Junko: I don't think you car would have to be stolen for the knowledge about the driver to be "shared" when the car is networked. Right now, corporations and governments are collecting massive profiles on individuals based on big-data gathered from social networks, retail discount "clubs," credit purchases, and other once sensitive data. It's also possible to listen into in-car conversation through OnStar and other systems. So, really, your car will just be one more portal into your private life.
Does this make anyone else want to revert to a "classic" used car? Could there be an evolving market for "dumb" cars that cost thousands less than fully networked "smart cars?"
Imagine everything is on a smartphone including car key. If the car doesn't cache the info, losing your car may not be a security concern. Yet, losing your smartphone will undoubtly cause a lot of headaches.
:-) My wike does quilt making classes and one of the ladies there asked her daughter to open a new bank account for her while she was overseas. Imagine her surprise when she came back and found that $3000 wa missing for various recreational pursuits. Yep a car doesn't make a good wallet :-)
Beyond the idea of your car being your credit card, what fascinated me during my conversation with Richard Soja at Freescale was the prospect of what might happen next when your car starts talking to another car -- in a C2C or V2V scenario.
Obviously, the driver isn't the one doing the talking. Your car is communicating with another car to make sure that they don't bump into each other.
You may call it that it is just a "sensor" thing, but what other communications will be happening between the two cars? Can that communication be intercepted or interfered?
If the car is talking to the other car, I'm sure the potential exists for that transmission to be intercepted. This is one of the really cool IoT concepts--cars communicating not only with other cars, but also with infrastructure to determine if a bridge is open or closed, where there is heavy traffic that should be avoided, where a stoplight may be out, etc.
Hi Junko, this is a very useful addition to safety (car to car comms) and I fear it will take government intervention (like for OBDII) for all manufacturers to standardise. The only thing is that they will have to overcome the desire to too tightly integrate it with other systems otherwise they will make hacking just too easy. When hackers are considered it may turn out to be too dangerous to have it. I'd love to sit in on an implementation discussion with all of the pitfalls weighed up against the benefits.
The assumption that the personal info, i.e. smart card, would become embedded in the car, rather than staying with the user, might not be a good assumption? If you buy gas, for instance, why have the car identify who you are, rather than some device you have on your person (if not embedded in your bellybutton)?
There's all sorts of stuff along these lines coming. A new building our company is moving to will charge you for lunch via payroll deduction. We already have smartcards as ID badges. So you walk through the lunch line, put your badge up to the reader, it knows who you are and what to charge you for that lunch. Same badge also lets you in the building (already does that) and it allows you to log onto your PC (already does that). All via near-field-communications.
The more you can avoid sending personal info to non-essential systems, such as the car, the better. The same smartcard in principle could also be used to start the car, instead of a key fob, but I'm not sure that much integration is so useful?
Bert22306, I think you are right that it might be better to have the data embedded in the person telly-tubbie style and not in the car. That way you can tell Ronald McDonald to charge the food to guy in the backseat. How does the drivethru deal with multiple people's payment info in a car? What if the car ahead of you charges purchases to the car behind? I'm sure there are already workarounds for this.
In one niche application, we already have cars serving as "smart cards on wheels": EZpass toll booths. In some places, we can drive through the toll booth at the speed limit and the RFID system deducts the payment from our account. Interestingly, the highway authorities are starting to conclude it isn't worth paying humans to collect tolls from those drivers without EZpass. Instead they image the license plate and send an invoice. While glitches may occur (in San Francisco, the backlog for processing invoices was so long that people were charged late fees while their checks aged on a desk), there are many ways to separate consumers from their money. RFID is only one.
Check out the website canbushack: Hack Your Car . Robert Leale of CanBusHack Inc. spoke at the BlackHat conference as part of DESIGN West last year. For instance, the site describes how to:
"Stop Normal Communications (GMLAN and Others): This service is fun because you can make the Normal Communications (the ECU to ECU communications that occurs normally on the network) stop. Why would such a service exist, mostly to clear the bus for large amounts of data such as when a controller is going to be reflashed over the CAN Bus. ..."
I guess it would be awesome if the restaurant where you frequently go, already has your payment information and you dont hve to spend too much time. Security is the only concern. What if your car is shared with friends and family. It will be nice to have a tablet inbuilt in the car.
Sheetal: I don't think you need a smart car if you want to pay at a restaurant through some fast alternative. All you need to do is swipe your card once at a restaurant and have them keep it on file for future use. Or maybe you could use a mobile payment option on your phone. There must be 50 ways....
There is a cool app called TabbedOut. It was originally developed for use in a bar, but expanded to use in restaurants. You just check in when you get there, can check your running tab at any time, ad pay as you are walking out the door. No need to flag down a server or bar tender. I think it's a cool concept, but never used the app. The closest place that accepts it is 45 miles away...
The smarter our things get, the more I worry about how secure my information is and to what degree these servcies will do more harm than good for me. While so many of these services are billed as "conveniences," I'm continually impressed at how very poorly companies are at exploiting the information that they do collect about me.
The automatic payments may be efficient - but they can create problems if you're not thinking of all the possible consequences. If you lend your car to a friend, they rack up the tolls on your EZpass. How many people think of that? Our local pizza place has caller ID and knows when we're calling for pizza. Certainly they could retain credit card information - but any guest in the house would also trigger a payment from our account (and not necessarily even realize it had happened).
Yep, DrQuine. So many "uninteded consequences" are waiting to happen. It is interesting that many system design issues today are no longer just about what technologies can do. They are about what they might trigger something we haven't even thought about before.
Hmm I find this analysis very interesting and thought provoking. I must be in the minority though, because if Apple made my credit card details available in that fashion I'd be closing my iTunes account and shredding my credit card and asking for a replacement. I don't have any sensitive information on my phone except for my phone No. and address. I also don't own an RFID card but if I did it would be stored in a metal wallet. It seems like all these people are looking for ways to lose your money. I'm not sure how it is in your neck of the woods, but now we don't have to enter a pin or use a signature if the sale amount is less than $30. The opportunity for theft with a combination of $30 limit and RFID card is incredible, and because the bank only lets you criticise a suspected wrong charge for 2 months means you literally need to check every entry on your statement within this time (if you have an RFID based card) They certainly are getting very cavalier with out money.
As I stated in my comment to Junko's earlier article "Infineon: Breaking Down Automotive Attacks" and to this article again, I hear the automotive electronics experts focusing on building secure individual controllers that will only execute vetted code. But the 'black box' that is build around these impervious controllers accepts unencrypted throttle commands from 0 to 100%. Or may be it is encrypted, so another black box must create a trusted and secure connection between the boxes first. But like internet connected computers today, once this secure and trusted connection is established, the malware that has found its way on to the second box takes over and happily sends those throttle commands.
And if these common with existing systems security problems are not enough, as this article shares, your car has government involved in requirements far more than your laptop. Your state government wants to sell ads on your license plate, that will display while you are at a stop (I have to ask, while driving a multi-ton vehicle, even while stopped, is there not other places I should be focused than reading advertisements on the license plate in front of me????). I am sure there was never any talk of interfacing these digital license plates to any of the buses on the vehicle....
Wait, I'm confused. The article link you sent does not seem to say anything about selling ads on license plates. I would be opposed to that. But the idea of digital license plates, as described, does not seem like a problem to me, provided there are no security issues. I like the idea of not having to put the registration sticker on my license plate and I also like the idea that digital license plates might make the whole process of dealing with the DMV more efficient. I call that progress and a good use of technology.
Hi, the references to the ad model to help with state budgets has been 'back burner'ed' in these latest pushes for the digital plates. But if you listen closely, it is still mentioned. And googling the idea will show that it is still an idea well likes by more than a few.
Your comment 'provided there are no security issues' should be making you light up like the robot on Lost In Space! 'Danger Will Robinson!!!!!'
These articles here are all about questioning whether skilled engineers and businesses are current enough, smart enough and focused on security of automotive systems as the become more complex. AND YOU ARE HAPPY TO INCLUDE THE DMV? You must have a very different DMV on your planet than all of us on Earth :-)
Death, taxes, USPS and the DMV... I think we should focus on near term solvable problems like space elevators....
NASA's Orion Flight Software Production Systems Manager Darrel G. Raines joins Planet Analog Editor Steve Taranovich and Embedded.com Editor Max Maxfield to talk about embedded flight software used in Orion Spacecraft, part of NASA's Mars mission. Live radio show and live chat. Get your questions ready.
Brought to you by