When you listen to "Marketplace" in your car, your car might be listening back.
Over the past few years, cars have started turning into rolling data centers, loaded with sensors and databases full of insights about us, their human operators. Clever cars make life more convenient and open up new opportunities for businesses, but there's also a downside: Security holes could allow nefarious parties to rummage around in your car's brain or even hijack the wheel.
Imagine, in a few years, you're driving your brand-new Ford Mustang up a winding mountain road. Whenever it's time to shift gears, the car prompts you with a little buzz from the gearshift knob. The car can predict the optimal moment to shift because it's been watching how you accelerate and throttle, and it's built a profile of your personal driving style. By the end of the decade, our cars could be offering us all kinds of helpful personalized advice.
For example, software giant SAP is working on a navigation system aimed at helping you organize your errands.
"When you've got your low fuel light goes on, the system really directs you to the optimal fueling station around you," says Gil Perez, SAP's general manager of connected vehicles. It takes "into consideration your route, your preferences, et cetera."
Once the car has delivered you to a gas station, it might recommend refreshments based on how long it knows you've been driving. Meanwhile, software company Axway is working on tools that would allow you take your radio presets with you from car to car, as well as more personal data.
"We have talked to some companies about the possibility that cars would store some of your health data as well, in the event that you're in an accident," says Marc O'Neill, Axway's vice president of innovation.
But that level of connection is still a few years off. The most advanced tricks on the market are things like an app that shows how much charge your electric car's battery holds or a navigation system that reads addresses from your phone's contact list.
So what's holding up the car of the future? In part, security concerns.
"Anything that can be controlled by software can be subverted," says Josh Corman, a security researcher with a good-guy hacker collective called iamthecavalry.org. His colleagues, Chris Valasek and Charlie Miller, were the first to figure out how to trick a car into giving up control. "Because software controls things like steering and parking assist and the breaking, they were able to shut off the brakes, jerk the steering wheel out of the hands of the driver."
All Valasek needed was a $100 piece of equipment hard-wired into the vehicle. "We could control all these mechanisms of the vehicle just by sending computer messages on the car's network," he says.
Some cars already store contact info, and soon they'll have your credit card data, too. An attack might take the form of data theft, rather than mayhem, says security researcher Alison Chaiken: "If you're storing data that's worth money in your car, you're actually placing not only the data at risk but your safety."
Car manufacturers are aware of these vulnerabilities and trying to prevent or patch them. For example, Ford's software platform, called Open XC, is open source, which means anyone can look at how it works.
Dr. K. Venkatesh Prasad, a senior technical leader at Ford, says that open source can be safer than closed source, "because there might be just one person on the planet who knows how to change that code and no one else does, and if that one person is not available or is out on a hike you don't have a way to fix it."
Axway can use a technique called "geo-IP lookup" to validate the source of signals hitting the car. "It's something where you first of all want to make sure that the person interacting with the car is coming from where you expect they're coming from," O'Neill says.
If you're comfortable with the security measures on your phone, you might not mind having a connected car. But if the idea of a hackable computer on wheels makes you uncomfortable, there's an alternative – you can always invest in a bike. For now, a good u-lock and some locking skewers are the only security you need.
Correction: A previous version of this story originally misidentified Josh Corman as Mark Corman. The text has been corrected.