by a professional intent on proving a point and in some respects one could be surprised that it has taken this long for somebody to actually do this. On the other hand the message here is that, in some cases, and it really is difficult to gauge the potential size of the problem, the manufacturers may not have been putting in quite the level of security really necessary to safeguard owners.
It is clear that some manufacturers have been genuinely surprised by the ability of a third party to get into their vehicle systems and, reassuringly, certain instances have required quite an effort to be able to access the on board ECUs and servers. Unfortunately there has been one instance where a vehicle was interfered with by an SMS text which lends credence to those who have been expressing concern on this topic for some time.
Firstly it is worth identifying why somebody would want to access a vehicle. Apart from the ability for manufacturers to understand how a competitors vehicle might operate on a day to day basis, it is difficult to appreciate why somebody would want to do this. Surely it is in everyone’s best interest to travel safely and securely from one place to another. Which brings us to the next reason, which is around personal data because, as we have already identified, it is the connectivity between a phone and a car that is so important to today’s buyer. Access to personal data can have two attractions, the first being around understanding where the driver is going and when and raises questions around privacy. The second attraction is data theft for reasons that should not be explored in this context, merely recognised.
Therefore this situation raises a number of questions, the most important of which has to be how the industry regulates the security of in car systems. There needs to be a commonly accepted standard that controls the level of security on each car. Equally, the consumer needs to be aware that there is the possibility that their personal data may be accessible via their car. It is also important to understand that desirability and perhaps used vehicle values may be affected by the level of security on vehicle management systems.
In summary, how worried should we be? Who will help the consumer to feel comfortable and safe and will these recent instances damage the reputation of technology in cars or indeed certain manufacturers? Only time will tell, but a solution is essential if the consumer is to have full confidence in the transition from current transport types to the future which will be autonomous travel of some type or other.