Automakers Aren’t ‘Doing Their Part’ To Protect Consumers From Smart Car Hackers [Report]
If your insurance leads or customers are determined to jump on the smart car bandwagon, there are some serious safety considerations they must first take into account — for the good of themselves and their families. These considerations were originally highlighted in a series of letters that Sen. Edward J. Markey (Dem. Mass.) sent to 20 of the nation’s biggest auto manufacturers. Highlights of each letter could be summarized as follows.
- How does the company assess whether there are vulnerabilities related to technologies it purchases from other manufacturers as well as wireless entry points of vehicles to ensure malicious code or other infiltrations cannot occur?
- Does the company utilize independent third parties to test for vulnerabilities to wireless entry points?
- Do any vehicles include technology that detects or monitors for anomalous activity or unauthorized intrusion through wireless entry points or wireless control units? And how are reports or unauthorized intrusion or remote attack responded to?
- Has the company been made aware of any intentional or inadvertent effort to infiltrate a wireless entry point, and what, if any, changes were made to protect vehicles from vulnerabilities in the future?
- What types of driving history information can be collected by navigation technology or other technologies, and is this information recorded, stored, or sold?
- Has the company received any request for data related to the driving history of drivers, and what were the reasons and final disposition of the requests?
- Which vehicles include technologies that can enable the remote shutdown of a vehicle, and are consumers made aware of this capability before purchase, lease or rental of the vehicle?
Now in a new report from Yahoo!, it seems the answers are coming in, and they’re not very reassuring.
Responses from 16 of the manufacturers “reveal there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information,” the Markey staff report states.
According to the news site, modern cars and light trucks “typically contain more than 50 electronic control units — effectively small computers — that are part of a network in the car. At the same time, nearly all new cars on the market today include at least some wireless entry points to these computers, such as tire pressure monitoring systems, Bluetooth, Internet access, keyless entry, remote start, navigation systems, WiFi, anti-theft systems and cellular-telematics … Only three automakers said they still have some models without wireless entry, but those models are a small and declining share of their fleets.”
In essence, Markey states, this means that while drivers have come to rely on these new technologies, “the automakers haven’t done their part to protect us from cyberattacks or privacy invasions.”
Other key findings of the report include:
- Most manufacturers said they were unaware of or unable to report on past hacking incidents. Three automakers declined to answer the question. One automaker described an app designed by an outside company and released for Android devices that could access a vehicle’s computer network through the Bluetooth connection. A security analysis didn’t indicate any ability to introduce malicious code or steal data, but the automaker had the app removed from the Google Play store as a precautionary measure.
- Each manufacturer is handling the introduction of new technology in very different ways, and for the most part these actions are insufficient to ensure security. Hackers can get around most security protections cited by manufacturers, according to the security experts Markey consulted.
- Only one manufacturer appeared able to detect a hacking attempt while it was happening and only two described credible means of responding to such intrusions in real time. Information from most automakers indicated they wouldn’t know about a hacking attempt unless data from the vehicle’s computers was downloaded by a dealer or at a service center.
Those points also fail to account for the personal data on vehicle driving history that manufacturers are failing to protect.
It’s worth noting that some of these safety features may be attractive to insurance companies because they reduce the likelihood and in many cases the severity of an accident, but as an agent, it’s also important to let your customers know what they’re signing up for when they purchase automobiles that use smart car technology. Read more on the new report from Yahoo!.