Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Hackers Can Get Into Most ‘Connected Cars’: Study

Washington – Virtually all “connected cars” on the road are vulnerable to hackers who could steal data or gain control of the vehicle, a report from a US senator said Monday.

Washington – Virtually all “connected cars” on the road are vulnerable to hackers who could steal data or gain control of the vehicle, a report from a US senator said Monday.

The report prepared by the staff of Senator Ed Markey said the wireless connectivity and Internet access available on the vehicles opens up security gaps that could be exploited for malicious purposes.

The study found these security weaknesses in “nearly 100 percent of cars on the market” and noted that most automobile manufacturers were unaware of or unable to report on past hacking incidents.

Hacking Cars

The senator’s staff, which collected data from 16 major auto manufacturers, cited earlier studies on some vehicles which showed how hackers can get into the controls of some popular vehicles, causing them to suddenly accelerate, turn, de-activate brakes, activate the horn, control headlights, and modify the speedometer and gas gauge readings.

The report also noted that many of these connected cars collect data on driving that could be kept in violation of privacy.

It said that the “alarmingly inconsistent and incomplete state of industry security and privacy practices” raises questions about the need for new US rules from the National Highway Traffic Safety Administration (NHTSA) or other federal agencies.

“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyberattacks or privacy invasions,” Markey said in a statement.

“Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected.” The report said the manufacturers appeared to take little or no action following disclosures from researchers in 2013 and 2014 about these vulnerabilities.

Advertisement. Scroll to continue reading.

The report pointed out that hackers can gain access to a car via Bluetooth wireless connections, the OnStar system for remote assistance, malware in an Android smartphone which is paired with the vehicle, or even an infected CD in the car sound system.

“These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information,” the report said.

The report obtained responses from 16 major global manufacturers: BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen and Volvo.

Letters were sent to Aston Martin, Lamborghini and Tesla, but those manufacturers did not respond.

The study noted that the two major coalitions of automobile manufacturers recently issued a voluntary set of privacy principles by which their members have agreed to abide but said it was not clear how these principles would be interpreted.

The US-based Alliance of Automobile Manufacturers said in a response to an AFP query that it had not seen the report but that its members “believe that strong consumer data privacy protections and strong vehicle security are essential to maintaining the continued trust of our customers.”

The statement added that automakers “pledge to provide heightened protections to the most sensitive types of consumer information — protections that go beyond similar principles in other industry sectors “

RelatedCar-hacking Researchers Hope to Wake up Auto Industry

Related: Israeli Startup Raises $4 Million to Protect Cars from Cyberattacks

RelatedForget Carjacking, What about Carhacking?

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture