Cloud Security, Incident Response, TDR

Car hacking report explores lack of real-time response capabilities

A senator has released a report on security and privacy concerns facing U.S. drivers, which includes a troubling, though not surprising, finding that most automakers lack the ability to respond to intrusions in real-time.

On Monday, Sen. Ed Markey, D-Mass., unveiled the report (PDF), which was first covered in an episode of "60 Minutes."

Entitled, “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” the 14-page report was compiled from the responses of 16 major automobile manufacturers, including BMW, General Motors, Ford, Chrysler, Honda, Hyundai, Mercedes-Benz, Toyota and Nissan.

Back in December, Sen. Markey sent letters to 20 automakers requesting information on how drivers are safeguarded from “cyberattack or unwarranted violations of privacy,” the senator's office announced at the time. Now, the senator's new report highlights eight major findings from the manufacturers' responses.

Of note, he found that only two automakers, among the 16 respondents, were able to describe their technological capabilities for diagnosing or “meaningfully” responding to intrusions in real-time, the report written by Markey's staff said.

The senator's office added that six of the automakers did not respond, while six others offered “vague mentions of security systems and ‘taking appropriate actions,' such as recalls and service campaigns that could not be used to respond in real-time.” Four automakers offered thoughtful answers, but only two of the responses showcased manufacturers' ability to “immediately respond to security threats and address the situation for the drivers who subscribe to their telematics providers,” the report said.

The two responses befitting real-time action were those of one manufacturer, which claimed it could put a vehicle in a “fail-safe” mode that could “limit vehicle operation if malfunctions that could cause damage occur.” Another automaker said that it had the option to “safely slowdown and immobilize an impacted vehicle if the vehicle is in motion at the time of detection.”

Other key points in the report were that 100 percent of vehicles on the market use wireless technologies that could potentially expose vulnerabilities to privacy or even hacking intrusions. Several of the report's other highlights entailed findings on automakers collecting data on vehicle performance and driving history without notifying customers or offering an “effective means to secure the data,” the report said.

Sen. Markey's report builds upon industry concerns about driver safety in the face of emerging hacking threats.

Just last month, BMW released a security patch that addressed a security flaw, which could have affected 2.2 million Rolls-Royce,Mini and BMW vehicles. According to a Reuters report, the vulnerability could have allowed hackers to unlock the doors or gain physical access to vehicles hooked up to company's ConnectedDrive software, which relies on SIM cards to identify mobile device users.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.