Cybersecurity experts at obscure tech conferences have spent the last few years warning automakers that they’re drastically behind the curve in insulating cars from cyberattacks, but after DARPA hacked one on Sunday’s “60 Minutes” — taking control of acceleration and braking — they’re starting to pay attention.
During a Sunday report Dan Kaufman, head of the Information Innovation Office at the Defense Advanced Research Projects Agency (the forward-thinking branch of the Pentagon behind the development of the Internet), demonstrated how easy it is to hack the latest generation of hi-tech autos, which are load with computers and connectivity.
Using nothing but an on-site laptop, Kaufman and a colleague hacked into a car (the producers taped up the markings but it’s clearly a late-model Chevrolet Impala) by infiltrating its “emergency communication system” (a.k.a. General Motors’ OnStar service) and reprogramming the car’s software to give the hacker control over everything from the windshield wipers to braking and acceleration.
Numerous experts have demonstrated hacking cars’ onboard electronics through WiFi, Bluetooth and other means to seize headlights, horns, door locks, braking, acceleration and even steering in the last four years, highlighting a growing concern for consumer safety that lawmakers in Congress are beginning to take seriously.
Massachusetts Democratic Sen. Ed Markey — who sits on the Senate Commerce, Science and Transportation Committee — released a report Monday compiling 16 different auto manufacturers’ answers to questions posed by Markey about the security of their vehicles.
The report found that almost all modern cars have a wireless connection that could potentially be exploited by hackers, and of the 16 respondents out of the 20 questioned, only two could describe a real-time method of responding to hacks (the two were not named, but a complete listing of the manufacturers questioned can be found on page three of the report here).
In addition to finding the majority of cars’ signals security “inconsistent and haphazard,” the report also noted that many manufacturers are tracking drivers locations and transmitting the information over unsecured connections.
“These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information,” the report reads.
“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyberattacks or privacy invasions. Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected,” Markey said in a press release announcing the report, which was first mentioned in the “60 Minutes” report.
“We need to work with the industry and cybersecurity experts to establish clear rules of the road to ensure the safety and privacy of 21st-century American drivers.”