Wireless cyber security in your car stinks

Report overseen by US Senator Edward Markey (D-Mass.) finds car cyber security lacking


While most experts are quick to point out that no one has hacked a car in the wild, a new report overseen by US Senator Edward Markey (D-Mass.) there is a “clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information.”

+More on Network World: What advanced tech will dominate your car by 2025? IBM knows+

The report, talked about in a segment on last night’s CBS News' "60 Minutes" detailed how easily cars can be hacked and how many automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not have ways to secure such data.

The “Tracking and Hacking” report also noted that in January BMW had to fix a security flaw that could have allowed up to 2.2 million vehicles with the auto-maker’s ConnectedDrive to have their doors remotely opened by hackers.

“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyber-attacks or privacy invasions. Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected,” said Senator Markey, a member of the Commerce, Science and Transportation Committee in a statement. Markey’s goal is to set data, security and privacy standards for cars and car owners through the National Highway Traffic Safety Administration and Federal Trade Commission and others.

 +More on Network World: +

Markey said such standards should among other things, certify that vehicles with wireless access points and data-collecting features are protected against hacking events and security breaches; such security systems should be validated using penetration testing and measures should be available to respond real-time hacking events.

Markey’s study detailed a number of disturbing trends including:

  • Nearly 100% of vehicles on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
  • Most automobile manufacturers were unaware of or unable to report on past hacking incidents.
  • Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across the different manufacturers.
  • Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most said they rely on technologies that cannot be used for this purpose at all.
  • Automobile manufacturers collect large amounts of data on driving history and vehicle performance.
  • A majority of automakers offer technologies that collect and wirelessly transmit driving history information to data centers, including third-party data centers, and most did not describe effective means to secure the information.
  • Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.
  • Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.

Check out these other hot stories:

DARPA moves closer to inexpensive jet-launched satellite system

More railguns and lasers, less gunpowder -- the Navy’s future high-tech weaponry

NASA wants Mars, Jupiter as it begins 2016 budget journey

Robots watch “You Tube” videos, learn to use cooking tools

IBM to offer research tech that protects user privacy, security

Copyright © 2015 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022