Your Car: The New Rolling Network.

Your Car: The New Rolling Network.

Last week, we had yet another demonstration of how to hack in and take control of a car’s breaking system without even using the on-board electronics.

In a way, you have to love (if you lean at all toward libertarianism) the new hacking method that simply targets the Internet-connected devices that your insurance company has had you install in your car so as to get that pricing per mile plan and of course for your insurance company to track your driving habits.

Yes folks, simple SMS text messaging will do the trick just fine. These hacks are using networks and protocols designed for cellular and IP networks to facilitate human-to-human interaction, but are now being re-purposed for machine-to-machine interactions and presenting a whole new category of threats.

Threats that will increasingly become commonplace in an IoT world.

In the case of this hack which was demonstrated at the Usenix Security Conference in Washington D.C. last week, the “researchers” were able to take control of the braking system by penetrating a dongle made by a French manufacturer and distributed by a San Francisco-based Insurance company.

But, given the proliferation of the OBDII protocol for automobiles, every adapter will facilitate access by a hacker.

Today’s OBDII systems have come a long way from their original diagnostic intentions where they were initially used to diagnose that check-engine light on your dashboard. A recent flood of these have hit the market, and because they now use their own software and iOS hooks, they make it much easier to access hidden information about your vehicle’s health, but also to track and notify monitors of your bad driving habits: rough braking, speeding and rapid acceleration – through their built in accelerometer. When they detect these habits, they send you audible alerts as well as logging the data for your insurance company.

They can also call for help in the case of an accident, track your miles driven, driving time and expenses, along with detailed reporting, and score your driving habits to help you set goals. If you drive in a daze, they can also push notifications to your smartphone using various ringtones. Interestingly, most come with an on/off switch so that if you feel like escaping big brother’s watchful eye for a few hundred miles, you can do so.

Is it just me? No, I didn’t think so.

The threats we are now facing with IoT are more acute than with conventional data devices like smartphones. When a smartphone is compromised, there is a potential for data to be compromised, which is mostly an inconvenience.

When machine-to-machine communications are compromised, the result will show up a more than a simple inconvenience. These “advances” in technology, in addition to being just plain creepy will absolutely lead to a kinetic attack that will result in serious injury and/or death.

Even if auto manufacturers completely lock down and isolate the core systems within their own embedded hardware and firmware, by enabling these “instruments” for transmission they're creating a new portable networked environment that invites exploits of weaknesses in communications protocols having nothing to do with the autos or their manufacturers.

It is almost as if we have lost our minds. This is another opportunity to apply the wisdom contained in the counsel of "just because we can doesn’t mean we should."