But as we learned in mashing up other technologies, the security devil is in the details.
Cars have historically been monumentally difficult to manufacture and sell successfully, but in today’s world, you can mash up an electric car with off-the-shelf doodads from any of a number of manufacturers displaying here at CES, and voila! You have an e-car. But as we learned in mashing up other technologies, the security devil is in the details.
This feels an awful lot like the migration from mainframes to personal computers you could build yourself. Not that the average person could or would, but many nerds did and it spawned a whole industry, much to the chagrin of the mainframe vendors who felt their wares were far too lofty for the masses.
But if you take a battery pack from one of a (growing) number of vendors, then add some electric motors similarly sourced, then get some designers to design a cabin that (hopefully) looks different enough to differentiate in the marketplace, you have a car. It’s sort of becoming a big, fancy branding exercise.
In the past, it took hundreds of millions of dollars to produce a new engine that customers wanted; then there came the fabulously complex work of building a car around it, with a complex drivetrain, brakes, engine cooling, cabin comfort and the like. Then you had to get it certified for emissions and safety standards. But bolting batteries onto a box with wheels is radically simpler. Electric drill simple, or at least rapidly approaching the simplicity of commodity electrified products.
But as we learned with PCs, mashing up technologies in a rush to market was inviting maliciousness, the kind we’re still fighting.
While some automotive technologies focus on security, they need to be interoperable across standards that make them usable for a variety of mobile platforms. That means sprinkling lots of API mash-ups over automotive buses and hoping for the best.RELATED READING: Connected cars: How to improve their connection to cybersecurity
Some electric vehicle producers with the early advantage at least engaged with the security community. This resulted in embarrassing published exploits, but also served as a bridge to the community that showed they had a commitment to improving, which was definitely a step in the right direction. But will others follow?
I saw a number of self-driving trucks and delivery vehicle concepts on the show floor, and there promise to be more next year. I don’t know what the new entrants’ security postures will be, but they’ll lose a bit of the limelight when they’re not the first, second, or third to market, so there won’t be as much pressure to get security right.
Then there’s a bunch of automotive-parts suppliers who have to sell products to the manufacturers for integration or face tough business headwinds, but will security come first? We hope so. Maybe we’ll see next year.
FURTHER READING: Hacking my airplane – BlackHat edition
written by Cameron Camp, ESET