I have been reporting to you about the dangers of cars being hacked for more than a year beginning when we first became aware of how vulnerable today’s Internet connected automobiles are to dangerous hacking. Hackers have shown that they can can gain access to data from an automobile and even remotely take control of cars and their systems. This problem was highlighted recently by an FBI warning last March about the dangers of automobile hacking .
Manufacturers have already recalled almost 1.5 million cars to remedy computer defects that, if unfixed, could have led to cars being hacked. When a car is recalled for a cybersecurity issue, the manufacturer notifies the car owner and tells them how to address the problem.
In an unusual and positive example of how different companies can work together for a common cause, in 2015 the major automobile manufacturers joined together to form the Automotive Information Sharing and Analysis Center (Auto-ISAC) to share information about car hacks and cybersecurity issues. Last week they had their first massive hacking attack drill intended to learn more about the strengths and weaknesses of the present systems being used by the automobile manufacturers. Fifteen major automobile manufacturers and ten automobile equipment suppliers took part in the test. As an industry, the automobile manufacturers have committed to doing a better job at integrating security into the development of automobile systems and sharing information to fight a common enemy.
In addition, United States Senators Edward Markey and Richard Blumenthal have filed legislation known as the SPY Car Act designed to provide requirements for automobile manufacturer’s to meet the threat of automobile hacking. SPY is an acronym for Security and Privacy in Your car. Senator Markey, in particular has long been concerned with the vulnerabilities of automobiles to being hacked and in February of 2015 issued a report that concluded that the efforts of automakers around the world to prevent hackers from gaining control of cars electronically were “inconsistent and haphazard.” Further, Markey indicated that most automakers did not even have systems for either detecting security breaches or responding to those breaches.
The bill if enacted into law would require the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to develop industry wide standards to prevent vehicle control systems from being hacked into. In addition, the bill would require privacy standards to be developed to protect the privacy of the data collected by our vehicles. Finally, the bill if enacted into law would require cars to have a new cyber dashboard display that would be affixed to the windows of all new cars that indicated how well the particular type and brand of car protected security and privacy beyond the minimum standards set by law.
Meanwhile, what should you be doing to make sure that your car is safe from being hacked? The first thing is to regularly check the NHTSA website where it indicates if a car is being recalled. If your car is being recalled for a cybersecurity problem, you can find it out there. Here is the link. https://vinrcl.safercar.gov/vin/
Although you may be able to download software updates and patches for your car online, there is always the risk that you might be downloading malware from a hacker tricking you into downloading malware that will harm you rather than help you so the better course of action if you are notified about software updates for your car or truck is to contact your dealer to assist you with downloading the proper software.
Here is a link to the legislation proposed by Senators Markey and Blumenthal. If you support this legislation, I urge you to contact your Senators to request that they vote favorably on this bill. http://www.markey.senate.gov/imo/media/doc/SPY%20Car%20legislation.pdf