I have warned you many times about the vulnerability to hacking of a myriad of Internet connected products from toys to cars that make up what is commonly referred to as the Internet of Things. The possibilities of automobiles being able to be hacked is particularly troublesome and the latest development on that front occurred this week when Nissan disabled its Nissan Connect EV smartphone app which could be used by owners of Nissan Leaf electric cars to control their automobiles through their smartphones. As is so often the case with the Internet of Things, security concerns were not sufficiently included in the development of the product. Access to someone’s car’s systems by way of a smartphone could be done by anyone who had the Vehicle Identification Number (VIN) for the car the hacker wished to hack.
If you are the owner of a Nissan Leaf, you can check on the status of your own car by going to Nissan’s website at https://owners.nissanusa.com/nowners/
United States Senators Edward Markey and Richard Blumenthal have filed legislation known as the SPY Car Act designed to provide requirements for automobile manufacturer’s to meet the threat of automobile hacking. SPY is an acronym for Security and Privacy in Your car. Senator Markey, in particular has long been concerned with the vulnerabilities of automobiles to being hacked and last February issued a report that concluded that the efforts of automakers around the world to prevent hackers from gaining control of cars electronically were “inconsistent and haphazard.” Further, Markey said that most automakers did not even have systems for either detecting security breaches or responding to those breaches. This new legislation is an attempt to respond to the lack of efforts by the automobile industry to effectively deal with this problem.
The bill if enacted into law would require the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to develop industry wide standards to prevent vehicle control systems from being hacked into. In addition, the bill would require privacy standards to be developed to protect the privacy of the data collected by our vehicles. Finally, the bill if enacted into law would require cars to have a new cyber dashboard display that would be affixed to the windows of all new cars that indicated how well the particular type and brand of car protected security and privacy beyond the minimum standards set by law.
Automobile hacking is just another part of the broad Internet of Things where we are all increasingly vulnerable to hacking that threatens our well being. Companies have got to do a better job of incorporating security into all of the devices and products that we use that are connected to the Internet. It is only a matter of time before hacking into the products involved with the Internet of Things results in devastating consequences. Here is a copy of my USA Today column I wrote in April of 2015 about the Internet of Things and the dangers posed. http://www.usatoday.com/story/money/columnist/2015/04/04/weisman-internet-of-things-cyber-security/70742000/
Here is a link to the legislation proposed by Senators Markey and Blumenthal. If you support this legislation, I urge you to contact your Senators to request that they vote favorably on this bill. http://www.markey.senate.gov/imo/media/doc/SPY%20Car%20legislation.pdf