Most cars potentially hackable: report

A United States senator has claimed car manufacturers are paying little to no attention to IT security despite most modern cars being vulnerable to hacking attscks.

Democrat senator Edward Markey wrote to 19 car makers in the United States, Europe, Korea and Japan citing studies that showed how hackers could get into the controls of popular vehicles through Bluetooth and other wireless interfaces.

Car hacks could have disastrous consequences: Markey pointed to studies that demonstrated it was possible to make cars suddenly accelerate, swerve, turn off brakes, beep the horn, activate headlights as well as change the speedometer and fuel gauge readings.

Despite the potential for catastrophic hack attacks, car makers are not taking the issue seriously, he claimed. 

Senator Markey slammed the current state of car industry security and privacy practices as "alarmingly inconsistent and incomplete", and called for US government intervention to establish standards to protect drivers.

He suggested car security systems be validated with penetration tests and wireless interfaces be protected against hacking events and security breaches.

Markey's report [pdf] found that nearly all cars currently being sold feature wireless technologies that are potentially vulnerable to intrusion.

Even then, car makers weren't able to describe any capabilities to diagnose or "meaningfully respond to an infiltration in real-time", Markey said.

Most of the car makers were unaware or unable to report on past hacking incidents, Markey noted. Many appeared unable to understand Markey's questions on car security.

"These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle," Markey wrote.

The security measures that do exist to prevent remote access to vehicle electronics are "inconsistent and haphazard across all automobile manufacturers," the US senator said.

Markey also claimed to have found car makers collecting large amounts of driving histories and car performance. Customers are often not told of the data collection and usually cannot opt out of it without disabling valuable features such as navigation and maps, Markey said.

Furthermore, most car makers collect the data wirelessly, but the transmission to their and third party data centres is not secured, the report found.

Markey said drivers should be able to opt out of data collection and be explicitly made aware of it taking place, including how the transmission is secured, where the data is stored, for how long and who has access to it.

The car makers that responded to Markey's enquiries were BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen-Audi and Volvo.

Tesla, Aston-Martin and Lamborghini were also contacted by Markey, but did not respond.