Deep dive: Please, don’t jailbreak your Tesla
Volvo just poured $30mn into an Israeli startup working on connected vehicle cybersecurity, part of an ongoing stampede by automakers to keep their products safe against a new generation of digital threats.
As our cities and homes get smarter - increasingly saturated with IoT enabled sensors, meters and intelligent devices - the same process is quickly happening to our cars. Given that almost 120mn households in the US have some sort of smart speaker, and the global number of IoT devices is predicted to hit 20.4bn in a few months time, cars are a logical place for the hyper-connected future to affect in ways we couldn’t have imagined a decade ago.
In 2018, the average American spent a total of 18 days in cars, and even form close emotional bonds with their cars, according to a study commissioned by Cooper Tire. It’s not so hard to imagine a year 2029 where the majority of vehicles are fully autonomous and as much a digital appliance as a laptop or smartphone (see what Injury Reserve think that’s going to look like).
Back in 2004, when the US DoD offered a prize to any self-driving vehicles that could complete a 143 mile course, only one entrant made it more than seven miles. Today, autonomous car makers are testing their creations on roads from Phoenix to London to Shanghai.
It isn’t hard to see that the global personal transport market is headed towards an ‘Internet of Cars’, powered by 5G adoption. “Cue 5G and sensor-driven collision-avoidance technology, but also vehicle-to-infrastructure communications, so a driverless car could respond to a red light. It could also enable citywide traffic management, with a central hub instructing driverless cars which routes to take to keep traffic flowing across a city,” posits Jamie Carter of Forbes.
However, while a more connected world can theoretically make our road networks safer, more efficient and hands free, there is mounting concern across the automotive sector that increasingly digital transport solutions are increasingly vulnerable to a new form of attack.
The Jeep Hack
In case you missed it, the unsettling power of hackers to remotely interfere with a car on the road was demonstrated as early as 2015. “I was driving 70 mph on the edge of downtown St Louis when the exploit began to take hold,” wrote Andy Greenberg, a reporter for WIRED who volunteered to drive around in a Jeep Cherokee while hackers Charlie Miller and Chris Valasek wreaked havoc with the car’s radio, windscreen wipers, air conditioning and, finally, its engine.
“The Jeep lost more momentum and barely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver saw me, too, and could tell I was paralyzed on the highway. ‘You're doomed!’ Valasek shouted, but I couldn't make out his heckling over the blast of the radio, now pumping Kanye West,” Greenberg wrote later.
The two computer whizzes made their way into the car’s system via an internet connected computer in its dashboard and Chrysler had to recall 1.4mn vehicles as a result.
Four years later, there are as many as 112mn connected cars on the road around the world, and the potential security risks are prompting significant investment from the world’s car makers.
Volvo and Upstream Security
"Our mission is to protect every connected vehicle and smart mobility service on the planet. This funding is perfectly timed to meet the growing demand for our data-driven, cloud-based platform, providing our customers with the capabilities it needs to accomplish this vitally important task," Yoav Levy, co-founder and CEO of Upstream Security, a cybersecurity startup based in Tel-Aviv.
Today, the Venture Capital subsidiary of Volvo Group announced that it is investing $30mn in Upstream in order to fund the development of systems to protect connected vehicles following the introduction of data-driven technologies.
"Upstream Security has a promising offering and capability to support with cyber security solutions to meet our future requirements," commented Anna Westerberg, acting CEO of Volvo Group Venture Capital and SVP, Volvo Group Connected Solutions.
Please, don’t jailbreak your Tesla
Car companies upselling expensive extras has been part of the auto buying experience for decades. Back in 2015, those with the (not inconsiderable) funds to pick up a Bentley Bentayga also had the option of replacing the standard clock with a $170,000, diamond-encrusted dashboard clock by Breitling. This is an extreme example, but the war against being overcharged for bells and whistles has been raging between car owners and dealers for more than half a century; it makes perfect sense that, since the modern sedan has the power to connect to the internet, download apps and features that car owners would go looking on the web for third-party software to enhance their rides.
Cybersecurity firm Kaspersky wrote in a blog last year, acknowledging that “those perks don’t come cheap.” Kaspersky researchers found a thriving market for equipment and software that allowed users to bypass digital restrictions on their cars, including “special modules for resetting the mileage or reloading the airbags after an accident, saving on maintenance, as well as tools for diagnosis and unlocking paid features, pirated navigation apps, and unlicensed accessories. Naturally, those products were all quite a bit less expensive than what manufacturers offer. Why pay more if you don’t have to?”
Because you actually get what you pay for, according to Kaspersky. Once these pirated tools get access to a car, the cybersecurity measures that prevent hackers like Miller and Vasalek from remoting in and running amok are bypassed. “hey can monitor the car’s movements, eavesdrop on conversations, or access a smartphone connected to the system. Or they could turn off the alarm and unlock the doors. Enterprising cybercriminals might even inject ransomware, preventing the vehicle from moving until the owner pays up in cryptocurrency,” suggests Kaspersky.
How to hack a Tesla in under three minutes
So far, I haven’t talked about Tesla that much outside these titles. That’s for a couple of reasons: first, the Injury Reserve song Jailbreak the Tesla from earlier that you should have listened to that brilliantly expresses the changing attitudes of a technology-savvy community of car owners who view turning the “X into a Batmobile rip” and stunting by taking a Tesla to West Coast Customs with the same relish as dads in the 1960s putting better spark plugs in their Crown Coupes; and secondly because, in addition to pioneering the adoption of electric vehicles across the world, Tesla has led the field of automotive cybersecurity since its inception.
To keep ahead of the competition, Tesla has a novel approach: a competition.
Back in January, the company put a bounty on the new Model 3 sedan, saying that anyone who could hack it and expose vulnerabilities in its security systems could have one.
Many tried. Some succeeded. A group of hackers from China managed to trick a Model 3 into changing lanes remotely in March of this year at an event in Vancouver. The “Pwn2Own” approach that Tesla has taken to beefing up its security systems has precedent in the cybersecurity space for decades, but Tesla is the first automaker to embrace the strategy.
Where does the road go?
By 2025, Grand View Research predicts that the automotive cyber security market will hit $5.56bn per year. Increased risk of data breaches, as our personal information becomes increasingly integrated into the technology we use on a daily basis, will drive massive investment. However, whether strategies like internal R&D departments, investment in startups, or simply challenging the world’s best hackers to "take their best shot” will prove effective remains to be seen.
Is Cloud Computing Environmentally Friendly?
Cloud adoption was well underway before the coronavirus pandemic hit but it has definitely accelerated more organisations to make a move.
Research from NetApp has found that a large majority of users (86%) felt the cloud has become essential to their business and many of them saw it as playing a greater role in their storage strategies. Some 87% viewed storing data in the cloud as easier than other methods.
Flexera, revealed that almost all organisations are using at least one cloud with 99% of respondents saying they are using at least one public or private cloud. 97% of respondents utilise at least one public cloud, while 80% have at least one private cloud. 78% of respondents are using hybrid cloud.
By pursuing a green approach, Accenture analysis suggests migrations to the public cloud can reduce global carbon (CO2) emissions by 59 million tons of CO2 per year. This represents a 5.9% reduction in total IT emissions and equates to taking 22 million cars off the road.
A greener cloud
Selecting a carbon-thoughtful provider is the first step towards a sustainable cloud-first journey. Cloud providers set different corporate commitments towards sustainability, which in turn determine how they plan, build, power, operate, and retire their data centres.
The Google Cloud platform has committed to operating its data centres carbon-free 24/7 by 2030, rather than rely on annual direct energy matches. In 2020, Google became the first company to achieve a zero lifetime net carbon footprint, meaning the company has eliminated its entire legacy operational carbon emissions. According to Google, their data centers are twice as energy-efficient as a typical data centre, and they now deliver seven times more computing power for the same amount of electrical power than they did six years ago.
Microsoft has committed to shifting its data centres to 100% supply of renewable energy by 2025 through power purchase agreements (PPAs). The company has launched its ambition to be carbon negative by 2030 and by 2050 to remove all carbon emitted by the company since 1975. Microsoft Azure’s customers can access a carbon calculator that tracks emissions associated with their own workload on the cloud.
A new forecast from International Data Corporation (IDC) shows that the continued adoption of cloud computing could prevent the emission of more than 1 billion metric tons of carbon dioxide (CO2) from 2021 through 2024.
"The idea of 'green IT' has been around now for years, but the direct impact of hyperscale computing can have on CO2 emissions is getting increased notice from customers, regulators, and investors and it's starting to factor into buying decisions," said Cushing Anderson, programme vice president at IDC. "For some, going 'carbon neutral' will be achieved using carbon offsets, but designing datacentres from the ground up to be carbon neutral will be the real measure of contribution. And for advanced cloud providers, matching workloads with renewable energy availability will further accelerate their sustainability goals."
Accenture analysis shows that customising applications to be cloud-native can stretch carbon emission reduction to 98%. Customisation requires designing applications to take full advantage of on-demand computing, higher asset utilisation rates, and dynamic allocation of computing resources. Cloud computing is also a way of reducing the use of resources such as paper, electricity, packing materials, and much more.
For companies striving to cut carbon emissions and to become more sustainable, cloud computing is definitely an option. Taking the steps to choose the right providers and making the businesses more efficient is key to having the wanted end result.