Automakers Must Address Vehicle IoT Security Risks Immediately
Feb 12, 2015
Last month I blogged about the critical need for companies to bolster their IT security. They must especially pay attention to connected devices or the Internet of Things (IoT), including home systems, machinery, medical devices, vehicles and wearables, and yes, drones. I warned there is unspeakable havoc that could arise with IoT with security breaches.
Demonstrating how real the gaps and threats are, U.S. Senator Edward Markey (D-Massachusetts) has just published a disturbing report that reinforces the case for stepped up IoT security in vehicles.
The paper, “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk” had these 8 unsettling findings:
- Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
- Most automobile manufacturers were unaware of or unable to report on past hacking incidents.
- Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.
- Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all.
- Automobile manufacturers collect large amounts of data on driving history and vehicle performance.
- A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.
- Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.
- Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.
Says the report’s executive summary: “These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information.”
In response, Senator Markey and Senator Richard Blumenthal (D-Connecticut) announced legislation Feb.11 that would direct the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to establish federal standards to secure our cars and protect drivers’ privacy.
“We need the electronic equivalent of seat belts and airbags to keep drivers and their information safe in the 21st century,” said Senator Markey.
“There are currently no rules of the road for how to protect driver and passenger data, and most customers don’t even know that their information is being collected and sent to third parties. These new requirements will include a set of minimum standards to protect driver security and privacy in every new vehicle. I look forward to working with my Senate colleagues to advance this important consumer protection legislation.”
“Connected cars represent tremendous social and economic promise, but in the rush to roll out the next big thing automakers have left the doors unlocked to would-be cybercriminals,” said Senator Blumenthal. “This common-sense legislation would ensure that drivers can trust the convenience of wireless technology, without having to fear incursions on their safety or privacy by hackers and criminals.”
Brendan Read is Senior Industry Analyst with over 25 years’ experience covering business, communications, staffing, and technology. He has worked in, prepared reports, and blogged on a wide range of topics including customer contact, CX, CRM, IoT, social media, supply chain, and BC/DR. He also has backgrounds in construction, manufacturing, materials, resource extraction, site selection, and transportation. He examines the broad economic, environmental, innovation, political, and social mega trends, and their impacts on businesses, markets, and society.