WASHINGTON -- Connectivity technologies have made automobiles vulnerable to hackers who could gain control of vehicle functions or compromise the security of vehicle data, according to a report released today by a leading congressional voice on auto safety.
Vehicle systems such as navigation, Bluetooth connectivity, Wi-Fi hotspots, telematics systems such as General Motors’ OnStar, tire pressure monitoring systems or even a CD loaded with malicious code are avenues that can be exploited to disrupt vehicle functions and data, said the report from U.S. Sen. Edward Markey, D-Mass.
The report was based on the responses to questions Markey’s office sent in December 2013 to 20 auto manufacturers about how they approach data security and privacy. The responses, Markey’s report said, showed that security measures to prevent hacking of vehicle systems and how automakers store data collected from onboard vehicle systems varied widely from company to company.
The report called for federal agencies to establish security standards, saying the industry’s disparate approaches have been “for the most part … insufficient to ensure security and privacy for vehicle consumers.”
Since Markey’s inquiry began, automakers have in fact taken steps to develop a more cohesive approach to some of the issues highlighted in the report. Last November, the industry’s two main trade associations -- the Alliance of Automobile Manufacturers and Global Automakers -- issued a set of privacy principles intended to prevent the misuse of vehicle data and agreed to seek a consistent approach to security and data privacy.
BMW, Fiat Chrysler, Ford, General Motors, Hyundai-Kia, Mazda, Mercedes-Benz, Toyota, Volvo and Volkswagen Group agreed to adopt the principles when they were released.
“Automakers recognize that as modern cars not only share the road but will in the not too distant future communicate with one another, vigilance over the security of vehicle and privacy of our customers is imperative,” Global Automakers said in a statement.
Markey’s report praised the principles as an important first step, saying they sent “a meaningful message” about the industry’s commitment to data security and privacy concerns. But the report also noted that the implementation of data use, security and accountability measures outlined in the industry’s privacy guidelines were left to the discretion of each automaker.
Markey’s report called for the National Highway Traffic Safety Administration and the Federal Trade Commission to develop new rules requiring security measures to prevent connected vehicles from being hacked; explicit disclosure to customers about what data are being collected and how they are being used; and a provision that allows customers to opt out of data collection programs.
“As vehicles continue to become more integrated with wireless technology, there are more avenues through which a hacker could introduce malicious code, and more avenues through which a driver’s basic right to privacy could be compromised,” Markey’s report said. “These threats demonstrate the need for robust vehicle security policies to ensure the safety and privacy of our nation’s drivers.”
Meanwhile, industry trade groups say that automakers are working individually and collectively on key security issues.
“The industry is in the early stages of establishing a voluntary automobile industry sector information sharing and analysis center -- or other comparable program -- for collecting and sharing information about existing or potential cyber-related threats,” the Auto Alliance said in a statement. “But even as we explore ways to advance this type of industrywide effort, our members already are each taking on their own aggressive efforts to ensure that we are advancing safety.”