- Aug 12, 2013
In Detail: CarKnow Car Hacking
Whether it's jailbreaking an iPhone or updating a digital camera with unofficial firmware, messing with the manufacturer's original equipment carries both risks and rewards. Risks range from losing out on future updates and support, to voiding your warranty, to possible litigation. Rewards are limited only by the imagination of the user and the hardware itself, which is precisely what makes the parlous practice so appealing to some.
As we learned on last week's episode of TRANSLOGIC, virtually any product containing a computer can be hacked, including the modern automobile. In fact, hacking fits a long tradition of car modification. "It's the future of hot rodding," says CarKnow founder Josh Siegel.
CarKnow is a tech startup based in Brookline, Mass., just outside of Boston. The company seeks to unlock the potential of vehicle data, which is generated by the car and driver whenever the vehicle is in use. CarKnow uses custom hardware and software to digitally duplicate the car online, where information can be accessed and stored on the Internet cloud.
CarKnow's Carduino system connects to the vehicle via the easily accessible onboard diagnostic port (OBD-II) and can access information from the controller area network (CANBus), resulting in a rich, diverse data set.
Using the data gathered by Carduino, CarKnow develops custom apps that allow the end user to control their car remotely, via a laptop, tablet or smartphone. CarKnow supports MIT's CloudThink standard and a public API is in the works for developers.
Here are a few examples of apps that CarKnow has already developed:
This app allows the user to track the speed and location of their vehicle. As the name suggests, Teen Tracker is intended for parents to monitor the driving habits of their teenage driver in real-time. The app provides an approximate first-person view of the vehicle's current location via Google Street View.
This app provides a simple solution for an age-old car owner conundrum: It's hot and you'd like to leave your windows cracked, but the forecast calls for a chance of rain. CarKnow's Weather Watcher cross-references vehicle location information with the local weather report to automatically roll up your windows in the event of inclement conditions.
The days of manually tracking your gas mileage are over. Green-O-Meter uses vehicle data to report the eco-friendliness of your driving style, and even provides tips on how to improve your mileage.
A question that came out of our time with CarKnow was whether or not all this vehicle data could truly be held securely online, and accessed securely via a smartphone application. We reached out to Senior Cyber Architect Barry Lyons IV, a certified information systems security professional, for his take. (Disclosure: Barry Lyons is a relative of TRANSLOGIC host Bradley Hasemeyer.)
"Putting all your car data into the Internet 'cloud' is in and of itself incredibly risky; the Internet is not secure." says Lyons. "CarKnow may encrypt the data until the cows come home, but if the application resides on a smartphone, a clever hacker will crack the application and its associated encryption."
CarKnow founder Josh Siegel recognizes the risk, but thinks it's worth the reward.
"I think this highlights a poignant truth--the Internet is, fundamentally, insecure," said Siegel. "Nonetheless, the Internet has grown and continues to grow in scope and utility, despite an inherent risk, simply because people value the convenience it affords."
Siegel also notes that CarKnow's applications are web-based and that any encryption/decryption algorithms do not reside locally on the user's smartphone. Further, only approved "whitelist" commands can be sent to the vehicle. According to Siegel, CarKnow uses the same or better security measures to protect cloud-aggregated data as major automakers.
"In my case, I see tremendous value in Big Data, so my willingness to share will be significantly higher than someone who doesn't value remote start or preventative maintenance analytics," said Siegel. "I believe that the weakest links in automotive security are rubber brake lines, nuts, and bolts--not wires, bits, and bytes."
We applaud CarKnow for being on the forefront of important issues like information ownership and "Big Data" as they relate to the automotive landscape, but we can't help but balance that admiration with a healthy dose of skepticism. After all, when it comes to the safety of you and your car, can you really be too careful?
Hack at your own risk.