A new report issued by Senator Edward Markey (D-MA) charges that the electronic data sinews of new vehicles may be vulnerable to cyberattacks, especially due to rapid increase in wireless connections to those systems.
"Drivers have come to rely on these new technologies, but unfortunately the automakers haven't done their part to protect us from cyberattacks or privacy invasions," Markey said in a statement. “As vehicles are equipped with 21st century wireless technology, we need auto companies to make security and privacy as standard as seatbelts and stereos for drivers and their vehicles.”
The senator’s report is based on responses to a letter his office sent to 20 major automobile manufacturers in December 2013, requesting information about how those OEMs – which included General Motors, Ford, newly-renamed Fiat Chrysler Automobiles – secure the more than 50 electronic control units residing in today’s cars and light trucks; units that provide Internet access, keyless entry, remote start capability, telematics connectivity, etc.
According to the Associated Press, Markey’s report said that – according to the security experts his office consulted – hackers can get around most security protections cited by manufacturers.
The report also noted that half the manufacturers said they wirelessly transfer information on driving history from vehicles to another location, often using third-party companies, and most don't describe "an effective means to secure the data."
Steve Tupper, who leads the Dykema law firm’s privacy, Security and E-commerce practice, emphasized that “data security architecture” is a huge and growing issue in the vehicle world, particularly regarding safety and privacy issues.
“Up until now, telematics was new enough, valued enough and ‘cute enough’ in the eyes of consumers and fleets that you could get away with systems that maybe were not fully secured,” he explained to Fleet Owner. “Those days are over.”
Tupper stressed in particular that as technology continues to improve vehicle safety, manufacturers must find ways to keep those systems secure.
“Vehicle-to-vehicle and vehicle-to-infrastructure technology can potentially reduce collisions significantly; it will save lives, no doubt about it,” he emphasized. For example, such systems will allow vehicles to “talk” to each other and warn drivers when there’s an icy patch ahead or another car stopped just around the curve.
But that also poses a data-security risk — one that is “more immediate and visceral” than privacy invasion, Dykema said in a recent white paper.
However, the “nightmare scenario” feared most by vehicle makers is that hackers could “take over a vehicle” via the “connected technology” built into cars, light trucks and commercial vehicles today, Tupper said.
“That’s why such systems going forward will have to be bulletproof,” he stressed. “The more connections we make to vehicles, the more secure and safe those connections will need to be.”
Dykema also noted in its white paper that the National Highway Traffic Safety Administration (NHTSA) is working on a set of rules to make connected vehicle technology as secure as possible – establishing legal standards dictating who is responsible for what in an accident may be challenged when a crash is caused by the way a car reacts to a communication from another vehicle, or from the road.
Tupper added that enhancing cyber security for vehicles will also be critical to the future development of autonomous cars and trucks alike.
“We’ve got to insure the integrity of the data highway for consumers and fleets alike,” he noted.