Last week, we reported on news of remote hacking of BMW cars that opened car doors and windows. That episode was followed by a CBS News 60 Minutes report on DARPA and concerns about Internet of Things last Sunday, which included a renegade, runaway car that had been hacked remotely causing it to crash.
In the CBS demonstration, the victims were only some orange traffic cones. But the implications were real: two tons of moving steel out of the driver’s control.
Granted this may be the worst-case scenario but there are also implications for hijacking your data that give us cause for concern.
In that vein, a new report was issued last week (Feb. 9) in the U.S. on broader security and privacy vulnerabilities in smart vehicles. The report by Senator Ed Markey (D-Mass.) called “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” identified risks and proposes new safety standards for smart vehicles.
Senator Markey is a member of the Commerce, Science and Transportation Committee. His study is based on how 16 major automobile manufacturers responded to questions about how vehicles may be vulnerable to hackers, and how driver information is collected and protected.
Here are just a few excerpts of its data points:
- All new cars on the market today include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
- Few manufacturers are able to report past hacking episodes or could describe any current effective capabilities to diagnose or respond to hacks.
- A majority of automakers collect and use data on performance and driving history in their efforts to improve customer experience, and often share it with third parties.
The full report is available here.
In a statement about the report, Markey summarized: “Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyber-attacks or privacy invasions. Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected. We need to work with the industry and cyber-security experts to establish clear rules of the road to ensure the safety and privacy of 21st-century American drivers.”
The Markey report illustrates the data and cybersecurity implications for privacy and security in connected cars that we in the industry have been talking about for more than the past year. I’ve written about smart car security and privacy issues and have spoken about the subject at many venues, including last year’s Connected Car Conference.
Our cars are becoming another of our digitally connected devices. But as our cars evolve, essentially into computers on wheels, they are vulnerable to the very same threats and attacks as home computers, laptops and smartphones.
I applaud Markey’s report. As frightening as it may be, it is a call to action for all of us in the auto, tech and security industries.