Hacking into cars' onboard electronics systems has been popular at hacker conventions for years, but the US government is finally taking notice of the vulnerabilities and moving towards serious measures. A new report from Senator Ed Markey (D-MA) draws from 16 different auto makers' security policies, and concludes that the auto industry as a whole has a major security problem.
"Security measures... are inconsistent and haphazard."
Only two of the 16 companies were able to describe any kind of real-time response to an infiltration. (Markey declines to name the companies, for reasons of discretion.) As early as 2011, security researchers demonstrated how Wi-Fi and Bluetooth capabilities can be used to take control of a car's engine, brakes and steering — but as those capabilities have expanded to more and more cars on the road, the industry has done little to keep pace on the security front. "Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard," Markey's report concludes.
Markey also raised familiar privacy concerns over auto companies' widespread data collection, which rarely offers any indication of how that data is secured or used. The Senator recommended new action from the National Highway Safety Association to address the security issues, consulting with the Federal Trade Commission on privacy grounds, although it's unclear when such an action might occur. Notably, Tesla did not participate in the survey, although the manufacturer has taken an aggressive approach to digital dashboard and faced its own security issues in turn.