Following a string of high-profile incidents in which researchers were able to hack into – and in some cases take control of – a vehicle through its entertainment systems, lawmakers have renewed their push to ensure car manufacturers are adequately protecting consumers from such attacks.
Today, Senators Richard Blumenthal of Connecticut and Edward Markey of Massachusetts sent letters [PDF] to 18 car makers asking for updates on how they protect vehicle owners against the threat of cyberattacks or unwarranted invasions of privacy related to the integration of electronic systems into and within automobiles.
Markey previously sent the car makers letters of inquiry back in 2013 when he first began investigating the potential cybersecurity vulnerabilities in connected vehicles.
Automakers’ original responses were used in Markey’s 2015 report “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” which detailed gaps in how automakers secure connected features in cars against hackers,
The most recent letters – sent to Aston Martin, BMW, Fiat Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Lamborghini, Mazda, Mercedes Benz, Mitsubishi, Nissan, Porsche, Subaru, Tesla, Toyota, Volkswagen Audi, and Volvo – ask the companies to provide updates on any changes they’ve made to their vehicles, including characteristics, policies, practices and experiences since last responding to Markey’s inquiry.
“As vehicles become increasingly connected to the Internet and to one another through advanced features and services, we continue to see how these technologies present vulnerabilities that can compromise the safety and privacy of drivers and passenger,” the letter states.
The senators go on to illustrate the potential danger of such vehicle cyberattacks by detailing the July hacking of a Jeep Cherokee.
In that case, security researchers Charlie Miller and Chris Valasek, hacked the Jeep while a Wired.com reporter was driving it, exploited a security flaw in Uconnect that gave them the entry point to wirelessly take control of the vehicle.
Shortly after the hack was made public Fiat Chrysler recalled 1.4 million vehicles that were found to be susceptible to remote hacks via the Uconnect onboard infotainment system.
Despite the uptick in high-profile hackings, the senators note that since the release of Markey’s “Hacking & Tracking” report groups have taken steps to better protect consumers.
For example, the senators cite the Alliance of Automobile Manufacturers and the Association of Global Automakers release of a set of voluntary privacy standards to ensure that consumer data is secure.
“While we are pleased that the industry has taken a step in the right direction, we believe that protecting the safety, security and privacy of American drives should not be voluntary,” the letter states. “Consumers should have meaningful choice and transparency regarding any collection of their data derived from driving their vehicles.”
The letter gives automakers until October 16 to provide a response.
Markey and Blumenthal have been championing better protections related to vulnerabilities in newer vehicles recently.
Back in July, the pair introduced an automotive security bill to set new digital security standards for cars and trucks called the Security and Privacy in Your Car, or SPY Act.
The measure would direct NHTSA and the Federal Trade Commission to establish federal standards to secure cars and protect drivers’ privacy, as well as establishing a rating system — or “cyber dashboard” — that informs consumers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards.
