Apparently my auto insurance company was not reading my recent blog entry. They introduced a device, “In-Drive” that will monitor my driving habits and provide a discount (or increase) in my insurance rates.
There are a few small problems. The device connects into the diagnostic port of the car, allowing it to take control of the car (brakes, acceleration, etc.) or a hacker to do this (see prior Blog entry). It is connected to the mothership (ET phones home), and that channel can be used both ways, so the hacker that takes over my car can be anywhere in the world. I can think of three scenarios where this is actually feasible.
- Someone wants to kill the driver (very focused, difficult to detect).
- Blackmail – where bad guys decide to crash a couple of cars, or threaten to, and demand payment to avoid mayhem (what would the insurance company CEO say to such a demand?) (Don’t they have insurance for this?)
- Terrorism – while many cyber attacks do not yield the requisite “blood on the front page” impact that terrorists seek, this path can do that — imagine ten thousand cars all accelerating and losing brakes at the same time … it will probably get the desired coverage.
As previously mentioned, proper software engineering (now a licensable profession in the U.S.) could minimize this security risk.