US senator raises red flag over cyber security in cars
Vehicles’ internal networks ‘largely unprotected’, could lead to wireless unlocking of doors
A US senator who questioned 20 car makers about the security of wireless access in their vehicles has raised concerns about "largely unprotected" systems, The Register reported.
Senator Ed Markey (D-MA) received responses from 17 of the 20 companies he contacted, with only Tesla, Aston Martin, and Lamborghini failing to reply. All 17 (BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen with Audi, and Volvo) integrated considerable data-driven tech in their 2014 models, with a number of respondents installing as many as 50 electronic control units (ECUs), which communicated over internal networks.
The Register suggests that, while the CAN (controller area network) bus, which presides over critical systems such as engines, steering wheels and brakes, is relatively isolated, lack of encryption and firewall provisions in other systems mean it is theoretically possible to, for example, open doors wirelessly.
Weak security could also allow malicious third-parties to install malware to monitor where the vehicle has been and how fast it was travelling.
"Drivers have come to rely on these new technologies, but unfortunately the automakers haven't done their part to protect us from cyber-attacks or privacy invasions," said Markey, a member of the Senate's Commerce, Science and Transportation Committee.
"Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected. We need to work with the industry and cyber-security experts to establish clear rules of the road to ensure the safety and privacy of 21st-century American drivers."
Continues on next page>>