Now the U.S. Senate is asking about carhacking
Back in August, I shared a post that detailed how two DARPA-funded engineers were able to hack the electronic controls of a car.
For its part, Toyota pooh-poohed the results, since in this particular test the hackers had to be physically present in the car to perform the hack.
Well, Toyota – and 19 other manufacturers who sell cars in the United States – will have to pay attention, now that Senator Edward Markey of Massachusetts is asking questions.
As car companies incorporate more navigation and other technologies that could potentially collect increasing amounts of information from and about consumers [delete] into cars, Senator Edward J. Markey (D-Mass.) today sent letters to 20 major automobile manufacturers requesting information about how consumers are protected from cyberattack or unwarranted violations of privacy.
It turns out that Markey isn’t only concerned about hacking, but is also concerned about privacy issues such as geolocation.
Here are some of the questions that Senator Markey is asking:
How does the company assess whether there are vulnerabilities related to technologies it purchases from other manufacturers as well as wireless entry points of vehicles to ensure malicious code or other infiltrations cannot occur?
Does the company utilize independent third-parties to test for vulnerabilities to wireless entry points?
Do any vehicles include technology that detects or monitors for anomalous activity or unauthorized intrusion through wireless entry points or wireless control units? And how are reports or unauthorized intrusion or remote attack responded to?
Has the company been made aware of any intentional or inadvertent effort to infiltrate a wireless entry point, and what, if any, changes were made to protect vehicles from vulnerabilities in the future?
What types of driving history information can be collected by navigation technology or other technologies, and is this information recorded, stored, or sold?
Has the company received any request for data related to the driving history of drivers, and what were the reasons and final disposition of the requests?
Which vehicles include technologies that can enable the remote shut-down of a vehicle, and are consumers made aware of this capability before purchase, lease ore (sic) rental of the vehicle?
Markey’s questions touch upon an important point – namely, that your modern car includes hardware and software from a number of manufacturers. So even if everything that Toyota manufactures is highly secure, what about the content from LoJack, Sirius/XM, or your insurance company?