How do we keep the Internet of Things secure?

A recent exposé by Wired magazine depicts an alarming account in which two security researchers in the US carjacked a Jeep Cherokee from miles away. Their mock attack left the reporter rattled and briefly stranded in the middle of the road.

As journalist Andy Greenberg explained in his piece: “Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes and transmission, all from a laptop that may be across the country.”

The planned “experiment” generated a lot of criticism. Many journalists and computer security experts said that taking control of a car remotely while it was driving on a busy highway could have caused a serious accident, and that it went too far in order to expose potential security bugs in a car’s software.

Indeed, the same Wired reporter underlined that his experience was everything but amusing: “As the two hackers remotely toyed with the air conditioning, radio and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission. Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.”

The media ran with the story, publishing articles with such headlines as “Patch your Chrysler before hackers kill you”. Some asked if these problems were affecting only Jeep models or are rather widespread in the whole auto industry. And Harvard University’s Jonathan Zittrain commented: “Disable a car from afar. This is why we can’t have a nice Internet of Things.”

On the other hand, it should be noted that on 16 July the Jeep brand, part of automotive giant FCA, had already released an update to fix software vulnerability in its models, thus showing a great concern for cybersecurity issues.

However, most security experts say that these problems still receive little attention, especially about the security of a car’s electronic devices. With so many road accidents in the US each year, with many resulting in death, the idea of further accidents due to computer attacks creates legitimate and widespread fear.

US Senator Edward J. Markey of Massachusetts, who in 2014 highlighted the dangers associated with vehicle security and privacy risks, was quick to announce: “We need clear rules of the road that protect cars from hackers and American families from data trackers.”

In a broader context, renowned computer expert Thomas Dullien explained: “In general the current computing infrastructure is not designed to be secure and with software eating the world, a lot of sub-par software gets written and the combination of bad software being written, and the lack of ways of determining who currently controls a machine (e.g. the impossibility of figuring out if someone is compromised) will give us an internet of compromised and untrustworthy things.”

It is evident that we are facing a major challenge: how to ensure the security and privacy of the so-called Internet of Things. Today’s technology provides us with many benefits but also comes with a great responsibility – something that we often tend to forget or underestimate. Public institutions, corporations and experts must get together to address this complex issue in a prompt and effective way.

Have you read?
How smart packaging can save lives
Can the Internet of Things help tackle California’s drought?
How could you use the IoT in your business?

Author: Andrea Stroppa is an internet security researcher and blogger for Huffington Post Italia.

Image: The new Android Auto interface is showcased at the Google I/O developers conference in San Francisco June 25, 2014. REUTERS/Elijah Nouvelage