The very thought of driving in an internet-enabled vehicle, let alone the type of robot cars that Google and others are now contemplating, sends a shiver up my spine. This is not exclusively a product of the types of dystopian sci-fi I read and watched growing up. It is anxiety born out of knowledge about the vulnerabilities which such vehicles already have, and the ways in which they can be exploited.
Make no mistake – we are not talking about the far off future. Virtually every modern car has at least some computing capacity aboard, but the latest generation, including a fair number which are already on the streets, go a good deal further than just the ECU (engine control unit) which monitors and can control such core features as engine speed and temperature, ABS braking and security.
Many cars have relatively sophisticated entertainment systems, which can include the capability of wirelessly streaming audio or video from a portable device in the car, or even from the user's home network. Navigation systems too are increasingly powered by very sophisticated computers which are capable of connecting out in order to get up to date traffic information, and again routes calculated at home, or on the increasingly ubiquitous smartphone that the driver is likely to be carrying.
As with so many items that are starting to be provided with internet or Wi-Fi functionality as part of the burgeoning "internet of things", such connectivity immediately presents a considerable risk. Cars have for years been fitted with Bluetooth, the relative insecurity of which is offset to some extent by its very short range.
Now, though, cars are starting to be supplied with the option of an installed Wi-Fi router. The range on these is significantly greater, particularly when security protocols such as WPA are disabled, as so many home users already do. Indeed recent surveys suggest that only about three-fifths of home users configure appropriate security on their home Wi-Fi networks, which means a significant number of homes (and by extension vehicles) are without any, or any adequate, protection.
This becomes even more important when you realise that each of these sophisticated and powerful computing devices installed within your car is not an island. In addition to the varied connections to the outside world, there are also any number of internal connections. There may frequently be no firewall between an internet connected entertainment system, for example, and the car's navigation or ECU.
As recent lab-based research by hackers has shown, this opens up the possibility that if any one vulnerability in a car's electronic network is compromised, hackers could gain control over the whole, which might include the ability to control speed remotely, alter navigation information or even disable the brakes (or cause them to activate while the vehicle is at high speed).
Moreover, unlike a home computer or router which is always connected to the internet, and therefore likely to be receiving updates and patches, it is highly likely that the same hardware and core operating systems will remain largely unmodified in a road vehicle for its entire life, meaning that once vulnerabilities are detected they are likely to remain unaddressed for a significant period of time.
Even beyond the rather more exotic concerns outlined above, connected vehicles present plenty of risks for the everyday consumer concerned about the security of their personal information and their privacy. Access to a car's connected systems can reveal regularly used routes from the satnav, and almost certainly the car's home address. One can imagine scenarios where access to the computers of vehicles left in long-term parking at an airport, or on a ferry, would yield the home addresses of people likely to be on holiday (and whose properties might therefore be targeted by burglars).
In the meantime cameras pointing inwards for gesture control, coupled with Bluetooth microphones for hands-free calls, could be used to capture private conversations from inside the confines of cars.
News that internet companies are interested in automotive as a new opportunity for development does not reduce that concern. Most such entities operate on revenues derived from data exploitation to a greater or lesser extent, and it is inconceivable that there will not be many customers (from insurers to advertisers and even governments) desperate to get their hands on the information that may be harvested from the average driver. For that data to be meaningful it needs to be collected in real-time, increasing the pressure for some degree of outbound connectivity which the driver does not have control over.
I could go on. As systems become inter-connected the likelihood of a crash of some critical element increases – and a crash becomes a more literal possibility when the failing component or software is responsible for critical driving functions. If there were to be an accident involving a fully automated vehicle, who would be responsible? The driver, or the programmer of the software that failed? If drivers will continue to be liable, it needs to be born in mind that monitoring by insurance companies could lead to targeted premiums, leading to the result that those who present the greatest dangers on the road are the least likely to be insured because their premiums will be the highest.
The list of concerns is almost endless, and until there is a good deal more evidence of car and technology companies working together to address these risks, the future of automotive is not for me!