Connected cars are rolling PC full of personal data and automakers might not know it.
Connected cars are rolling PC full of personal data and automakers might not know it.

A recent survey has found that while auto manufactures acknowledge the need for securing their connected systems they could be overlooking the privacy concerns that come with storing driver information.

Veracode commissioned a whitepaper which queried 1,072 drivers in the UK and Germany, along with several auto industry representatives, to explore how manufacturers are addressing the issue of connected cars and to discover whether drivers are concerned about what is being done.

Most of the drivers were worried about the potential for connected cars to become another avenue for criminals to obtain their data. However, manufacturers said they are aware of this possibility, but do not believe it is a problem drivers need to worry about, according to the study.

Veracode Chief Technology Officer Chris Wysopal told SCMagazine that auto companies understand that cyber security can compromise physical safety, but car makers still need to understand that cars are becoming rolling PC's full of personal information.

Wysopal was surprised by the finding that manufactures said it will be one to three years before connected car systems are capable of dealing with all the security concerns that are present, Wysopal said.

He added that cybersecurity is often learned industry by industry and that auto manufactures have ignored most cybersecurity concerns until recent vulnerabilities and car hacks have forced them to deal with this threat.

Despite the effort to lock down security, driver downloaded apps are going to present one of the biggest challenges because of their potential to leak data and overall consumer safety, Wysopal said.

“A common theme amongst all manufacturers we spoke with is around separating the infotainment system from the performance system, and this is mainly due to the ability of applications to be downloaded to the car,” the study said.

Some manufacturers do not believe that truly separating the two systems is possible so car companies and lawmakers will have to decide who takes responsibility for the quality and security of the applications drivers download, the study said.

According to the study, auto manufactures generally accept that they are responsible for a great deal of liability from a consumer protection point of view, but customers aren't as unified in their opinion of who they felt was primarily liable.

About 40 percent of UK respondents said they themselves should take responsibility for the quality and security of the applications drivers download, while the 32 percent of German respondents said they would hold the app makers responsible.

Of the remaining German drivers queried on who should be held liable, 23 percent felt the vehicle manufactures, 22 percent felt the app, and 20 percent said they would take responsibility themselves.

As a society we haven't figured out where liability lies, Wysopal said.

“It is therefore imperative that manufacturers not only test their software to the extreme but also ensure that software in the car is protected in such a way as to prevent external interference,” the study said.

Until auto manufactures do a better job securing their networks, Wysopal recommends that drivers beware of any new apps that will allow you to control your vehicle.