A recent CBS Sixty Minutes program interviewed folks at DARPA, including a demonstration of how a recent computer-laden car could be hacked and controlled.
Computers in cars are not a new thing, even the dozens that we see in new models, and they have been interconnected for some time as well. Connecting your car to the network is a more recent advance — “On Star” is one variation that has been on-board for a while. The ads for this have suggested the range of capabilities — unlock your car for you, turn on your ignition, detect that you may have been in an accident (air bag deployed, but maybe monitoring capabilities) and of course, they know where your car is — if it is stolen they can disable it. Presumably a hacker can do all of these as well — and the DARPA demonstration shows some of the implications of this — stopping the car, acceleration, etc. Criminals have already acquired armies of zombie computers to use in attacking their targets, blackmail, etc. Imagine having a few hundred zombie cars in a major city like LA — enabling both terror or blackmail.
An additional sequence on SIxty Minutes shows the hacking of a drone. And perhaps equally important, a re-programmed drone that is not (as easily) accessed/hacked. Behind this is an issue of software engineering and awareness. The folks making drones, cars, and other Internet of Things (IoT) objects are not ‘building security in’. What is needed is an awareness for each IoT enabled device of the security risks involved — not just for abuse o f that particular device, but also how that might impact other devices in the network or the health and safety of the user and public.
A recent dialog with some IEEE-USA colleagues surfaced a question of where software engineering licensing (professional engineers) might be required … and we used video games as an example of a point where it did not seem appropriate … of course, that all breaks down if your video game can take over your car or your pace maker.