Posted by Robert Vamosi on April 28, 2016
A new report due out on Monday from U.S. senator finds that the auto makers attempts to prevent hackers from gaining control of a vehicle’s electronics are “inconsistent and haphazard,” while the companies collect driver histories, and other personal data, often without customer consent.
“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyberattacks or privacy invasions,” said the senator, Edward J. Markey, Democrat of Massachusetts.
According to the New York Times, which obtained an advance copy, said the report finds “a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle” or hackers who wish to “collect and use personal driver information,” the report expressed concerns over how automakers track drivers’ behavior and collect, transmit and store that information.
The Senator’s office found that data on driving histories are harvested by the auto makers and sometimes shared with third parties without customers being aware. “This reveals that a majority of vehicle manufacturers offer features that not only record but also transmit driving history wirelessly to themselves or to third parties,” the report said.
The phrase “legitimate business purposes” is vague, the report said, allowing manufacturers the opportunity for all kinds of data collection. Senator Markey will ask for clear federal rules to be established for what are permissible and appropriate uses of drivers’ data.
The report is based on data received from BMW, Fiat Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen and Volvo. Aston Martin, Lamborghini and Tesla did not contribute.
Wade Newton, a spokesman for the Alliance of Automobile Manufacturers, defended the auto makers. “Auto engineers incorporate security solutions into vehicles from the very first stages of design and production — and security testing never stops,” he said.
Get the latest Software Integrity news, thought leadership, and more.