Growing Demand for Vehicle Telematics Has Suppliers Looking at User-Data Security

Recent analysis by the Center for Automotive Embedded Systems Security concludes onboard vehicle computer systems increasingly will be vulnerable to malicious attacks as user-connective technology expands.

Erik Derr

January 26, 2011

4 Min Read
WardsAuto logo in a gray background | WardsAuto

mercedes-mbraceforiphone0_0.jpg

LOS ANGELES – Automotive telematics-service providers are refocusing on user privacy protection as the mobile industry steps up efforts towards a more transparent market.

The Mobile Marketing Assn., an advocate for mobile-phone advertisers, announced late last year improved standards for clearer communication between marketers and consumers.

The group asserts all segments of the marketplace must adopt an “accepted understanding as to how consumer information is collected and used for the purposes of relevant value exchange within a mobile-marketing context and across market sectors.”

Data compiled by the Nielsen Co. shows smartphones represented 23% of the U.S. mobile market in second-quarter 2010.

Meanwhile, mobile Internet users grew from 50.9 million in 2008 to 85.5 million last year, according to data gathered by the eMarketer Report, an online firm that does research on and analysis of digital marketing.

Mobile devices are not governed by the same regulatory standards that ward off outside intrusions from traditional computers.

Recent analysis by the Center for Automotive Embedded Systems Security, a collaborative project between the University of California San Diego and University of Washington, concludes onboard vehicle computer systems will be increasingly vulnerable to malicious attacks as user connective technology expands.

In their study, “Experimental Security Analysis of a Modern Automobile,” project researchers note a hacker able to infiltrate a vehicle’s electronic controls “can leverage this ability to completely circumvent a broad array of safety-critical systems” and possibly initiate “an attack that embeds malicious code in a car’s telematics unit.”

Mercedes’ “mbrace” with smartphone capability not supported by unauthorized apps, Hughes Telematics marketing chief says.

A recent Wall Street Journal study found of the 101 smartphone apps the newspaper tested, 51 used on Apple Inc.’s iPhone and 50 on Google Inc.’s new Android smartphones, transmitted varying amounts of unique information to third parties without user awareness or approval. This included the user’s identification, location and personal data.

“Do we have to consider stuff like that? Yes,” Vijay Iyer, global director-communications for OnStar Corp. tells Ward’s in a phone interview from Germany. “That’s where we build on our understanding of potential threats.”

Iyer says OnStar, which provides subscription-based telematics services to General Motors Co. and Saab Automobile AB vehicles, last summer unveiled a new marketing campaign built around greater social-network connectivity and OnStar MyLink apps, which offer users expanded remote control over automobile functions.

The apps work on iPhone and Android smartphones, as well.

However, Iyer says since its inception in 1995, OnStar has evolved a “multilayered safety system” of encrypted transmission and back-end access codes that make the closed-service system “virtually impossible” to access by unauthorized programs or outside observers.

Kevin Link, vice-president-marketing for Hughes Telematics Inc., developer of Mercedes-Benz’s “mbrace” system and In-Drive aftermarket solution, sees the latest security findings as a game-changer. Consumer privacy rights, he says, are back on the forefront of development.

“We do applaud efforts to show us where our industry needs to improve,” Link says. “We believe our current technology is incredibly secure, (but) are we doing enough?”

Link says Hughes’ services, like the OnStar system, do not support unauthorized apps. He says his brother serves as the company’s chief technical officer with “a passion” for privacy issues honed over two decades in the telecommunications field.

“Security drives ongoing innovation and has impacted “everything we as a company have done,” Link says. Both mbrace and In-Drive are protected through encrypted transmission processes that direct all data transfers between a user’s vehicle and handheld devices through Hughes’ operations center.

“All communications between mobile and vehicle are filtered through back-office protocol, industry-recognized security algorhythms put in place to make sure information doesn’t flow in the wrong direction,” he explains.

In-Drive accesses a vehicle’s computer system through the onboard diagnostics port, mandated in all new cars, and is designed to collect specific vehicle information for the express use of those who purchase the system, Link says.

Insurers, for example, might base client coverage and price, otherwise known as pay-as-you-go insurance, on the driving behaviors recorded by the device.

Additionally, all Hughes staff and officials are subject to security measures that keep any one person from gaining control of auto computers through the system, itself.

Iyer admits OnStar fields an increasing number of requests from younger users who want to by-pass the company service center and manage their applications directly.

Sometime in the future, third-party development might be possible, he says, but at this point, “we haven’t opened up the backbone. We simply wouldn’t hand out our source code.”

You May Also Like