Data Privacy Goes the Way of the Carburetor

By: John Pearley Huffman

Computerized cars may leave us all stuck in vehicular HOAs.

Cars used to be truly stupid. They had carburetors and crank windows and radios were optional. To start one the driver had to actually insert a metal key into a physical switch and turn it. They had cigarette lighters instead of USB ports, and ashtrays big enough to hold a dachshund. There weren’t any computers aboard because computers were bigger than houses and only NASA had them. Yup, cars were ignorant, inert slugs and no one knew anything different.

Dagnabit.

Those antiques are all gone. Either they were crushed and recycled decades ago, or they’re now weekend playthings most often found parked on lawns at car shows.

A new car spews out something like 25 gigabytes of data every hour it’s running and the carmakers, software powerhouses, mechanics, dealerships, insurance companies, tax and toll collectors and several startups now being sketched out on napkins at a Starbucks in Palo Alto are planning to leverage all that to their advantage. Only the owners and drivers of the cars seem to have no revenue-generation scheme in mind. Should they be worried? And if they are, does it matter?

“There’s a couple of ways I’d describe the challenge,” explains Joseph Jerome, who is policy counsel for the Center for Democracy and Technology. “There’s the way that consumers think about ownership. You pay for something and you drive it off the lot. It is yours. Then there’s the ways companies are trying to think about data streams. And that’s where you get into disputes between aftermarket and the dealers versus the OEMs. Everybody is trying to get their hands on as much stuff as they can for reasons. To make money or for beneficial reasons. It’s a laundry list of stuff. They’re also trying to avoid liability issues. They don’t want to be blamed when something goes wrong or data is breached.”

At a fundamental level, your car is just one more device gathering data on your life. After all, that networked doorbell knows when someone is on the porch, a smart refrigerator can monitor your family’s dairy consumption, and that “phone” in your pocket is already tracking your every move, sharing photos, recording your texts and monitoring email. Cars are just one more stream feeding a massive data river.

Part of the problem here is that in order to use technologies such as Apple CarPlay or Android Auto or any software that feeds your choice of music or podcasts or whatever into the car, we all kind of mindlessly agree to densely worded, small-print contracts no one reads and many assume are unimportant anyhow.

More: https://www.caranddriver.com/features/a28678849/automotive-data-privacy

Keep it simple, keep it safe—the importance of lean software for secure vehicles

By: Automotive World

Each additional line of code creates new potential for cyber attackers to find a way in to the system. Freddie Holmes finds out how a diet could be in store for automotive software as the industry cracks down on complexity

Many premium vehicles on sale today now contain more software than a commercial aircraft, in some cases exceeding 100 million lines of code. The number of electronic control units (ECUs) in modern cars has soared, bringing swathes of new functionalities to consumers. Worryingly, it has also created opportunities for hackers to tamper with critical driving functions, with potentially dire consequences.

In an effort to reverse the trend, the industry has embarked on a strategy to reduce the number of ECUs within new vehicles and cut back on unnecessary coding. It has seen automakers and suppliers alike place cyber security as a top priority moving forward. Indeed, while California-based Green Hills Software (GHS) has its roots in the aerospace and defence sectors, automotive has quickly become the company’s largest market segment.

Software overload

Software currently dominates the rhetoric within automotive as the introduction of connected and automated features ramps up. ECUs have been added at will to support these technologies, but it has raised concern within the cyber security community. “Some people would say the trend was out of control,” said Joe Fabbre, Director of Platform Solutions at GHS. “In recent years, manufacturers would add another ECU every time a new function was introduced to a vehicle.”

A similar trend can be seen with connectivity. In the cockpit, digital dashes are fast becoming the norm in upmarket models—consider Audi’s Virtual Cockpit and the Peugeot i-Cockpit, for example. “There has been a rush to get systems internet-connected in order to provide additional services. At the same time, self-driving computers have also arrived,” said Fabbre. With a mix of safety-critical and entertainment-focussed software now running alongside each other, vehicles have become increasingly vulnerable. “Not enough thought has been put into the security architecture of the overall system. Luckily, we have not seen any malicious hacks in the wild, but researchers have proven that it is possible to perform remote attacks on these connected computers that now reside in cars.”

More: https://www.automotiveworld.com/articles/keep-it-simple-keep-it-safe-the-importance-of-lean-software-for-secure-vehicles/