By: Joseph Smith
As car manufacturers add more and more technological improvements to cars,
there is growing concern that they may not be taking necessary precautions
to protect drivers or their personal information. With the Sony-hacking
scandal in December, and now reports of Anthem having 80 million of its
past and current members' personal information stolen by hackers,
lawmakers are now asking automakers how they intend to protect drivers'
personal information as cars rely on more wireless and internet-based
technologies. Senator Ed Markey (D-Mass.) questioned automakers about
these issues after researchers showed how hackers can access some of the
controls of certain vehicles, causing them to suddenly accelerate, turn,
brake, or turn the headlights on and off.
Unfortunately, the automakers' answers make clear they have yet to
take any real steps to protect consumers. Most of the 16 manufacturers
reported that they were unaware of or unable to report on past hacking
incidents. Three of the automakers failed to answer the question, and
one acknowledged that an app that had been released for Android devices
could access a vehicle's computer network through the Bluetooth connection.
This concerned the automaker enough that it had the app removed from the
Google Play store as a precaution. Security experts consulted by Senator
Markey also found that the security measures being used by the automakers
were insufficient to protect consumers' data and could easily be gotten around.
Only one of the manufacturers stated they could detect a hacking attempt
as it occurred and only two offered credible means of responding to such
a hack in real time. In fact, most of the automakers would not know about
a hacking attempt unless the data from the vehicle's computer was
downloaded by a dealer or a service center – meaning a drivers'
personal data could be stolen and they would be completely unaware for
months or longer. The data that could be accessed includes driving histories,
navigation searches, infotainment use – information that manufacturers
say they already collect and wirelessly transfer from vehicles to other
locations using third-party companies, usually without effective means
to secure the data.
Automakers and automotive engineers are now working to develop these necessary
security safeguards and procedures. In November 2014, 19 automakers agreed
on a voluntary set of principles to protect motorists' privacy. However,
these voluntary principles may not be enough, especially when there appears
to currently be a clear lack of security measures and procedures to protect
this information from hackers.