WASHINGTON – Two Democratic members of the Senate Committee on Commerce, Science, and Transportation have sent letters to the CEOs of 18 major automakers asking that they conduct a comprehensive overview of vehicles’ vulnerabilities to hacking, and elaborate on what they are doing to address this.
The letter reads, “As vehicles become increasingly connected to the Internet and to one another through advanced features and services, we continue to see how these technologies present vulnerabilities that can compromise the safety and privacy of drivers and passenger. Vehicle functionality, safety and privacy all depend on the functions of these computers, as well as their ability to communicate with one another. They also have the ability to record vehicle data, to analyze and improve performance. However, a series of studies over the past few years have demonstrated how these systems can be remotely hacked to steal data, or take control of the vehicle away from the driver.”
Sen. Edward Markey (D-Mass.) and Sen. Richard Blumenthal (D-Conn.) co-wrote the letter and are both noted proponents of increased standards for consumer products that are transitioning into the “Internet of Things” ecosystem.
Earlier this year the senators co-sponsored legislation that would have mandated federal regulators to develop standards for protecting vehicles against hacking. This latest letter comes on the heels of cybersecurity researchers demonstrating that they could take control of a Jeep, turning the engine on and off, and disconnecting the brakes from a laptop miles away.
Markey’s office said this is the latest from an investigation ostensibly started in 2013.
The letter gives the auto industry until Oct. 16 to respond. These issues come on the heels of recent reports that even as cybercrime rises, companies are neglecting security fail-safes in favor of cutting development time and cost.
The senators sent letters to Aston Martin, BMW North America, Fiat Chrysler, Ford Motor, General Motors, American Honda Motor, Hyundai Motors North America, Jaguar Land Rover North America, Lamborghini, Mazda North America, Mercedes Benz USA, Mitsubishi, Nissan North America, Porsche, Subaru Motors America, Tesla, Toyota North America, Volkswagen Group of America (with Audi) and Volvo.
Sens. Markey and Blumenthal are cognizant of these and other potential threats hackers and malware could pose to the American people and the 253 million cars on America’s roads. Concluding in their letter, “While we are pleased that the industry has taken a step in the right direction, we believe that protecting the safety, security and privacy of American drivers should not be voluntary. Consumers should have meaningful choice and transparency regarding any collection of their data derived from driving their vehicles.”