Is Apple's CarPlay a Driver Distraction or Security Issue

Apple has you when you're out and about and they have you in the lounge room through the iPhone and iPad. But now, with their new CarPlay, Apple is trying infiltrate your life while you're driving.

CarPlay works with iPhone 5, iPhone 5S and iPhone 5C – there will be a software update released to allow the new in-car integration. It allows users make calls, access messages, listen to music or use Maps with Siri-based voice control, touch controls, or standard knobs, dials and buttons in the car.

There will also be support for third-part apps with music services Spotify, Beats Radio, Stitcher and iHeartRadio supported.

Apple has initially partnered with Ferrari, Mercedes-Benz and Volvo but a large number of other manufacturers will come on board soon including BMW, Ford, General Motors, Toyota and others. The first cars supporting CarPlay will be on the road later this year.

CarPlay isn’t the only game in town when it comes to in-car smartphone integration. MirrorLink is also popular and boasts that it is OS agnostic so it will work with Android, BlackBerry and Windows Phone devices as well as iOS.

CarPlay relies on the latest generation handsets from Apple as the in-car connection is via the Lightning cable. That will make it very difficult for anyone planning to attack data on your phone.

Essentially, the in-car system is just a display that makes applications and services from the iPhone accessible in a driver-friendly context. iOS takes over the display, enabling the use of features like Maps and Siri. You'll be able to check voicemails, make calls, and dictate responses to e-mails or text.

What does this mean for your personal and data security in the car? At this stage it doesn’t look like it will change the iOS risk profile substantially. Assuming that in-car applications – if Apple opens them to third party developer – are subject to the same controls and checking as those in the App Store then the likelihood of car-specific malware being widely distributed looks to be slim.

It's also important to note that CarPlay delivers functions that aren't critical to the performance or reliability of the car. There is no mention of CarPlay having access to data or controls for engine management systems so it's unlikely that an app could compromise vehicle safety.

But as these features filter down from luxury car marques into the mainstream we can expect regulators to become more interested in how they are used, their capacity to distract drivers and their impact on road safety.


You may also be interested in this article: Wearable Tech - Can your life be hacked?


Join the CSO newsletter!

Error: Please check your email address.

Tags CarPlayiosiPhoneFerrariStitcherMercedes-BenzApple carplayMirroLinkVolvoiPadAppleSpotifysecurityBeats Radio

More about AppleBlackBerryBMW Group AustraliaHolden- General MotorsSpotifyToyota Motor Corp AustVolvo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place