Security, safety, privacy: $140bn global connected vehicle industry faces UK backlash over concerns about future car technology

Analysis: Could the EU’s 2018 smart car technology requirements prove too much for Brits?

Next week it is expected that Chancellor George Osborne will announce the trialling of driverless trucks on the country's roads in next week's Budget, but an alarming report has found that British drivers are still not sold on connected car technologies.

Despite the government's injection of money into autonomous and driverless vehicles, recent security incidents in the autonomous car space, such as the 2015 Jeep Cherokee hacking incident, has sparked concern amongst UK drivers.

A survey has found that as many as 49% of drivers in the UK are concerned about the safety of the connected car, with automotive manufacturers also admitting there could be a security lag of up to three years before systems catch up with cyber threats.

According to IDC and Veracode's report, "Responsibility for Vehicle Security and Driver Privacy in the Age of the Connected Car", exposing a car to the internet makes it vulnerable to cyber attacks or malfunction due to glitches from poorly written software.

The survey, which polled 530 drivers in the UK and 542 in Germany, found that 50% of drivers in the UK are "very concerned" or "extremely concerned" about connected car systems being hacked and failing to operate as intended.

Nearly 30% said they are "somewhat concerned", 34% are "slightly concerned" and only 17% admitted not to be "concerned at all".

John Smith, principal solution architect at Veracode, told CBR: "With more than 200 million lines of code in today's connected car, not to mention smartphone applications that tie directly to the car, vulnerable software is the biggest challenge the connected car industry faces. Whether you are a third-party software provider or a manufacturer, poorly written or insecure software could render a car unstable or dangerous."

Smith also said that beyond the imperative to create secure software, it is also essential that when vulnerabilities are discovered they can be fixed quickly and the resulting patches rolled out to all customers.

Because the software supply chain for the automotive industry is complex and the size of the customer base is large, "this may well be the most challenging aspect of securing the connected car, potentially leading to extended risk exposure".

Drivers know where liability sits, however, privacy is a concern

Elsewhere, a big question around the connected smart car of the future sits around the liability following an accident.

Drivers in the UK appear much more willing to put their hands up when compared to their German counterparts, with the majority of drivers (40%) holding themselves responsible, while a fifth of respondents point a finger at the app developers and manufacturers, and just 17% blame app stores.

Data privacy around the connected car is also driving concerns in the industry and among consumers. The study has found that privacy sensitivity recognition will vary from country to country and acceptance will not be an industry-wide 'rule' but based on local legislation and culture.

The majority of British drivers (51%) are "concerned" or "very concerned" about personal data collected by a connected car that could be used in ways they did not intend it to be used.

18% said they are "concerned" about the use of personal data, but accept a degree of risk in order to benefit from the possibilities of the connected car.

In the end, 21% of motorists in the UK, compared to 30% in Germany, are "very concerned" and regard the connected car as a major problem in terms of data privacy.

Brown concluded that data privacy is often characterised as a uniquely German issue, "but our research shows that one-fifth of British drivers are also "very concerned" about data privacy protection in the connected car".

Smith said: "The automotive industry as a whole needs to implement software security initiatives that cover not just the primary manufacturers but also the complete supply chain.

"Future connected car features will drive innovation and provide competitive advantages for successful manufacturers, but risks to driver safety and privacy must not be allowed to be the by-product of this innovation."

Like the previous Jeep Cherokee example, users have also seen Nissan's Leaf being targeted by hackers.

The company had to suspend the service after a flaw was found which allowed hackers to drain the Leaf car battery and access driver information, as well as control the AC system over an app via the internet.

Playing down the incident, Richard Candler, GM for advanced and CCL product strategy at Nissan Europe, told CBR from the Geneva Motor Show that an independent security consultant picked up a flaw with Leaf, although it was not with the driving system.

He said: "It was related to the air conditioning of the car. Based on that, we took the server off-line and disabled the app until we fixed it. The key point with security in this type of technologies is that we need to have a clear separation between the driving system in the car and the communication system within the car."

Nevertheless, drivers are still willing to download applications to replace or augment the functionality of their car.

The majority of the drivers surveyed in the UK would most likely download apps for navigation (69%), and travel information (52%).

Drivers also seem keen on downloading performance-enhancing apps: to help avoid dangerous weather conditions (44%), find parking (47%), enhance speed (30%) and increase fuel economy (48%).

Dr. Kevin Curran, senior member of the IEEE, told CBR that a problem with cars is that "they are becoming more susceptible to electronic attacks which can be more effective than previous 'slim jim' type brute-force car opening attacks"

Can EU regulation help address connected car concerns?

The report has also looked at the fact that EU legislation might play an important role in the roll out of safer connected car technologies.

The General Data Protection Regulation (GDPR), for example, dictates that everyone has the right to the protection of personal data.

According to the European Commission, under EU law, personal data can only be gathered legally under strict conditions, and "persons or organisations which collect and manage personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law."

Elsewhere, by 2018, EU legislation will also require all new cars to be equipped with the e-call solution, a subset of the concierge services being offered by some manufacturers such as GM's On-Star System.

This will allow cars to automatically contact the emergency services should it be involved in an accident. The impact of this regulation means that all cars will, by default, have a built-in SIM card to provide the required connectivity, according to the paper.

Caroline Coates, head of automotive at legal firm DWF, said that by the end 2018, the UK government intends to engage with the EU and the UN regarding type approval and technical standards generally, in addition to the regulatory aspects of protection from cyber threats and governance of vehicle control software.

"These are all critical to the success of autonomous vehicles," she told CBR. "The UNECE (international agreements relevant to manufacturing standards - United Nations Economic Commission for Europe) are grappling right now with working groups on how to cope with automatically commanded steering functions.

"The EU have issued a directive that by 2018, all new cars must be fitted with tracking devices that alert emergency services in the event of an accident - eCall."

Speaking on data generated from cars, Coates said that at some point we will need the legislation regarding the data collected and its use to be revisited.

"This is likely to be very challenging, requiring collaboration and harmonisation across territories. And of course there is the very real threat of cyber attack - from the casual hacker or terrorist - and the less sinister but nonetheless worrying risk of data loss by those collecting it."

Automakers not shy about building connected car technology

Nevertheless, automakers seem to generally agree that like any other technology or invention it will only be a matter of time until consumers embrace and adopt their smart car technologies.

For example, BMW, which this week celebrates its 100th birthday, has unveiled its vision of what a connected car will be and look like in the future.

Named BMW Vision Next 100 [pictured above], the futuristic car will allow drivers to choose between autonomous driving and human driving.

The company said AI and intuitive technology will become one in its car as the technology learns about human's habits.

To build the Vision Next 100, designers primarily used fabrics made from recycled or renewable materials. The visible and non-visible carbon components, such as the side panels, are made from residues from normal carbon fibre production.

Technologies like rapid manufacturing and 4D printing will produce not components or objects but intelligent, networked materials and could soon replace conventional tools to open up unimagined possibilities in design and engineering.

Adrian van Hooydonk, Head of BMW Group Design: "Our objective with the BMW VISION NEXT 100 was to develop a future scenario that people would engage with.

"Technology is going to make significant advances, opening up fantastic new possibilities that will allow us to offer the driver even more assistance for an even more intense driving experience.

"My personal view is that technology should be as intuitive as possible to operate and experience so that future interactions between human, machine and surroundings become seamless."

Category: 

Add new comment

By submitting this form, you accept the Mollom privacy policy.