Car manufacturers are failing to secure their vehicles against cyberattacks, according to a report released by the office of Senator Ed Markey, D-Mass. The study, which was written after Markey’s office received detailed information on the electronic security of 16 manufacturers, claims that the majority of automakers lack any systems to detect or quickly respond to electronic breaches.
Security measures in place against electronic attacks on vehicles are “inconsistent and haphazard,” the report states.
“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyberattacks or privacy invasions,” the Senator told the New York Times. The data "reveal there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information," the report said, according to the Times.
The report also found that most manufacturers were unaware of tracking past hacking incidents, with three declining the question. One automaker described a publicly available app designed by a third party that was capable of accessing a vehicle’s computer network through its Bluetooth connection, the Associated Press reported. A security analysis did not indicate any way to introduce malicious code or steal data, but the app was removed by Google as a safety measure, the report found.
Manufacturers are reportedly introducing technology in various new ways. Security experts consulted by Markey said that hackers could get around most existing security measures.
The report also expressed concerns about the manufacturers’ own tracking of driving data, with large amounts of driver data being collected with minimal consumer knowledge. Collected information includes physical location, distance and time of travel, and destinations entered into navigation systems. Diagnostic and performance data from vehicles is also reportedly captured.
Some of this data is handed over to third party data centers, while others rely on third party services to collect the data. “This reveals that a majority of vehicle manufacturers offer features that not only record but also transmit driving history wirelessly to themselves or to third parties,” the report said, according to the Times.
In November, a set of voluntary guidelines designed to govern the use of electronic systems and the data they produce was established by the Alliance of Automobile Manufacturers and the Association of Global Automakers. The guidelines call on manufacturers to only use information for “legitimate business purposes.”
However, the report said the phrase “legitimate business purposes” was too vague to effectively govern manufacturers’ behavior, and called for federal rules to be established on data produced by drivers.
A report published by scientists from the University of California, San Diego and the University of Washington in 2011 showed how researchers were able to wirelessly compromise a vehicle’s security, theoretically allowing them to take control of features like the lock or brakes, as well as track its location and other data, the Times reported.
The manufacturers who replied to Markey are BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen-Audi and Volvo.