I read an interesting report released by Senator Markey last month. His office was concerned that appropriate measures were not being taken to secure cars and trucks on American highways. With most modern cars having built in WiFi, Bluetooth and other technology, they wondered what happened to the collected data, and how vulnerable the cars were to outside influence. Turns out they were right to be concerned.
Here are their key findings:
- “Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
- Most automobile manufacturers were unaware of or unable to report on past hacking incidents.
- Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.
- Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all.
- Automobile manufacturers collect large amounts of data on driving history and vehicle performance.
- A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.
- Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.
- Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.”
Most striking to me was this sentence:
“The diversity of responses received by Senator Markey shows that each manufacturer is handling the introduction of new technology in very different ways, and for the most part these actions are insufficient to ensure security and privacy for vehicle consumers.”
While it’s unlikely that a particular car will be targeted for hacking, the privacy issue is concerning to me. Read your manual or check with your dealer to see if there is a way to turn off data collection. It may be as simple as turning off your GPS feature, but check with your dealer to be sure. If you have an older car without GPS, OnStar, Bluetooth, etc., you likely do not have to worry about this.
Here is the Press Release from Senator Markey’s office along with a link to the original report: http://www.markey.senate.gov/news/press-releases/markey-report-reveals-automobile-security-and-privacy-vulnerabilities
Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Macs and PCs for the past fourteen years. He is highly rated by both the BBB (Better Business Bureau) and by Angies List. Geek For Hire, Inc. provides onsite service to the Denver/ Boulder/ Front Range area. They can provide remote service throughout North America.
