Our cars are increasingly loaded with tiny computers. And like so many other things in our lives, these gadgets-on-wheels have the ability to wirelessly connect to the Internet, to do things like stream music and access real-time traffic and weather data. What could possibly go wrong?
A number of things, apparently.
Just about every new car that rolls off the lot in this here future of ours comes equipped with some kind of wireless network that, according a damning new Senate report, “could pose vulnerabilities to hacking or privacy intrusions.” And when it comes to securing those systems, carmakers are anything but consistent, if they’re even trying at all.
The report is the result of an inquiry by Senator Edward Markey’s office into the security and privacy practices of 20 automobile manufacturers. Markey received responses from 16 of those companies, whose collective approach to security the report calls “alarmingly inconsistent and incomplete.”
According to the report, only half of the companies surveyed were able to confirm that they monitor their cars’ systems for malicious activity (others declined to answer, although it’s hard to imagine a company not wanting to brag about their own diligence). Only two of the companies were able to outline how they would diagnose and deal with an intrusion in real time. Seven of the companies said that they subject their systems to the scrutiny of third-party security testing (five explicitly conceded that they do not). Meanwhile, most of the companies were capable of reporting on past hacks that may have happened. Tesla, Lamborghini, and Aston Martin all declined to respond to the questionnaire at all.
The report also touched on privacy, noting that the “overwhelming majority” of modern cars log sensitive data about the vehicle’s whereabouts–and they don’t always transmit that data as securely as they could.
From a security standpoint, the chief concern here is that a hacker could remotely access a car’s electronic systems and put the driver at risk by disabling the breaks or commandeering the steering wheel. Sound like a scene from a sci-fi thriller movie? It’s already happened, thankfully at the hands of Pentagon-funded researchers rather than real-life malicious hackers. Meanwhile, connected car hacks have become a growing focus at security conferences, with researchers eagerly poking holes in vehicles’ security systems. At last year’s Black Hat Asia, for example, security expert Nitesh Dhanjani showed how susceptible Tesla’s Model S connected car is to brute-force hacking. Just two weeks ago, BMW fixed a security flaw that could have allowed hackers to open some 2.2 million of its vehicles.
From the looks of it, carmakers are much more eager to inject the latest technology into their wares than safeguard security. But Markey’s office hopes that will change. In addition to shaming car manufacturers, the report calls for a set of “new standards that will protect the data, security, and privacy of drivers in the modern age of increasingly connected vehicles.” Those standards should protect against breaches, require security testing and real-time threat mitigation, as well as allow drivers to opt out of data collection.
Of course, cars are only getting more connected and automated, with the expectation that we’ll see fully self-driving models on the road by 2030. In the meantime, it’s probably a good idea to put some measures in place to ensure our futuristic dream cars don’t become fiery robotic deathtraps with a few keystrokes.