US Senator Ed Markey recently asked all of the major car companies for information about how they protect drivers’ security and privacy in cars with wireless technology. The answers were not good.
The senator’s report found that anti-hacker measures in nearly every single one of these cars were “inconsistent and haphazard.” That’s putting it lightly.
Long story short, it’s obvious that carmakers aren’t taking security and privacy seriously in these newly internet-connected vehicles. The report found “a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle.”
We kind of knew that this might be a problem, but news that it’s so widespread is a huge concern. While, GE rolled out its OnStar 4G LTE wireless system to millions of cars last fall, similar features have been available on other brands like Audi and Chrysler for a while. Wireless features are even more common on high-end models.
The reported added that hackers could fairly easily “collect and use personal driver information.” The specifics are worse. At least 9 of the 16 carmakers that replied to Markey’s request use third parties to collect data from drivers and many use another third party to wireless transmit that data.
Any hacker will tell you that data is especially vulnerable to interception when it’s being passing through too many hands. The New York Times listed a few examples of the types of data that’s being sent over the open airwaves:
- “physical location recorded at regular intervals”
- “the last location they were parked”
- “distances and times traveled”
- “previous destinations entered into navigation systems”
- “a host of diagnostic data on the car”
So that’s pretty much everything you probably wouldn’t want to be made public, especially to hackers who might also have ties with car thieves.
Security experts have long been saying that we’re not doing enough to protect against car hacking. Just a few days ago, DARPA showed how it could hack into GM’s OnStar system and remote control a Chevy Impala. And now, we know that GM’s vulnerabilities aren’t exceptional. They’re apparently the norm.