US politician recently asked major car companies for information about how they protect drivers' security and privacy in cars with wireless internet technology. The answers were not good.
Senator Ed Markey's report found that anti-hacker measures in nearly every single one of these cars were "inconsistent and haphazard". That's putting it lightly.
Long story short, it's obvious that carmakers aren't taking security and privacy seriously in these newly internet-connected vehicles. The report found "a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle".
We knew that this might be a problem, but news that it's so widespread is a huge concern. While over in the US, GE rolled out its OnStar 4G LTE wireless system to millions of cars last autumn, similar features have been available on other brands like Audi and Chrysler for a while. Wireless features are even more common on high-end models.
The reported added that hackers could fairly easily "collect and use personal driver information". The specifics are worse. At least nine of the 16 carmakers that replied to Markey's request use third parties to collect data from drivers and many use another third-party to wireless transmit that data.
Any hacker will tell you that data is especially vulnerable to interception when it's being passing through too many hands. The New York Timeslisted a few examples of the types of data that's being sent over the open airwaves:
- "physical location recorded at regular intervals"
- "the last location they were parked"
- "distances and times travelled"
- "previous destinations entered into navigation systems"
- "a host of diagnostic data on the car"
So that's pretty much everything you probably wouldn't want to be made public, especially to hackers who might also have ties with car thieves.
Security experts have long been saying that we're not doing enough to protect against car hacking. Just a few days ago, DARPA showed how it could hack into GM's OnStar system and remote control a Chevy Impala. And now, we know that GM's vulnerabilities aren't exceptional. They're apparently the norm.
Image via GM