Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
It’s become a cliché to say that cars are computers, but it’s reality—and with connectivity comes security risk.
Bruce Schneier, a lecturer at the Harvard Kennedy School and famed computer security specialist, is concerned about the way vehicles and other IoT-connected devices have become “mobile surveillance devices” that spy on users and sell their data.
“Because they are computers, everything about computer security gets ported onto them,” Schneier said. “All of those things that happened with computers,” like spam and ransomware, “can now happen with IoT.”
The FCC has proposed rules to manage connected car features and keep vehicles from becoming another attack vector for stalkers—aiming to address “what steps connected car service providers can proactively take to protect survivors from the misuse of connected car services,” the agency said in a press release announcing the proposed changes. But Schneier noted that those discussions haven’t gone anywhere yet.
Wider picture. Security concerns around IoT connected devices are endemic to the industry, and at this year’s CES, the tech trade show held in Las Vegas in January, vulnerabilities were a topic of concern. More connectivity means more danger from threat actors.
“Your phone is such an exquisite surveillance device that it has everything already,” Schneier said. “So what these additional devices do is they get new data: temperature of your house, braking and accelerating [in your car]…but mostly it is another player getting the same data.”
There’s not a lot of profitability in making IoT devices secure, Schneier said, which means manufacturers aren’t going to do it—“it costs you a dollar more and you’re not making that money back.”