As you may have recently read, Google started a new alliance together with parts of the automotive industry. The new alliance is called Open Automotive Alliance and it is based on the idea to bring Android into the car’s electronics. Just imagine what you could do with a technology like this? There are two lines you could work on:
- The car as an android device itself (always connected to your home WiFi)
- The car as a gadget to your android devices (not only smart watch but also smart car)
The idea is pretty logic because our society starts to connect all devices and with that all data to get an even larger picture of its world. But this comes to a cost and it could be very dangerous if you are not carefully enough. I am talking here about security aspects.
What could you do with an android enabled car? Imagine you drive a large car (nothing like Smart or VW up!). You want to park in but it is pretty complicated and yes you have sensoric fields which help you but you can’t get out of the car because the parking slot is to narrow or whatever the case is. No problem: Step out, take your device and remotely drive your car with your device into the parking lot. Shut the engine down, close the doors and walk away. Nice right?
All your car belongs to us
What could go wrong? Since you can use yor android device to control the car other people have android devices, too. This means they could also control your car, right? I do not want to talk here whether someone does this or not. We all know that crime is comitted daily in a widely range and if someone has the possibility to remotely control a car he or she will do it!
The problem is that the technology we use privately like WiFi and Bluetooth are not the safest and they nearlly everyone has used at least one them. This technological spread brings a lot of positive and negative effects with it. One of the negatives is that everyone understands how to deceive security aspects. And since your car uses WiFi an attacker doesn’t care. Maybe if it is a car or your access point or any other device. The communication is the same. No one needs new software or new attack vectors, they are all known.
What about ressources? Embedded systems usually do not have the same ressources as your desktop PC has. A car therefore wouldn’t also have ressources en masse to be able to do all it’s work. Maybe this could lead to a weaker WiFi encryption algorithm. Remember, sometimes the car’s engine is shutdown but the WiFi could be possibly online. This consumes battery power and strong WiFi encryption will use more ressources then weaker ones.
It could go even easier. Write a script that connects to the car’s WiFi with false passwords, just keep the device busy until all power ressources are gone. The car owner won’t be able to start the engine with empty batteries. Or just exploit the weak WiFi implementation, like WPA or even worse: WEP
I am curious about how the Open Automotive Alliance will solve those problems. Maybe we will have two different power sources for the android part and the car itself? There are even more problems which could be solved by a proper design. I am happy to know that people want to make our life with cars even smarter but I really hope they also think about security and what could go wrong. I really would like to have one of the first android enables cars and evaluate what could go wrong and how to make those systems really safe.