By Anuj Guglani CEO , World Auto Forum
Yes! this can be a sad reality, if we don’t know do something about it Now!
The Time to “Act” is “Now”!
20 Years back, one would read the news of just computers getting hacked. If back in 1990 someone had said, your car, or your fridge can be hacked. People would have laughed their guts out! Well now computers run everything! And they are connected, so in short, anything can get hacked!
Whether its Power Grids, Transportation, Buildings, Public Infrastructures…list goes on..
IOT – Internet of Things or IOE – Internet of Everything are Great concepts. They are getting Big Push from the Govts, Enthusiastic IT Cos & Telcos! Well, all this is Nice!
But the problem lies in the fact that the “Design Genesis” of most Non IT Assets lies not in the present decade but in the last three or four decades. So by design our cars, fridges were not supposed to be IoT and IoE Enabled.
So, When you do make them IoT enabled now, the basic design doesn’t guarantee Security unless the accessing networks are super secure!
Taking the case of an Automobile. The ECU or the Electronic Control Unit which controls the Engine and other important Vehicle Operations, was never supposed to be connected or exposed to the outer world.
It was not designed or invented to be 24X7 connected to a cloud. So when you connect it to a cloud and the access is insecure, hackers can enter it and create havoc by remotely controlling & ravaging all important functions.
“A Hacked Vehicle is the Most Unsafe Place to be in”
Now just imagine if hackers plan and target 1 Lakh vehicles in a City simultaneously. It can have a domino effect and perhaps affect a million vehicles and occupants. It can be catastrophic!
We already have 1.5 Million Drivers on Ola & Uber Platforms.
As of now, only the Cars owned by the aggregators’s fleet leasing arms have their ECU’s connected to a cloud.
Next few years, most cabs shall be connected vehicles. The biggest push shall come from the Govt for this.
But we don’t have Security or Legal Stds for Connected Vehicles in place as yet!
Hackers can target vehicles around schools, colleges, Important Govt Installations. Attacks can be on Days of National & Religious importance.
In 2005 there was the emergence of an Attack called Car Whisperer. Most Car Entertainment systems have unconnected bluetooth which are 24X7 “On”. The OEMS set 4 digit keys mostly as “1234” or “oooo”. This malaware could be used to inject audio or record “In Car” conversations! By applying a middleware/ equipment they could also extend the restricted bluetooth range of a few metres to more than a km!
Are the Authorities, Auto Cos, Service Providers, IT Cos & Consumers ready to handle such situations ? Especially when they are remotely staged and managed!
As shared, there are no standards for Security or Legal Liability for Connected Vehicles. At US, the SAE Standards came after the 2015 Jeep Cherokee Incident. Do we also wait for a similar incident? Absolutely Not!
We need to be ready with our standards. Lets do a good job at it. Lets make a set of standards, the world takes for reference as a Platinum standard amongst Standards!
This also came up during a Panel Discussion at 3rd WAFit! World Auto Forum on IT, held on April 27, 2019 , in Association with NASSCOM, FICCI & AT Kearney
Panelists : Gautam Kapoor | Partner | Deloitte , Vijay Sethi | CIO, CHRO & Head – CSR | Hero MotoCorp , Parna Ghosh | Group CIO | Uno Minda Group , Subhankar Pal | AVP – Research and Innovation | Altran , Kshitij Saxena | CEO | Autoninja , Anuj Guglani | CEO | World Auto Forum | Moderator