Report: wireless technologies leave vehicles exposed to hackers

New standards are needed to plug security and privacy gaps in cars and trucks, according to a report by US Senator Edward J. Markey. The report, Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk and first reported on by CBS News’ 60 Minutes, reveals how sixteen major automobile manufacturers responded to questions from Markey in 2014 about how vehicles may be vulnerable to hackers, and how driver information is collected and protected. The responses from the automobile manufacturer
February 11, 2015 Read time: 4 mins
RSS

New standards are needed to plug security and privacy gaps in cars and trucks, according to a report by US Senator Edward J. Markey. The report, Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk and first reported on by CBS News’ 60 Minutes, reveals how sixteen major automobile manufacturers responded to questions from Markey in 2014 about how vehicles may be vulnerable to hackers, and how driver information is collected and protected.

The responses from the automobile manufacturers show a vehicle fleet that has fully adopted wireless technologies like 1835 Bluetooth and even wireless internet access, but has not addressed the real possibilities of hacker infiltration into vehicle systems. The report also details the widespread collection of driver and vehicle information, without privacy protections for how that information is shared and used.

The first part of the report addresses security, or how modern technologies open doors to hackers. When Markey asked the automakers about the different technologies and the ways they safeguard the technologies from infiltration, he found four trends:

Nearly 100 per cent of vehicles on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions; Most automobile manufacturers were unaware of or unable to report on past hacking incidents; Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across the different manufacturers; Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most said they rely on technologies that cannot be used for this purpose at all.

The second part of the report deals with privacy. Features like navigation are quietly recording and sending out our personal and driving history. The Markey report reveals four key findings on privacy: Automobile manufacturers collect large amounts of data on driving history and vehicle performance; A majority of automakers offer technologies that collect and wirelessly transmit driving history information to data centres, including third-party data centres, and most did not describe effective means to secure the information; Manufacturers use personal vehicle data in various ways, often vaguely to ‘improve the customer experience’ and usually involving third parties and retention policies – how long they store information about drivers – vary considerably among manufacturers; Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.

“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyber-attacks or privacy invasions. Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected,” said Senator Markey, a member of the Commerce, Science and Transportation Committee. “We need to work with the industry and cyber-security experts to establish clear rules of the road to ensure the safety and privacy of 21st-century American drivers.”

Markey posed his questions after studies showed how hackers can get into the controls of some popular vehicles, causing them to suddenly accelerate, turn, kill the brakes, activate the horn, control the headlights and modify the speedometer and gas gauge readings. Additional concerns came from the rise of navigation and other features that record and send location or driving history information. He wanted to know what automobile manufacturers are doing to address these issues and protect drivers.

In November 2014, the automobile manufacturers agreed to a voluntary set of privacy principles in an attempt to address some of these privacy concerns. In a statement, Senator Markey stated that the principles are an important first step, but they fall short in a number of key areas by not offering explicit assurances of choice and transparency.

The findings are based on responses from 1731 BMW, 1958 Chrysler, 278 Ford, 948 General Motors, 1683 Honda, 1684 Hyundai, 3883 Jaguar 7999 Land Rover, 1844 Mazda, 1685 Mercedes-Benz, 4962 Mitsubishi, 838 Nissan, 1656 Porsche, 7994 Subaru, 1686 Toyota, 994 Volkswagen (with 2125 Audi), and 609 Volvo. Letters were also sent to 7996 Aston Martin, 7997 Lamborghini, and 597 Tesla Motors, which did not respond.

Networking & Communication Systems

For more information on companies in this article

Related Content

  • Professional training key to the future of ITS
    May 21, 2012
    A substantial portfolio of resources is available and expanding, to help employers and professionals build essential skills for current and future needs – the ITS Professional Capacity Building Program. Pete Goldin reports. The US Department of Transportation (USDOT) views ITS as key to the future of transportation, as is evident from the department’s ITS Professional Capacity Building (PCB) program. This is a further manifestation of USDOT’s commitment to ITS. The PCB program provides anyone in the transpo
    Read More
  • Greenowl brings bespoke traveller information one step closer
    June 4, 2015
    Greenowl’s voice-only congestion warning smartphone app alerts drivers to problems ahead and could be the way ahead for traffic information. If there is one point Matt Man, CEO of Canadian company Greenowl, wants to make clear from the start, it is that his company’s app is not a navigation system. He says: “Our system does not direct drivers to their destination because we mainly focus on commuters who know how to get to where they are going and only need information about any delays and incidents ahead of
    Read More
  • Next Generation 911, updating the US 911 emergency system
    February 1, 2012
    Continuing developments in telecommunications and public expectation have left the US's legacy, analogue 911 emergency call system trailing. Linda D. Dodge, Public Safety Program Manager for the ITS programme in USDOT's Research and Innovative Technology Administration, the sponsor of the Next Generation 911 initiative, writes about efforts towards updating
    Read More
  • Cost Benefit: Utah traffic light scheme pays dividends
    March 15, 2019
    A traffic signal control scheme in Utah is being taken up by other US authorities. David Crawford finds out how the Beehive State is leading the way in DoT and driver savings Growing numbers of US state departments of transportation (DoTs) and their road users are gaining real financial benefits from an advanced approach to traffic signal monitoring recently developed in Utah. Central to the system is its use of automated traffic signal performance measures (ATSPM) technology, brought in to improve th
    Read More

Highlighted Content