A US senator has asked leading car manufacturers to explain how they secure their vehicles against cyber attacks. Democrat Edward Markey’s request comes after recent disclosures from security experts who have reported on how they have hacked into cars.
Markey asked 20 leading car makers to respond to a set of questions about vehicle security, including how they test modern electrical systems and onboard wireless networks.
Recent news reports suggest that Markey’s concerns may well be justified.
Last year Naked Security reported how a $30 hacking kit could be used to steal BMW cars and, in August, researchers Charlie Miller and Chris Valasek showed Forbes reporter Andy Greenberg how a ride in a Toyota Prius could turn into the journey from hell.
Their research showed how hackers could take control of a car’s electronic smart steering, brakes, acceleration, engines and lights.
Its not just the bad guys who can manipulate the electronics in modern cars though. Yesterday, the BBC featured an article about RF Safe-Stop, a device capable of stopping a vehicle by blasting electromagnetic waves at it, which it says is something of interest to the police and military.
Markey, who also has an interest in the area of privacy, wrote a letter to Ford, General Motors, BMW and others on Monday in which he said:
As vehicles become more integrated with wireless technology, there are more avenues through which a hacker could introduce malicious code and more avenues through which a driver's basic right to privacy could be compromised.
These threats demonstrate the need for robust vehicle security policies to ensure the safety and privacy of our nation's drivers.
The Auto Alliance, an industry group which represents the leading car manufacturers, responded yesterday with a statement in which it said:
Auto engineers are incorporating security solutions into vehicles from the first stages of design and production, and their security testing never stops.
As cars and other forms of transportation increasingly incorporate in-vehicle computer systems to help with everything from safety to navigation, cyber-security is among the industry’s top priorities and the auto industry is working continuously to enhance vehicle security features.
The National Highway Traffic Safety Administration (NHTSA) also responded to recent concerns over car hacking. From a statement released on Tuesday:
While increased use of electronic controls and connectivity is enhancing transportation safety and efficiency, it brings a new challenge of safeguarding against potential vulnerabilities. NHTSA recognises these new challenges but is not aware of any consumer incidents where any vehicle control system has been hacked.
The senator, however, believes that the automobile industry has played down the risks highlighted by recent security research, saying that:
Airbags and seat belts protect the safety of drivers, but we also need car companies to ensure the security and privacy of those in automobiles in this new wireless age.
Markey, who serves a member of the Senate Commerce, Science and Transportation Committee, believes that the risks of vehicles being hacked is significant and that tracking and navigating systems in modern vehicles could be used in collecting driver data without the consumers’ knowledge or consent.
He would like Congress to examine car security policies.
On the other side of the fence Stuart McClure, Cylance Inc’s chief executive, downplayed the threats posed to cars by hackers, telling Reuters that such attacks were far harder to implement on vehicles than on traditional computing devices.