Hackers Threaten Vehicle Security, Report Says | Edmunds

Hackers Threaten Vehicle Security, Report Says

WASHINGTON — Wireless technologies such as Bluetooth and Internet access are leaving millions of cars and trucks vulnerable to cyber-attacks by hackers, according to a new report by Senator Edward J. Markey.

The title of the report alone — "Tracking & Hacking: Security & Privacy Gaps Put American Drivers At Risk" — should cause concern among the buying public.

The report's "findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information."

Nearly 100 percent of vehicles on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions, according to the report, which was released on Monday.

The concern is that hackers can take control of vehicles, causing them to suddenly accelerate, turn, kill the brakes, activate the horn, control the headlights and modify the speedometer and gas gauge readings.

Additional concerns come from the popularity of navigation and other features that can record and send location or driving history information.

The report comes just days after German motorist association ADAC said it had found a security flaw that could have allowed 2.2 million BMW, Mini and Rolls-Royce vehicles worldwide to be remotely unlocked by hackers through BMW's ConnectedDrive.

A BMW of North America spokesman told Edmunds that an update was completed in January that now prevents such an intrusion.

The Markey report compiled responses from 16 automakers that responded to questions about how vehicles may be vulnerable to hackers and how driver information is collected and protected.

Aston Martin, Lamborghini and Tesla Motors did not respond to the Markey query.

"Some manufacturers (notably Hyundai and Toyota) provided detailed, question-by-question responses, while others (notably Mercedes-Benz and Porsche) wrote generic statements on their commitments to security and privacy that were non-responsive to the questions that were posed," the report said.

It added: "Individual automaker responses will not be publicly released due to the proprietary and security-sensitive nature of some of the responses."

The report highlights several security and privacy concerns. They include:

? Security measures to prevent remote access to vehicle electronics are "inconsistent and haphazard across the different manufacturers."

? Most automobile manufacturers "were unaware of or unable to report on past hacking incidents."

? Only two automobile manufacturers were able to describe "any capabilities to diagnose or meaningfully respond to an infiltration in real time, and most said they rely on technologies that cannot be used for this purpose at all."

The reported noted that features like navigation are "quietly recording and sending out our personal and driving history."

The information is sent to places including third-party data centers. The concern is that customers are not explicitly made aware of data collection and they cannot "opt out" without disabling valuable features, such as navigation.

In a recent report, the National Highway Traffic Safety Administration noted automotive "cybersecurity work is beginning in the U.S. marketplace."

It added that the Society of Automotive Engineers International has created the Vehicle Electrical System Security Committee that is "gaining insight into the state of the industry with respect to cybersecurity."

Edmunds says: Consumers are paying a hefty price for connectivity. It's clear that more work needs to be done to protect the safety and privacy of American drivers.

Leave a Comment