Could In-Vehicle Apps Give Software “Crash” a New Meaning?

The race towards in-vehicle apps is on, as big automakers Ford and General Motors jump to announce mobile app integrations for their vehicles. This may come as news to some, but others have long predicted what Wired’s Thilo Koslowski refers to as “The Internet of Cars”.

Now “The Internet of Cars” is much more a reality than a prediction. According to Frederic Lardinois of TechCrunch:

“Ford [yesterday] introduced its new AppLink API that allows mobile apps to talk to its cars. Not to be outdone, General Motors just introduced its own API and SDK for its new in-vehicle app platform. the big difference here is that while Ford uses a driver’s smartphone, General Motors’s framework for its MyLink platform is meant to let developers run apps hosted in the car’s infotainment system.

GM announced four potential launch partners for this new system: iHeart Radio, TuneIn, Slacker, and The Weather Channel. At least some parts of the SDK will allow developers to use HTML5 and JavaScript to write their apps, though details about this still remain sparse.

The company’s 2014 model year, which will launch in late 2013, will feature the first cars to have this new capability, but the company hasn’t announced which vehicles will get this feature first. The cars that will feature this system will allow drivers to download apps directly to the car through an app catalog.”

Developers that plan to launch and run their apps in a vehicle app platform must note the significance of testing outside the lab. Mobile app development teams need to be able to adjust their development and quality assurance processes to a platform that is far from a mobile device or tablet. An in-vehicle app platform requires a different breed of testing, and the only way to know how an app will run in a vehicle is to test under real world conditions.

A major development project like this brings countless real world situations to question: will different conditions of the vehicle affect the app system – or worse – can the app in any way affect conditions of the vehicle? A recent post “The Future of Software Security Testing“, by uTest’s Jamie Saine, says that without enhanced security measures a car’s software system could certainly be compromised.

“To complicate matters, the opportunities for attacks are growing at an incredibly fast rate, meaning manufactures are falling even further behind. The introduction of entertainment screens and app integration into vehicles is the latest security frontier. Bruce Snell, Technical Marketing Manager for McAfee and a member of their vehicle security research team, said in an email interview that while he doesn’t want to incite panic, he does believe these new features are will require enhanced security measures – and may not be a good idea at all.

‘The first thing that comes to mind is the Facebook and Twitter integration that is showing up in some of the high end vehicles,” he said. “They’re basically connecting the vehicle to the internet, which is in turn opening it up to attack. I am both a car fanatic and a gadget junkie, and I really think adding features like that to a vehicle is a bad idea. Not only from a security perspective, but from a driver distraction perspective.’

In addition to connecting to the internet, the software involved with entertainment systems is extremely similar to the technology used in web and mobile apps, meaning hackers already know which exploits work best. Connecting to apps – either via the cloud or by physically connecting a mobile device – opens the door for malicious actions to extend to the car’s software system.

One issue of concern is fighting ordinary PC viruses that could potentially infect cars when laptops and other devices are plugged into infotainment systems.

‘Viruses are something that needs to be addressed directly. How we guard against that transfer to our system is a primary focus of our efforts,’ said Toyota spokesman John Hanson.  – Reuters

Ford recently announced the addition of SYNC App Link to one million vehicles, including new models of the Fiesta, Mustang, Expedition, Fusion, F-150 and Super Duty. SYNC App Link allows drivers to link their smartphones to their car, allowing them to control apps on the phone via voice or steering wheel buttons. Luckily, Ford already has an eye on the potential issue of app vulnerabilities allowing hackers access to a vehicle’s systems. It has security experts in place to specifically look into the vulnerabilities of SNYC and is taking steps to ensure entertainment apps are separate from other systems.

‘Ford is taking the threat very seriously and investing in security solutions that are built into the product from the outset,’ Alan Hall, a Ford spokesman, told Reuters.

It’s reassuring that Ford, and hopefully other big automotive brands, realize the severity of these software integrations. The truth is that if in-the-wild testing is overlooked, a software “crash” could have an all new meaning.

Looking for more resources on In-The-Wild Testing? Download this free whitepaper here.  

Essential Guide to Mobile App Testing

Leave a Reply

Your email address will not be published. Required fields are marked *