While most experts are quick to point out that no one has hacked a car in the wild, a new report overseen by US Senator Edward Markey (D-Mass.) there is a “clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information.”
+More on Network World: What advanced tech will dominate your car by 2025? IBM knows+
The report, talked about in a segment on last night’s CBS News' "60 Minutes" detailed how easily cars can be hacked and how many automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not have ways to secure such data.
The “Tracking and Hacking” report also noted that in January BMW had to fix a security flaw that could have allowed up to 2.2 million vehicles with the auto-maker’s ConnectedDrive to have their doors remotely opened by hackers.
“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyber-attacks or privacy invasions. Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected,” said Senator Markey, a member of the Commerce, Science and Transportation Committee in a statement. Markey’s goal is to set data, security and privacy standards for cars and car owners through the National Highway Traffic Safety Administration and Federal Trade Commission and others.
+More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+
Markey said such standards should among other things, certify that vehicles with wireless access points and data-collecting features are protected against hacking events and security breaches; such security systems should be validated using penetration testing and measures should be available to respond real-time hacking events.
Markey’s study detailed a number of disturbing trends including:
- Nearly 100% of vehicles on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
- Most automobile manufacturers were unaware of or unable to report on past hacking incidents.
- Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across the different manufacturers.
- Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most said they rely on technologies that cannot be used for this purpose at all.
- Automobile manufacturers collect large amounts of data on driving history and vehicle performance.
- A majority of automakers offer technologies that collect and wirelessly transmit driving history information to data centers, including third-party data centers, and most did not describe effective means to secure the information.
- Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.
- Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.
Check out these other hot stories: