VW and the fickle finger of fate

Volkswagen’s weird lightweight diesel sports concept, EcoRacer, has collected together a few currently promising technologies in its cockpit, not the least of which is the use of fingerprint biometrics to unlock the “sports” driving profile.

As VW says, “If, for instance, your 18-year-old son or daughter with little driving experience wants to drive the EcoRacer, it is possible to activate a mode in which the sports car does not develop its full power, the top speed is electronically reduced, and ESP is always active.”

This sounds wise enough, but in fact biometrics are not really reliable enough for a safety-related control system. As one recent article highlights, many fingerprint readers can be fooled with relatively crude replica fingers made out of readily available materials such as Play-Doh.

As any computer security expert will happily confirm, all access control systems rely on one or more of only three different kinds of security measures, called factors: something you have (like a key); something you know (like a PIN or a password); and something specific to you as a person (a biometric measure like a fingerprint).

Security systems that use only one factor – a key, for example – are generally considered weak, since an attacker has to breach only one defence. Combining two factors is better - it may be easy to steal a key, but may be much harder to steal a key and then to guess a password. This is why the UK has recently moved to chip and PIN to cut down credit card fraud.

Relying on a single-factor biometric control is not too clever, given the current state of the art in peering at fingertips. Fortunately the EcoRacer is not a production vehicle, nor is it likely to become one with all its bells and whistles intact. Which is a good thing for those with 18-year-old offspring to protect.

BMW gets some things right

When it's not building neck-numbingly bad seats, or eye-wateringly ugly executive saloons, BMW is actually quite a clever company.

It's got next-generation telematics right. The best way to improve safety is to share up-to-the-second data about road conditions with the cars that are actually on the road. And the best way to do this without needing to violate the laws of physics is to adopt a peer-to-peer system, in which cars communicate directly with their neighbours, rather than going via a central control point.

Of course it helps to have a central co-ordinating point as well – partly to collate data and to send it to vehicles that are out of sight of other cars, but also to check whether the data from any particular car is trustworthy. This is how BMW's XFCD (Extended Floating Car Data) system seems to work:

A vehicle with XFCD which is stuck in a traffic jam and has been given the information over the radio can register that the information is correct, so it is not reported to the traffic centre again.”

Taking disk drives for a spin?

Slightly yawn-inducing industry site Telematics Update has a neat little potted story about whether cars should contain hard disks or use solid-state Flash components to store the increasing amounts of user data that they are likely to handle in the future – mostly in-car-entertainment related but also for telematics and control applications.

The report centres on the fact that Samsung thinks Flash is best, whereas Seagate thinks hard disks [PDF] are preferable. Which is a bit like letting Mazda and BMW hold forth on what car is best for wind-in-the-hair motoring.

Both Flash and hard drives have their ups and downs. Flash can only be rewritten a certain number of times before it degrades – so is not well suited to a 20-year duty cycle of overwriting (assuming auto makers still build for lifecycles that long). Hard drives are less shock resistant, and may have trouble coping in collisions – when you might actually want them to store black-box data, say.

What car makers ought to do more, of course, is provide slots – plural - capable of accepting the media of the day, allowing the car’s capacity to be expanded as demands increase. Offering USB 2.0 and SecureDigital slots would seem like a good starting point for the current generation of vehicles.

Handing thieves money on a plate

IT crime expert Neil Barrett once predicted a coming wave of car crime that has thankfully not yet materialised. In his 1997 book Digital Crime, he noted that criminals tend to pick the easiest crime with the greatest reward, and that new technologies will inevitably trigger new crimes. He used the example of catalytic converters: they contain precious metals, are essential to pass the MoT test, and cost an arm and a leg. So, he reasoned, they are likely to become the subject of a future wave of theft.

Thankfully that prediction hasn’t yet come to pass, but the same mindset has led to the latest problem: number plate theft, as highlighted on yesterday’s edition of the Fifth Gear TV programme.

Computer systems that rely on number plate recognition (NPR) are the problem. At present, London’s congestion charge is based on NPR. Speed cameras, traffic-light and bus lane cameras also use NPR. And even the old-fashioned eyeballs of traffic wardens will fall on the trusty number plate when it comes to handing out tickets.

Clearly if a criminal wants to drive wherever he pleases without worrying about any of the above, it helps to have a set of number plates lifted from someone else’s car of the same age, model and colour. All the fines will then, of course, be someone else’s problem.

It’s a trivially easy crime, with very substantial rewards, and a very low likelihood of being caught – particularly if the criminal can be bothered to pinch a fresh set of number plates every other week.

The only way to fight it is for victims to promptly report the loss of plates to the police - and for everyone else to fit their plates using tamper-proof screws, just as locking bolts are used to protect alloy wheels.