Wednesday, July 29, 2015

Apps, apps, apps...

There is a lot in the press currently about Telematics and everyone seems to be getting hung up about "Apps" - especially in the context of the car...

I wanted to get down some thoughts on apps. In essence :- it's not really about the app... let me explain.

All "apps" cater to some basic (and usually pretty old) need/desire - let's take "listening to music"; I (like many people) now use music streaming services like Spotify, Google Play Music and Apple iTunes and many more.

Why do I pick one "app" vs. another?

1. Content first 

I like classic rock, when Spotify did not have Pink FLoyd or Led Zep - I looked around for an alternative. Now they have those artists, I use their service. The right content is the "mandatory" part of the app. So what makes me "loyal" to one app/service.

2. Ease of Access

The next thing that differentiates one "app" from another is how easy is it to use. Sure App UX is important. But again, I see this as a mandatory/basic thing... what really matters is that I can get access to the content wherever I happen to be. In the living room, in the kitchen, in a car, on a train in a plane or a hotel room. That means the "app" (really "the service") is largely platform agnostic.

This is where Spotify comes up trumps again: it works on my Android phone, my PC, my iPad, Sonos, the family MacBook our TV etc. And better yet all those devices "know about each other" so I can control the TV from the iPad etc.

It also lets me listen to music offline (e.g. when travelling). Again, it's the content where I want it, when I want it.

3. Personalisation

The last and most crucial aspect of differentiation is the degree to which the app/service recognises me and adapts itself to me. Let's stick with music streaming: over time I have built up a library of playlists and "saved" a bunch of albums I like. This represents some personal equity in the service - I created these, it would take time and effort to create them somewhere else.

That's where music streaming stop short of how far they could go. They have my listening history. With that they could offer (maybe they already do) big data powered personalised recommendations. You seem to like The Stone Roses and Led Zep in the morning; maybe you would like this... that listening history is much more difficult (impossible?) to move from service to service.

In essence personalisation offers me (the user) value/features - but in turn raises the switching costs associated with an app/service.

If you get all three of these right - then you have a good "app"; loyal customers and a potentially lucrative business. But did you notice how little of it is really about "the app"...

Much maligned diagnostic connector and protocols (e.g. CAN)

There has been a lot in the press recently about "car hacking" (there always seems to be a spike just before the black hat conferences).

I read a lot of car security articles and there are some basic premises put forward in many that are not fully accurate, and that annoy me. So I thought I would write down a rebuttal:

Diagnostic protocols (e.g. CAN messages) can be used to attack your car...

Yes they can (sic.). That is really the whole point of the controllers and the network of them. They control stuff!... mainly stuff in your car. If you send them messages they will control stuff differently. The more electronic controls you have (and the trend is more and more on each new vehicle) - the more aspects of the car you can control with these messages.

These networks are also designed to allow a technician in a garage, using a tester connected to this network, to control aspects of the vehicle - to test everything works as expected. 

So if you plug a computer into the diagnostic connector (and make it part of the car control network) you can do all sorts of crazy stuff.

There are fairly limited security measures in place on the network to ensure the tester is "genuine" (seed/key challenges to enable certain, more dangerous features). But these are almost trivial to crack, and the easiest way to compromise them is to compromise some software that contains the algorithm, such as:
  • Application layer code on a trusted controller on the network
  • Diagnostic software installed on a tester (typically a PC)
But the key security measure here is the physical security of the diagnostic connector (and the controller network). To hack a car this way - you need to be "plugged in". The diagnostic connector is normally inside the dashboard area. So if a would-be attacker, can gain physical access to your dashboard - hacking CAN messages is the least of your problems... they may as well just disconnect the brakes?

The thing that has changed here is that controllers on the network are now connected to other networks (e.g. WiFi, Bluetooth, or cellular) and/or certain controllers can be exposed to malicious content via physical media (USB, Flash sticks etc). The chain is only as strong as the weakest link...

It is the security of those other connections that needs to be "bullet proof"; or at least as secure as the physical security of the car. (Why not trigger the car alarm/immobiliser if attacks are detected on these connections?)

Those "other networks" are the problem, they let you get inside the car, without being inside the car... the weakness has nothing to do with CAN network or diagnostics. We can and we should improve the security of diagnostic protocols (see earlier), but they are not really the main problem and neither is the diagnostic connector. 

The problem is the lack of security around this new way to get inside your car...