Worried about hackers gaining remote access to your car? Concerned that all the gee-whiz technology going into driverless cars and advanced safety systems that make it easier and safer to drive will compromise your online privacy?
The automotive industry, in a response letter sent from the Alliance of Automobile Manufacturers and the Association of Global Automakers, the trade groups representing 25 major automakers, said that the car companies are “taking the issue [of car cyber security] very seriously,” according to a report in The Detroit News.
The joint response came following a letter sent to 20 automakers, including the Detroit Big Three, by Sen. Ed Markey, D-Mass., asking detailed questions about cyber security in vehicles and if drivers may be exposed to unwarranted privacy violations.
In-Vehicle and V2V Concerns
Mitch Bainwol and Michael Stanton, the CEOs of the trade groups, said that “the incorporation of in-vehicle computer systems has made protection from cyber security treats a top priority for the industry.”
To provide protection from hackers, automakers isolate vehicle control systems from navigation systems and satellite radio, both communication-based functions. Car companies are also warning that the “vehicle to vehicle” or V2V communication protocols that the National Highway Traffic Safety Administration (NHTSA) is considering will bring along with it new threat vectors, “which will need to be considered.”
Key areas of concern that Markey, a member of the Commerce Committee overseeing autos, mentioned are malicious code that hackers could introduce, as well as more avenues through which drivers’ basic rights to privacy could be compromised. Markey wants Congress to examine car security policies.
A Reuters story references 2010 research by a group of U.S. computer scientists that “viruses could take control of computers running car brakes, lights, locks and other systems.” The same researchers one year later showed ways that hackers could remotely infect cars over Bluetooth and other wireless systems.
Concerns about Data Recorders
Data recorders, the so-called “black boxes,” which capture data before and after a crash, were proposed by the NHTSA in December 2012 to be required of all vehicles built after September 2014. Data recorders are typically triggered by a crash or deployment of an airbag.
As for the data collected by these recorders, it includes vehicle speed, whether the brake was activated prior to a crash, information about the state of the engine throttle, crash forces at impact, timing of airbag deployment, and whether occupants’ seat belts were buckled.
According to the NHTSA, about 96 percent of 2013 model year cars and light-duty vehicles are already equipped with data recorder capability. Such devices have been in use approximately 20 years. Most automakers, including Toyota and General Motors, have them in all vehicles now.
While things get sorted out, what can consumers do? The best approach is to keep informed about the latest developments in automotive technology where computerized access or functionality is involved. Pay close attention to mention of safeguards for consumer privacy. Watch for NHTSA notifications of rule-changes or finalization of proposals in this all-important area.