Car hacking defenses near nonexistent, Senator’s report says

Ford Sync 3
Cars are starting to look more like oversized smartphones everyday. They’ve got touch screens, sensors, and an array of circuits and wiring buried beneath the sheetmetal.

That’s led to concerns about the danger of car hacking, and a new report says carmakers aren’t prepared.

Almost all new cars include potential entry points for hackers, but carmakers are largely unaware of how these systems could be exploited or how to protect them, the report, released Monday by U.S. Senator Ed Markey (D-MA) said.

The Senator’s office surveyed 16 manufacturers, and found that only two could describe how they would deal with a real-time infiltration of a vehicle.

Overall, the report found security measures to be “inconsistent and haphazard,” and some officials surveyed didn’t even seem to understand questions posed by Markey and his staff.

Cyber-security experts have expressed concerns over the vulnerability of cars before, even demonstrating car hacks in controlled conditions. However, this is the first time a public official has spoken out on the issue.

Yet while car hacking may be the more dramatic threat, the potential breach of privacy allowed by current in-car tech could be more serious in everyday life.

The report also found that carmakers are collecting large amounts of customer data, frequently without those customers being explicitly aware of the collection or how the information will be used.

At least nine carmakers use third-party services to collect and store data, which is viewed as an increased security risk.

That data can include the physical location of the car, where it was last parked, distances and times traveled, and previous destinations logged into navigation systems.

Carmakers have already acknowledged that they are collecting and using this data. General Motors has discussed how it could be used to tweak vehicle designs, while Cisco has said customers are already willing to trade some privacy for certain perks.

In November, two industry trade groups – the Alliance of Automobile Manufacturers and the Association of Global Automakers – tried to address privacy concerns by drafting voluntary guidelines, calling for data collection only for “legitimate business purposes.”

However, Sen. Markey’s report claims these guidelines give carmakers too much leeway, and wants to see Federal regulations put in place that allow drivers to opt out of data collection.

Even if car hacking never materializes as a real-world threat, the thought of companies essentially tracking one’s every move isn’t too comforting.

If connected cars really are the future, then rules will have to created to protect the people that drive them.

Editors' Recommendations