Putting computers and wireless connections into cars has left them wide open to hackers, claims lawmaker. Hackers can access car computers to take remote control of vehicle functions and lift the owner's data.
This is a problem.
"Many in the automotive industry really don't understand what the implications are of moving to this new computer-based era," said US Sen. Edward Markey (D-Mass.).
Markey based his conclusion on data provided by more than a dozen auto manufacturers. He polled them about the technology built into their cars and the protective measures keeping them secure. It turns out there's not a lot of security to talk about. Only two automobile manufacturers polled were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most said they rely on technologies that cannot be used for this purpose at all.
"No longer do you need a crowbar to break into an automobile," said Markey, during an interview on CBS This Morning. "You can do it with an iPad."
Researchers turned Markey on to the subject. They were able to demonstrate how an iPad-equipped hacker can seize control of car functions such as the horn, acceleration, headlights, speedometer, and gas-gauge readings -- even the steering wheel. Clearly such open access is a threat to life and property.
How is this possible?
Most new cars ship with dozens of on-board computers used to control various functions. While cars have had GPS inside for more than a decade, many now also include NFC, Bluetooth, tire-pressure monitors, keyless entry, WiFi, and LTE 4G. Hackers can take advantage of these insecure entry points to access the car's computers.
While it's unsettling to think that hackers can cause accidents, Markey's report also points out that carmakers are collecting a lot of personal data about owners.
Information such as where cars are stored and driven, how the owner drives the car, how the infotainment system is used, and more is being harvested by the carmakers. The timeframe manufacturers store this data within the car varies widely. The reasons behind collecting it are vague at best. One thing is certain: carmakers aren't advertising their data collection policies on promotional materials about their cars. Worse, consumers can't opt out. Markey wants far more transparency in this respect.
[Ford is looking beyond cars. Here's the reason why.]
The manufacturers' responses "reveal there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information," according to the report. "There really aren't any clear guidelines on the books."
There's little consumers can do at the moment. With no safeguards in place, everything is left open. While the industry is working to create standardized protection schemes for new models, cars already on the road are at risk.
Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.Eric is a freelance writer for InformationWeek specializing in mobile technologies. View Full Bio