IoT in Vehicles: The Trouble With Too Much CodeCampbell Murray of BlackBerry Says Code Bases Need to Be Reduced
The threat and risk surface of internet of things devices deployed in automobiles is exponentially increasing, which poses risks for the coming wave of autonomous vehicles, says Campbell Murray of BlackBerry.
To get a sense of how complicated today's cars are, Campbell notes that while A380 airplane runs around four million lines of code, an average mid-size car has 100 million lines of code.
Statistically, that means there are likely many software defects. Using a metric of .015 bugs per line of code, that means cars with that much code could have as many as 150 million bugs, Campbell says in an interview with Information Security Media Group. Reducing those code bases is one way to reduce the risks, he says.
"It's absolutely astonishing - the number of vulnerabilities that could exist in there," Campbell says.
Meanwhile, enterprises deploying IoT need to remember the principles of safe computing: assigning the least amount of privileges, using dual-factor authentication and strong access controls, he adds.
In this interview (see audio link below photo), Murray discusses:
- Where problems will emerge as the number of IoT devices increases;
- How to apply long-known security principles to IoT;
- The tension in IoT between security, usability and coming to market.
Murray is head of cybersecurity delivery for BlackBerry. He was previously technical director for Encription Limited, where he was responsible for maintaining standards in penetration testing, forensics and information security training.