With the increase in the amount of technology provided in cars, it’s been noted that most car manufactures are in fact unprepared for the rise in security breaches to cars.
Most car manufactures incorporate the latest technology in their cars to maximise the users comfort and traveling style. However they don’t fully understand the types and amount of security breaches to cars that can be associated with such technology. This is according to a report generated from the office of U.S Senator Ed Markey titled ‘Tracking and Hacking: Security & Privacy Gaps Put American Drivers at Risk’.
Within this report, it details how Markey’s office sent letters to 16 major car makers: BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar, Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen (with Audi), and Volvo. In the letters, they asked questions relating to the technology and the potential for security breaches to cars. The report showed that most of the car manufactures contacted had a ‘clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information.
By analysing the car manufacturer response, eight facts about the data of its users were highlighted:
- Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
- Most automobile manufacturers were unaware of or unable to report on past hacking incidents.
- Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.
- Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all.
- Automobile manufacturers collect large amounts of data on driving history and vehicle performance.
- A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centres, including third-party data centres, and most do not describe effective means to secure the data.
- Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.
- Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.
The reports finding show a clear lack of understanding on the manufacturers part of the potential for security breaches to cars despite only last week, BMW releasing an urgent patch to a security flaw could enable hackers to open their user’s car doors.
It’s unclear how car manufactures will counteract these issues, however for the security of the drivers, the report ‘only specified manufacturers as a group and did not single out individual security practices’.