BlogsRSS

Volkswagen scandal raises new IoT security issues

One of the interesting side effects about the Internet of Things is that telecoms journalists like me find ourselves writing about things we wouldn’t normally write about.

Like Volkswagens.

You’ve heard by now that Volkswagen has been caught cheating on emissions tests for its diesel cars, and now faces up to $18 billion in fines in the US, while investigations have been opened in other countries. Cheating on such tests isn’t new – what’s interesting is how they did it.

Volkswagen reportedly preprogrammed its cars’ computers with an algorithm that would allow them to detect when an emissions test was being carried out, and then temporarily change the engine’s performance so it seemed to be running up to 40 times cleaner than it was. And Volkswagen did this for six years before it was caught.

Clever. And it’s something we can expect to see more of as we start making more and more “things” smart, software driven and connectable, says security expert and Resilient Systems CTO Bruce Schneier:

The Internet of Things is coming. Many industries are moving to add computers to their devices, and that will bring with it new opportunities for manufacturers to cheat. Light bulbs could fool regulators into appearing more energy efficient than they are. Temperature sensors could fool buyers into believing that food has been stored at safer temperatures than it has been. Voting machines could appear to work perfectly -- except during the first Tuesday of November, when it undetectably switches a few percent of votes from one party's candidates to another's.

This also raises a new vector for IoT security. Computer security is typically concerned with keeping bad guys out.Consequently, when we talk about IoT security, we think in terms of protecting the “things” from being compromised by outsiders. But what happens if they’re compromised by design? And how do you prove it was a feature rather than a bug?

Read more here