United States Senator Edward J. Markey of Massachusetts recently issued a report on the security of car electronics. How secure are they? Not very.
Today’s cars contain more than 50 networked electronic control units that may collect data, some of which are collecting data we might not want collected and some or all of which are typically vulnerable to readily conceivable hacking attacks.
The report makes 8 “findings” based on replies Senator Markey received in response to written questions he posed to various auto manufacturers, paraphrased here:
- Almost all new cars rely on wireless technologies that might be vulnerable to hacking.
- Most automakers have no reliable information regarding hacking attacks on their cars’ electronics systems.
- Car electronics deploy weak security measures at best.
- Few cars have the ability to identify or address hacking attempts in real time.
- Manufacturers collect much data about driving history and vehicle performance.
- Most manufacturers offer technologies that transmit car data to datacenters, some of which are run by third parties. Transmission is often insecure.
- Manufacturers don’t clearly explain how they are using data and how long it will be kept.
- Customers are often kept in the dark about data collection, and even when they are told about it, they often can’t opt out of without disabling related functionality.
Based on these findings, Senator Markey concludes that the industry’s existing voluntary code of conduct does not effectively address the problem. Instead, NHTSA, in consultation with the FTC on privacy issues, needs to issue proposed regulations to address the data security and privacy of drivers.