A report released Monday says the security protocols in connected cars aren't nearly secure enough. It's yet another example of the basic dilemma posed by the Internet of Things: how to connect more devices to each other and the Internet, while making them easy to use, technologically innovative and private and secure.
Cars with wireless systems connected to the Internet are vulnerable to hacking and data theft, according to the Senate report, which found that auto-industry security measures are "inconsistent and haphazard."
"Every time you add a new point of connectivity to a device, you have increased the attack surface — more ways to gain access," says Steve Checkoway, a researcher at the Johns Hopkins University Information Security Institute. Checkoway participated in experiments in 2010 that showed how vulnerable cars can be.
Automakers are designing cars with the same kinds of wireless connectivity technologies that consumers have come to expect from their daily digital devices. Accordingly, cars are becoming subject to the same growing pains facing computers and smartphones – in addition to featuring digital door locks and thermostats.
Silicon Valley is grappling with a delicate balance: Keeping these products easy to use while implementing enough security to keep customers comfortable with using them.
"The out-of-the-box experience when you start up a product [is that] when you unpackage it, put it on the wall, it needs to be very seamless," says Tom Kerber, who heads research into the Internet of Things at Parks Associates. If customers have to grapple with too many steps to implement security protocols, Kerber says, they will reject products instead of adopting them.
In the meantime, Silicon Valley is churning out connected products based on the same model it used to churn out computers and apps. "Innovation in Silicon Valley is all about iteration and experimentation," says analyst Frank Gillett of Forrester Research.
Experimentation tends to mean that products aren't fully cooked when they come to market, he says. "So the idea is: Figure out the minimum viable product that will let you experiment with an idea, develop it and see if there's something there, and then figure out how to improve it, iterate it, make it better," Gillett says.
While companies often think about security when first releasing a product, their process of improving a product after launch means security is often playing catchup, he says, and that model is not likely to change soon.
“I think the best compliment I can give is not to say how much your programs have taught me (a ton), but how much Marketplace has motivated me to go out and teach myself.” – Michael in Arlington, VABEFORE YOU GO