The $10,000 challenge to computer hackers to break into Tesla's Model S controls proved how easily someone can gain access to in-car computer systems.
The recent news that anyone can shut down an iPhone with a simple text is a reminder of how easy it is to get hacked. The fact that new vehicles are often described as rolling computers only stokes fears that your car may not be safe from someone sitting behind a computer screen thousands of miles away.
In a week where Hyundai and General Motors joyously announced they would be adding Android Auto and Apple’s CarPlay as options on some of their models, concerns about how those systems might enable hackers to gain access to vehicles have been raised.
Consumer Reports sent letters to its 6 million members sounding the alarm on about what it views as lax security measures on the part of automakers.
“Today’s cars use software and electronics to control everything from air conditioning to brakes, from seat belts to acceleration,” said Chris Meyer, vice president, Consumer Reports, in the letter. “Are those computers secure? Probably not secure enough, which is why we need your help right now to make sure your car safety is a priority.”
Systems like Apple's CarPlay provide a point of access for would be car hackers.
Meyer points out that the organization has been involved in testing where hackers were able to wrestle control of a vehicle away from a driver, pointing out hackers have been able to control the acceleration and braking of a vehicle. In one instance, a car was turned off during a test using a cell phone.
“While most experts agree that car hacking today isn’t easy, they also agree that the real question is not ‘if’ but ‘when,’” he continued.
(Chevy adding Apple CarPlay, Android Auto to new models. For more, Click Here.)
The letter was a call to arms to push for federal regulations on the security of the computers and electronics used in new vehicles. Automakers currently police themselves, and have a created a set of rules to follow.
Some lawmakers have been examining what’s going on with all of the technology automakers have put into vehicles that allow us to navigate the world while allowing passengers to surf the Internet using the car’s mobile wi-fi connection.
(Click Here for details about Hyundai adding Android Auto to Sonata.)
Sen. Edward Markey (D-Mass.) submitted a list of questions to 16 automakers about their technologies and how secure their specific vehicles are from intrusion. He determined the simple answer was not very. The key findings from these responses are:
- Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
- Most automobile manufacturers were un- aware of or unable to report on past hacking incidents.
- Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.
- Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technolo- gies that cannot be used for this purpose at all.
- Automobile manufacturers collect large amounts of data on driving history and vehicle performance.
- A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.
- Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.
- Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.
These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information, the report noted.
(To see more about the efforts of automakers to bolster in-car cyber security, Click Here.)
Markey’s finding not only noted that the lack of a consistent set of rules allows for plenty of opportunities for hacking, but also in terms of privacy. He called for the National Highway Traffic Safety Administration and the Federal Trade Commission to develop standards for security and privacy rather than allowing automakers to do so.
Based on NHTSA’s, the FTC and FCC’s track history in dealing with blatant violation of U.S. laws I would pray for divine intervention because the Feds are inept, clueless and apathetic in my many experiences with them.
Quite frankly if software programmers can not write bullet-proof unhackable software, they should NOT be allowed to write any automotive or other software that is mission or security critical.
The bad old days of cranking out a POS software or O/S product for fast profits should be dead and buried. It’s time everyone is held accountable for providing quality, secure, reliable code instead of the crap that has made CEOs of Microsucks and other companies billionaires via consumer fraud.
Not so sure about Consumer Reports or the Feds when it comes to accurate reporting. It should be obvious that there is a need for auto security and that any driver distractions are a bad thing, yet auto makers insist on adding these distractions because the braindead public demands them. I’d be willing to bet that 98% or more of the people who demand computers and other infotainment crap in their vehicle have a home computer that has been compromised.
A couple weeks ago a security researcher claims to have hacked airplane systems while it was in flight. Imagine what is going to happen if car’s can be electronically hacked so that a perp can take control of the vehicle or crash the computer systems. This is just part of what AV makers will need to address in addition to a failsafe system and appropriate limp mode.