Using IoT Certificates to regain trust on Driverless & Tech Cars
Recall them, they say! Ever since 2 white-hat hackers managed to hack into the 2014 Jeep Cherokee through the Entertainment System ‘U-Control’ in 2015, there has been much public attention on driverless vehicles and cars that connect to the internet. And this is not the first time Charlie Miller & Chris Valasek, the duo behind the hack have proven the worse in car hijacking – taking over full control of the vehicle despite a driver on the wheel. The first was in 2013, similarly hijacking a Ford Escape. Interestingly, they even did a demo and broadcast the damage done over the internet.
For Fiat-Chrysler, the manufacturer behind the 2014 Jeep Cherokee, they ended up recalling 1.4 million cars just recently to fix the software defect in it. That’s lost of reputation and bad business for them; for users trust is broken. And it doesn’t end there. Miller & Valasek warned that thousands more vehicles are vulnerable.
Since then, car makers are starting to build their own proprietary systems, limiting the data they share with technology partners Apple and Google; defending access to information about what drivers do in their cars. But even so, how can car buyers be sure of the technology being used in these vehicles?
Introducing Internet of Things (IoT) Certificates
Public Key Infrastructure (PKI) for the Internet of Things (IoT) is a relatively new solution to handle trust issues with IoT devices. While new to IoT, PKI-based solutions have been securely exchanging information across the internet for over 20 years. Using publicly trusted certificates for IoT device security is a scalable and flexible solution – for everything from small tests to large deployments. It is also an effective way to communicate to users to show that the devices are secure and trusted by a third party. That is to say, all data entries & usage behavior between the user and connection to the internet from the devices over the air are well encrypted, preventing any third-party from eavesdropping.
For users of IoT devices, a global root PKI product can help them trace the origin of these devices i.e manufacturer company as well the level of encryption being used. So while car makers are looking to improve the development of tech cars and going all out to make fully autonomous cars by the 2020s, they should consider the use of IoT certificates to assure their customers in time to come. That is when public confidence for the use of driverless vehicles and tech cars will start to accelerate and hopefully soon enough, we’ll start to see more use of these vehicles on the roads.
Beyond Driverless & Tech Cars
Driverless & Tech cars are just one aspect of IoT devices. According to Gartner, 25 billion connected “things” will be in use by 2020 – these include smart refrigerator, smart watches, self-driving vacuum cleaner, smart clothings and more. These “things” – as they call it – collects behavioural data from individuals and put together, they could potentially be used to identify a person. If a black-hat hacker identifies a person through device behaviour, that by itself could be a threat, leading him to his next victim of crime.
As Mary Aiken, Cyber Psychologist points out in the video (1.42min) , “make sure the platform you use is robust and that you change your passwords”. Inevitably, users will be more cautious of technology and the next big thing could be looking out for IoT certifications as a method to identify trusted devices – as with labels such as ‘safety mark’.
About Ashlee Ang
Ashlee is a content writer at Cyber Secure Asia where she writes about introductory topics on cyber security and cyber-related happenings in Singapore & South East Asia.