With over a billion personal data records compromised last year alone, 2014 has become known as “The Year of the Hack.”
This year, hackers hit the ground running with the largest hack attack thus far being suffered by Anthem — as many as 80 million customers having their accounts compromised.
A lot of media attention has been placed on the hacks into large corporations and financial institutions such as Home Depot, JPMorgan, eBay, Target, Sony, AliExpress… and the list goes on and on.
Now ponder this: You’re new car is a computer on wheels.
New cars come fully equipped with all sorts of wireless technology. Technology that has the potential of being hacked.
Aside from the possibility of a security breach, what’s perhaps even more alarming is that most auto manufacturers have no understanding of hacking vulnerabilities in cars. Many barely understand the concept of hacking and have no plans to deal with hacks.
U.S. Senator Ed Markey (D-Mass.) published a report last week titled: Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk.
To ensure that new technologies [in new vehicles] are not endangering or encroaching on the privacy of Americans on the road, Senator Markey sent letters to 16 major automobile manufacturers to learn how prevalent these technologies are, what is being done to secure them against hacking attacks, and how personal driving information is managed. Generally speaking, the questions related to security in cars with wireless technology.
The companies included in the report are BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen (with Audi), and Volvo. According to the report, of the 16 companies, only two had “any capabilities to diagnose or meaningfully respond to an infiltration.”
In case you’re wondering, Tesla, Aston Martin and Lamborghini did not participate in this study, despite receiving the same letter. However, a year ago, Tesla hired Kristin Pagnet, formerly “Hacker Princess” at Apple to help them find and secure any issues with the computer system. Tesla’s gone as far as holding a Hacking Contest, with a prize of $10,000 to anyone who could hack into their Model S.
New cars are fraught with the potential for a hack making it possible for someone to remotely take over a car’s engine, brakes and other parts of the car. Two weeks ago, BMW had to patch a security flaw that could have allowed hackers to open doors of more than two million vehicles. Image your car door(s) opening while you’re driving down the freeway!
“Today, all the devices that are on the Internet – the ‘Internet of Things’ – are fundamentally insecure. There is no real security going on.” — Dan Kaufman, Information Innovation Office
A few of the key findings in the responses from auto manufacturers:
- Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
- Most automobile manufacturers were unaware of or unable to report on past hacking incidents.
- Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all auto manufactures
- Only two auto manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all.
- Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.
Also mentioned in the report is the ability of cars to collect data on things such as your driving habits, or places you drive to; Work, school, local hangouts. About 1 in 5 new cars collect and transmit data about engine performance, safe or unsafe driving maneuvers, cellphone or entertainment system usage and your location.