Publications
Partners
WASHINGTON - Virtually all "connected cars" are vulnerable to hackers who could steal data or gain control of the vehicle, according to a report released by a US senator today. (Feb 9 2015).
The report prepared by the staff of the senator, Ed Markey, said the wireless connectivity and Internet access available on the vehicles opened security gaps that could be exploited forr malicious purposes.
The study found these security weaknesses in "nearly 100% of cars on the market" and noted that most automobile manufacturers were unaware of or unable to report on past hacking incidents.
16 AUTOMAKERS POLLED
The report obtained responses from 16 major global manufacturers: BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen and Volvo.
Letters were sent to Aston Martin, Lamborghini and Tesla, none of which responded.
The senator's staff, which collected data from 16 major automakers, cited earlier studies on some vehicles which showed how hackers could get into the controls of some popular vehicles, causing them to suddenly accelerate, turn, de-activate brakes, blow the horn, control headlights and modify the speedometer and fuel-gauge readings.
It also noted that many "connected cars" collected data on driving that could be kept in violation of privacy laws.
It said the "alarmingly inconsistent and incomplete state of industry security and privacy practices" raised questions about the need for new US rules from the National Highway Traffic Safety Administration or other federal agencies.
'LITTLE ACTION BY AUTOMAKERS'
Markey said in a statement: "Drivers have come to rely on these new technologies but unfortunately the automakers haven't done their part to protect us from cyber attacks or privacy invasions. Even as we are more connected than ever in our cars and trucks our technology systems and data security remain largely unprotected."
The report said the manufacturers appeared to take little or no action following vulnerabililty disclosures from researchers in 2013 and 2014 and pointed out that a hacker could gain access to a car via Bluetooth, the OnStar system for remote assistance, malware in an Android smartphone paired with the vehicle, or even an infected CD in the car's audio system.
"These findings," the report said, "reveal a clear lack of appropriate security to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use a driver's personal information," the report.
The study noted that the two major coalitions of automobile manufacturers recently issued a voluntary set of privacy principles by which their members have agreed to abide but said it was not clear how these principles would be interpreted.
