Report: Cars are vulnerable to wireless hacking
Report: Cars are vulnerable to wireless hacking
Washington — – Millions of cars and trucks are vulnerable to hacking through wireless technologies that could jeopardize driver safety and privacy, a report released late Sunday says.
As vehicles grow increasingly connected through wireless networks and become more dependent on sophisticated electronic systems, Congress and federal regulators are worried about the potential for hackers to interfere with vehicle functions. The report overseen by Sen. Ed Markey, D-Massachusetts, says vehicles are vulnerable to hacking through wireless networks, smartphones, infotainment systems like OnStar — even a malicious CD popped into a car stereo.
Its release comes after CBS News’ “60 Minutes” on Sunday aired a segment demonstrating how vehicles can be subjects of remote hacking. Just last month, BMW AG said it had immobile a security flaw that could have permitted up to Two.Two million vehicles to have their doors remotely opened by hackers.
Markey cited studies demonstrating hackers can get into the controls of some popular vehicles, “causing them to all of a sudden accelerate, turn, kill the brakes, activate the horn, control the headlights, and modify the speedometer and gas gauge readings. Extra concerns came from the rise of navigation and other features that record and send location or driving history information.”
“Drivers have come to rely on these fresh technologies, but unluckily the automakers haven’t done their part to protect us from cyber attacks or privacy invasions,” Markey said. “Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected.”
He said government and automotive industry officials need to work with cyber-security experts “to establish clear rules of the road — not voluntary agreements — to ensure the safety and privacy of 21st-century American drivers.”
Markey said some security measures used by automakers — ID numbers and radio frequencies — can be identified and rewritten or bypassed.
The “60 Minutes” segment showcased a researcher with a laptop hacking into a fresh car — turning on windshield wipers, sounding the horn, deactivating brakes — as correspondent Lesley Stahl was incapable to stop in a parking lot.
Automakers and the “60 Minutes” report note that there is no known real-world case of a car being hacked remotely. But the program notes that “security cameras have shown cars burglarized by hackers unlocking doors. You can find software to do that online for $25,” the demonstrate said.
Sean Kane, president of Massachusetts-based Safety Research and Strategies, said there has been a “stunning lack of foresight” by regulators to ensure that cars are safe and secure.
“Look how many of the last year’s recalls related to electronic issues . it’s not going to be that far along — entire generations of vehicles — that could be vulnerable . it’s not sci-fi,” Kane said. Some two thousand fourteen models use 2G technology, he said, that could be a “broad open door” to hackers.
Kane agreed that, at least primarily, the thickest concern for hackers is those who got access to a person’s car keys. But he said there are big concerns about wireless access.
The issue could be even more significant as future vehicles communicate with one another through “vehicle to vehicle” technology to prevent crashes, but could also be at risk of hacking.
One automaker told Markey that some owners have attempted to reprogram the vehicle’s onboard computer to increase the horsepower of vehicles or torque through the use of “spectacle chips.”
Wade Newton, a spokesman for the Alliance of Automobile Manufacturers — the trade group signifying Detroit’s Big Three automakers, Toyota Motor Corp., Volkswagen AG and others — said he had not seen the report.
But he said automakers believe strong consumer data privacy protections and strong vehicle security are essential.
“Auto engineers incorporate security solutions into vehicles from the very very first stages of design and production — and security testing never stops.
“The industry is in the early stages of establishing a voluntary automobile industry sector information sharing and analysis center — or other comparable program — for collecting and sharing information about existing or potential cyber-related threats.”
Automakers noted that the Society of Automotive Engineers has created a Vehicle Electrical System Security Committee to draft standards that help ensure electronic control system safety.
In November, two major auto trade associations indicating almost all automakers unveiled a set of principles to protect driver privacy and security.
Markey wants the National Highway Traffic Safety Administration, working with the Federal Trade Commission, to set standards to protect the data, security and privacy of drivers.
NHTSA spokesman Gordon Trowbridge said Sunday the agency is “engaged in an intensive effort to determine potential security vulnerabilities related to fresh technologies and will work to ensure that manufacturers cooperate and address issues in order to keep motorists safe.”
NHTSA “will cautiously consider the contents of this fresh (Markey) report as well,” he added.
A two thousand thirteen federal law requires NHTSA to report to Congress on this issue. NHTSA ended its public comment period on its research efforts in December as it works to finish its report.
Markey cited a two thousand thirteen explore funded by the Defense Advanced Research Projects Agency. It found researchers could tap into vehicles’ electronic systems through a laptop computer connected by a cable. In initial tests on two two thousand ten vehicles from different automakers, they were able to do everything from cause the cars to accelerate and turn, to disable brakes and deep-throat the horn.
Automakers originally said in two thousand thirteen that the concerns were limited to hackers getting direct access to vehicles with a computer, but Markey’s report said the companies failed to note the examine built on prior research “that demonstrated that one could remotely and wirelessly access a vehicle . through Bluetooth connections, OnStar systems, malware in a synced Android smartphone, or a malicious file on a CD in the stereo.”
German motorist association ADAC said in January it had discovered a security flaw that could have permitted Two.Two million BMWs, Minis and Rolls-Royces to be remotely unlocked by hackers through BMW’s “Connected Drive.” The automaker now encrypts transmissions inbetween cellphones and cars; the update was finished last month.