Add your car to the ever-growing list of devices that might be divulging your private information: according to a report from Sen. Ed Markey (D-Mass.), your vehicle is just waiting for hackers and snoopers to pounce.
Most modern cars contain some type of wireless technology. Pentagon-funded researchers have already been able to hack into these wireless systems from their laptops, taking over the brakes and honking the horn—and inspiring Markey to investigate further.
“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyber-attacks or privacy invasions,” Markey said in a statement accompanying the report. “Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected.”
Markey questioned 16 major car manufacturers, including Ford, GM, Honda, BMW, Subaru, and Toyota, on their privacy practices, and determined that they have “not addressed the real possibilities of hacker infiltration into vehicle systems.”
The report found that almost every vehicle on the market now includes some kind of wireless technology, putting drivers at risk of both hacking and privacy violations. Manufacturers’ security measures to prevent this rated “inconsistent and haphazard.”
No companies reported any instances of hacking, although one had seen attempts to program vehicle computers to add horsepower or torque with “performance chips.”
The report also discovered “widespread collection of driver and vehicle information, without privacy protections for how that information is shared and used.” 50 percent of the companies stored driving history in an off-board server, and 9 out of 11 companies used third-party companies to collect information. “In the case of on-board storage, no manufacturer described any security system to protect that data,” the report found, while most who were wirelessly sending information elsewhere gave “vague” answers about their security practices.
Markey’s report condemns manufacturers’ “clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle.”
Trade groups have proposed voluntary privacy principles in the past, but Markey wants regulation to tackle the problem. “We need to work with the industry and cyber-security experts to establish clear rules of the road to ensure the safety and privacy of 21st-century American drivers.”
