| Your car is insured and is easily replaceable. Car theft has declined precipitously in recent years. According to the NY Times [1], in 1990 there were 147,000 cars reported stolen in NYC. In 2013, that number had dropped to 7,400. On a per capita basis, it went from 1:50 to 1:1,100; a 96% drop. This dramatic reduction in theft cannot be solely attributed to an overall reduction in crime either. This is not an argument for the status quo. I'm just pointing out that the principles being espoused in the responses here aren't axioms, they're value judgements. As software developers, we're taught to be hyper-paranoid when it comes to security, and we should be. That's how a culture of security is built. However, in a broad sense, a balance must be struck. Like it or not, there is an acceptable rate of car theft, and that rate is non-zero. The acceptable theft rate is defined by what consumers are willing to pay to insurance companies to take on the risk and the assessment of the balance between probability and the anticipated inconvenience of having their car stolen. Consumer choices are defined by the alternatives, though. If the solution is that cars shouldn't have these features at all, can you find that car? What else do you give up in the process? Unless automakers ignore the problem, and theft rates skyrocket, buyers are still going to seek out these network enabled features because their convenience outweighs the risks. Of course, it could be argued that we'll see a rise in theft again as criminals learn to use new technologies to steal cars. This has already happened in some places. BMW has run in to a couple of fairly high profile cases of this recently. In one case, attackers combined the easy accessibility of the ODB II port from a broken window with a security weakness in the cars software to bypass all the theft protection. No network access required! The linking of the CANbus to network systems is too enticing from a consumer convenience perspective. That genie is out of the bottle. 1: http://www.nytimes.com/2014/08/12/upshot/heres-why-stealing-... |