Imagine driving down the highway with traffic stopped ahead only to notice your brakes have been disabled by a hacker.
That may sound a bit unbelievable, but Sen. Ed Markey, D-Mass., fears that drivers are vulnerable to the same privacy and hacking threats now present in other sectors.
Markey released a report Monday based on responses to letters he wrote to 16 major automobile manufacturers on their use of digital tools in vehicles and the measures they’ve taken to secure the technologies and any data generated. The results have Markey concerned.
“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyber-attacks or privacy invasions. Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected,” Markey, a member of the Commerce, Science and Transportation Committee, said in a statement. “We need to work with the industry and cyber-security experts to establish clear rules of the road to ensure the safety and privacy of 21st-century American drivers.”
Markey’s team found that most cars on the market these days feature wireless technologies that are potential targets for hackers, and most manufacturers know little and are doing little about it.
“These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information,” the report says.
In a 2013 Defense Advanced Research Projects Agency-funded study, two researchers showed it was possible to control a car’s engine, brakes, steering and other controls with a laptop. Though the testing was done with a direct connection, prior research showed that “one could remotely and wirelessly access a vehicle’s CAN bus through Bluetooth connections, OnStar systems, malware in a synced Android smartphone, or a malicious file on a CD in the stereo,” according to the report.
While some manufacturers associated with two major automaker coalitions have agreed to a set of voluntary privacy principles, Markey calls upon the National Highway Travel Safety Administration and the Federal Trade Commission to release standards on protecting the data, security and privacy of drivers.
Markey hopes any standards will do the following:
- Ensure that vehicles with wireless access points and data-collecting features are protected against hacking events and security breaches.
- Validate security systems using penetration testing.
- Include measures to respond real-time to hacking events.
- Require that drivers are made explicitly aware of data collection, transmission and use.
- Ensure that drivers are given the option to opt out of data collection and transfer of driver information to off-board storage.
- Require removal of personally identifiable information prior to transmission, when possible and upon consumer request.
Read more of Markey’s findings in the full report.