As Wireless Technology Becomes Standard, Markey Queries Car Companies about Security, Privacy - 12/2/13

Monday, December 2, 2013

Contact: Giselle Barry (Markey) 202-224-2742

Eben Burnham-Snyder (Markey) 202-224-2742

Lawmaker sends letter to 20 auto manufacturers after reports of hacking, breaches, privacy concerns

Washington (December 2, 2013) - As car companies incorporate more navigation and other technologies that could potentially collect increasing amounts of information from and about consumers [delete] into cars, Senator Edward J. Markey (D-Mass.) today sent letters to 20 major automobile manufacturers requesting information about how consumers are protected from cyberattack or unwarranted violations of privacy. One recent study demonstrated how commands could be sent through a car’s computer system that could cause it to suddenly accelerate, turn or kill the breaks. Additionally, new services could enable the collection of large amounts of driver data, including geolocation. It is possible that this data could be used for commercial or law enforcement purposes without consumers’ knowledge or consent.

“As vehicles become more integrated with wireless technology, there are more avenues through which a hacker could introduce malicious code, and more avenues through which a driver’s basic right to privacy could be compromised,” writes Senator Markey, a member of the Commerce, Science and Transportation Committee, in the letter to the car companies. “These threats demonstrate the need for robust vehicle security policies to ensure the safety and privacy of our nation’s drivers.

“Airbags and seat belts protect the safety of drivers, but we also need car companies to ensure the security and privacy of those in automobiles in this new wireless age,” said Senator Markey. 

A copy of Senator Markey’s letters to the car companies can be found here.

Senator Markey sent letters to Volvo North America, Volkswagen Group of America, Toyota North American Region, Tesla, Subaru Motors America, Porsche Cars of North America, Nissan North America, Mitsubishi Motors North America, Mercedes-Benz USA, Mazda North American Operations, Automobili Lamborghini America, Jaguar Landrover LLC, Hyundai Motors North America, American Honda Motor Co. Inc., General Motors, Ford Motor Company, Chrysler Group LLC, BMW North America, Audi of America, and Aston Martin The Americas.  

In his letter to the car companies, Senator Markey asks for responses to questions that include:

 

  •  How does the company assess whether there are vulnerabilities related to technologies it purchases from other manufacturers as well as wireless entry points of vehicles to ensure malicious code or other infiltrations cannot occur? 
  •  Does the company utilize independent third-parties to test for vulnerabilities to wireless entry points? 
  •  Do any vehicles include technology that detects or monitors for anomalous activity or unauthorized intrusion through wireless entry points or wireless control units? And how are reports or unauthorized intrusion or remote attack responded to? 
  •  Has the company been made aware of any intentional or inadvertent effort to infiltrate a wireless entry point, and what, if any, changes were made to protect vehicles from vulnerabilities in the future? 
  •  What types of driving history information can be collected by navigation technology or other technologies, and is this information recorded, stored, or sold? 
  •  Has the company received any request for data related to the driving history of drivers, and what were the reasons and final disposition of the requests? 
  •  Which vehicles include technologies that can enable the remote shut-down of a vehicle, and are consumers made aware of this capability before purchase, lease ore rental of the vehicle?