US Senator's exclusive report "Tracking & Hacking" focused on Connected Cars security

Published: February 10, 2015 | Washington DC

“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyber-attacks or privacy invasions. We need to work with the industry and cyber-security experts to establish clear rules of the road to ensure the safety and privacy of 21^st-century American drivers.”

Edward J. Markey, the US Senator for Massachusetts

According to a new report published by US Senator Edward J. Markey called Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk reveals how sixteen major automobile manufacturers responded to questions from Senator Markey in 2014 about how vehicles may be vulnerable to hackers, and how driver information is collected and protected. 

Senator Markey posed his questions after studies showed how hackers can get into the controls of some popular vehicles, causing them to suddenly accelerate, turn, kill the brakes, activate the horn, control the headlights, and modify the speedometer and gas gauge readings. Additional concerns came from the rise of navigation and other features that record and send location or driving history information. Senator Markey wanted to know what automobile manufacturers are doing to address these issues and protect drivers.

The full report can be accessed HERE.

Some of the key inferences drawn by Ed are:- 

• Nearly 100 percent of vehicles on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
• Most automobile manufacturers were unaware of or unable to report on past hacking incidents.
• Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across the different manufacturers.
• Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most said they rely on technologies that cannot be used for this purpose at all.

Ed also reveals for key findings about privacy which are as follows:- 

• Automobile manufacturers collect large amounts of data on driving history and vehicle performance.
• A majority of automakers offer technologies that collect and wirelessly transmit driving history information to data centers, including third-party data centers, and most did not describe effective means to secure the information.
• Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.
• Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.

The findings are based on responses from BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen (with Audi), and Volvo. Letters were also sent to Aston Martin, Lamborghini, and Tesla, which did not respond. 

Please watch the exclusive coverage of the report by CBS…

                                        
Source: US Government