Report: Automakers are leaving vehicles vulnerable to hackers


Nearly all new cars on the market include wireless technology that make drivers vulnerable to hacking or an invasion of privacy, new report says.


As we make our way down the road to a more connected future, automakers are continuing to embed a wide-range of wireless technologies into the cars of tomorrow. And sure, these smarter vehicles usher in a whole new era of improved safety, better performance and smartphone integration right into your dashboard; however, according to a new report released by Senator Edward Markey (D-Mass.), they may be failing to protect those features against the possibility that hackers could take control of vehicles or steal personal data.

Car Header

“The proliferation of these technologies raises concerns about the ability of hackers to gain access and control to the essential functions and features of those cars and for others to utilize information on drivers’ habits for commercial purposes without the drivers’ knowledge or consent,” Sen. Markey writes.

The senator’s office sent out a questionnaire to 20 automakers more than 14 months ago to compile the report, examining them on their cars’ and trucks’ security and privacy measures. Out of the batch, 16 responded. The results revealed that nearly all modern vehicles have some sort of wireless connection that could potentially be hacked to remotely access their critical systems. In fact, most automobile manufacturers were unaware of or unable to report on past hacking incidents. Only two of the companies were able to describe any capabilities in place to diagnose and thwart malicious hackers in real-time, while another pair confirmed they could also remotely slow down or stop a vehicle under the control of a cyber criminal.

Car Art 2

Companies’ efforts to safeguard connections are “inconsistent and haphazard” across the industry, the study says. And in addition to security weaknesses, Markey’s survey found that many carmakers aside from the mere threat of a hacker gaining control of a steering wheel or gas pedal, manufacturers are constantly gathering information about their drivers. What’s more, the politician pointed out that a majority collect and wirelessly transmit driving history to data centers, yet most do not describe effective means to secure the data itself.

“These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information,” the published document emphasizes.

At the same time, just about all new cars on the market today are equipped with at least some wireless entry points to computers, such as tire pressure monitoring systems, Bluetooth, keyless entry, remote start, navigation, Wi-Fi, cellular/telematics, radio, and anti-theft systems.

“Auto engineers incorporate security solutions into vehicles from the very first stages of design and production—and security testing never stops,” Sen. Markey explains. “The industry is in the early stages of establishing a voluntary automobile industry sector information sharing and analysis center—or other comparable program—for collecting and sharing information about existing or potential cyber-related threats.  But even as we explore ways to advance this type of industrywide effort, our members already are each taking on their own aggressive efforts to ensure that we are advancing safety.”

Car Art

The findings were released after a recent 60 Minutes segment detailing how DARPA was able to hack General Motors’ OnStar system to remote control a Chevrolet Impala, including its brake and acceleration systems. The study follows in the footsteps of other publications as well, which showcase various ways that attackers have exploited luxury cars’ in-vehicle systems and used that flaw to send a command to its electronic control unit. (For those wondering as to what exactly hackers can do to your vehicle, head over to this piece from ABC News.)

“We now need a rating system for security, for safety, for that vehicle from it being hacked by an outsider that could cause an accident, cause real danger to a family,” Sen. Markey concluded.

With up to a hundred million lines of code, at least 30 MCU-controlled devices — and some with as many as 100 — the vehicle is the ideal application to bring smart, connected devices in the era of the Internet of Things. It’s clearer than ever before that automotive technology is quickly becoming an integral part of the digital lifestyle as consumers want to bring their mobile devices seamlessly into their mobiles; however, it’s never been more paramount to ensure that hardware-based security solutions are in place to keep drivers protected behind the wheel and cars safeguarded under the hood.

Interested in reading more? You can find the entire report here.

4 thoughts on “Report: Automakers are leaving vehicles vulnerable to hackers

    1. breakingembedded

      So some of us have been writing about this for years (it is in my book on embedded). There are ISO and IEEE standards that are largely overlooked. The reality is now hitting home. Team need to think security and privacy from beginning to end. However now, time to market drives products until consumers and maybe the regulators demand more.

      Like

      Reply
      1. Brian Dead Rift Webb

        I am hoping that it will be the consumers that drive this. If it becomes the regulators and legislators, then we will see more hammer hitting a screw to drive it in place mentality. But I fear that a good car commercial, and the lust of consumerism, will blind the people. (Yes, a pro-free market person just said that. 🙂 )

        Like

  1. vinsnoop

    Nonetheless, only vehicles guaranteed by companies who participate
    in the totally free VIN check program at the time of theft will certainly be provided
    right here.

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s