Carmakers are cramming cars full of wireless technology, but failing to protect those features against the possibility that hackers could take control of vehicles or steal personal data.
It comes after US Senator Edward Markey asked carmakers a series of questions about the technologies and any safe guards against hackers built into their vehicles.
Markey posed his questions after researchers showed how hackers can get into the controls of some popular cars and SUVs, causing them to suddenly accelerate, turn, sound the horn, switch headlights off or on, and modify speedometer and gas-gauge readings. He also asked about how the information that vehicle computers gather and often transmit wirelessly is protected. The responses from 16 manufacturers "reveal there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information", a report by Markey's staff concludes.
Today's cars and light trucks typically contain more than 50 electronic control units – effectively small computers – that are part of a network in the car. At the same time, nearly all new cars on the market today include at least some wireless entry points to these computers, such as tyre pressure monitoring systems, Bluetooth, internet access, keyless entry, remote start, navigation systems, Wi-Fi, anti-theft systems, and cellular-telematics.
Only three carmakers said they still have some models without wireless entry, but those models are a small and declining share of their fleets. "Drivers have come to rely on these new technologies, but unfortunately, the automakers haven't done their part to protect us from cyber attacks or privacy invasions," Markey said in a statement.
Among the report's findings was that most manufacturers said they were unaware of or unable to report on past hacking incidents; each manufacturer is handling the introduction of new technology in very different ways, and for the most part these actions are insufficient to ensure security; and only one manufacturer appeared able to detect a hacking attempt while it was happening, and only two described credible means of responding to such intrusions in real time.
Manufacturers are also using personal vehicle data in various and often vague ways to "improve the customer experience". Half the manufacturers said they wirelessly transfer information on driving history from vehicles to another location, often using third-party companies, and most don't describe "an effective means to secure the data," the report said. Earlier we reported that millions of cars are at risk of being hacked by criminal gangs or terrorists who could steal information, extort money from drivers or even cause vehicles to crash.