Confusion may be the friend of autonomous cars and IoT

I’ve been reading a lot of articles about autonomous automobiles recently (there are a lot of articles out there these days) and one author talked about the necessity to have self-driving cars communicate with each other. If all the cars on the road could communicate with each other then they could drive the highways at greater speeds with much less distance between each car since they would all know what the others are doing.

However, as someone posted in the comment section, now that we have had a demonstration of people hacking a Jeep remotely and taking control of the vehicle from miles away, in an autonomous automobile world all it would take is one successful hack to create pile-up collisions of epic proportions.

But then, in a different article going into more depth on the Jeep hack, that author pointed out that while automobiles have virtually no security (and auto manufacturers are ‘racing’ to implement some sort of measures to prevent these types of hacks sometime in the next five to eight years) they also have no common protocols from one vehicle to the next or even one year to the next of the same model.

What that means is that even though the hackers could take control of one particular model Jeep, they couldn’t necessarily use the same codes or techniques to hack a different type of car or even the same model Jeep from a different year since they all use slightly different internal communications protocols.

When it comes to security the auto industry is a complete mess and in a weird way that’s kind of a good thing. Since very few cars use the exact same protocols it would be virtually impossible for one hacking technique to work on all cars. There is no universal ‘skeleton key’ since they all use slightly different kinds of locks.

It occurred to me, after reading these articles that this same kind of confusion could also work to protect IoT. It could turn out that the chaos in IoT protocols might be a blessing in disguise. While there are numerous companies all trying to become the ‘standard’ in IoT there also have been talks about the need for standards and consortiums, but standards may not be such a good thing. If there are no standards and all our IoT devices use proprietary protocols then it would be nearly impossible for hackers to ‘hijack’ our homes. They may be able to take over the thermostat in one house but not the door locks or coffee maker or even the thermostat in the house next door.

We may very well reach a point where one IoT device manufacturer makes secure, encrypted, proprietary protocols a selling point. That they will boast about the fact that they will not, under any circumstance work with other devices. Or if they do they will only accept a very, very narrow set of pre-approved communications from non-certified devices.

So even if they do talk to non-approved thermostats they will only accept a very specific range of communications. ‘I have been told that you are a thermostat using the Fahrenheit scale, therefore there are only two possible communications between us – you may send me an integer between 50 and 80 or a zero (meaning you are shutting down for some reason – I don’t care why, I will simply notify the owner you are shutting down) or I will send you an integer between 50 and 80 or a zero (indicating you should shut down). Nothing else will even be considered! And if you send me anything else I will automatically shut down all communications and notify the owner that something is wrong with their thermostat.’

I would put more faith in a proprietary system developed by Apple or another technology firm (since they are at the forefront of cyber security) than a system developed based on a ‘standard’ that boasts blind interconnectivity between devices. Once that standard is hacked then all devices that use that standard are compromised.

But I’m not so sure about trusting a system developed by a company like Google since they pretty much admit that they want to suck as much information from everyone that they can to sell to advertisers. (Dear homeowner, Google tells us that the internal temperature in your home climbed to 83 degrees yesterday at 2:45 PM during the heat wave in your area. Can we interest you in an air conditioner?)

And I certainly wouldn’t buy an IoT system developed by an automobile manufacturer.