Another concern is a lack of two-factor authentication services. The password combinations used for owner access to the vehicle are insecure and hackable, Miller says. "Passwords can easily be guessed," he says. "Computers can be stolen and hacked into."
This threat can be address via extensive two-factor and risk-based authentications, Miller says. "Two-factor requires a second piece of information, and risk-based requires that the person be physically at a location or predetermined time before the authorization is given," he says.
The fourth threat is too many identities. "We're just getting too ID-weary," Miller says. "We have too many password combinations in too many places. Since people tend to pick simple password combinations, or use the same one at each instance (for both secure and unsecure sites), the danger of being hacked exponentially rises, he says.
A possible solution is to use one password combination everywhere, but ensure that it is extremely difficult to duplicate. "This requires a cloud-based identity broker that enables users to have a single ID, ensuring the correct--and hard-to-duplicate--identity and reducing identity fatigue," Miller says.
The final threat is too much decision-making in the vehicle, i.e. requiring that the vehicle make all the security decisions and take security actions.
"When too much decision making happens in the vehicle, then both in-vehicle software and hardware need to be updated, something people don't like to do," Miller says. "When they don't do it, security suffers." Again, his proposed solution is to move the security and identity decision making into the cloud.
Fact or fantasy?
One analyst says concerns of this sort are not as far out as you might think.
User identification for vehicles will become a growing concern as cars become more connected and networked, says Thilo Koslowski, a vice president and distinguished analyst at Garner Inc., who follows the automotive manufacturing industry.
"Consumers want to extend their digital lifestyles into the vehicle to access infotainment and safety-related content," Koslowski says. "Today's cars don't offer this level of connectivity and therefore this type of security isn't required, but this is going to change."
Koslowski predicts that by 2016 the majority of consumers in mature automotive markets such as the U.S. and Western Europe will begin to expect basic, in-vehicle Web-data access in their new cars. Around that time, or at least by the end of the decade, the auto industry will offer connected content in most of their cars, he says.