Sens. Markey, Blumenthal Introduce Legislation to Protect Drivers from Auto Security, Privacy Risks with Standards & “Cyber Dashboard” Rating System
Tuesday, July 21, 2015 markey.senate.gov
Washington (July 21, 2015) – As both Congress and the federal government struggle to develop a strategy for the Internet of Things and responding to the increasing use of connected devices, including automobiles, Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.), members of the Commerce, Science and Transportation Committee, today introduced legislation that would direct the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to establish federal standards to secure our cars and protect drivers’ privacy. The Security and Privacy in Your Car (SPY Car) Act also establishes a rating system — or “cyber dashboard”— that informs consumers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards.
Last year, Senator Markey released the report Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk, which detailed major gaps in how auto companies are securing connected features in cars against hackers. For example, only two of the 16 car companies had developed any capability to detect and respond to a hacking attack in real time and, and most customers don’t even know that their information is being collected and sent to third parties.
“Drivers shouldn’t have to choose between being connected and being protected,” said Senator Markey. “We need clear rules of the road that protect cars from hackers and American families from data trackers. This legislation will set minimum standards and transparency rules to protect the data, security and privacy of drivers in the modern age of increasingly connected vehicles. I look forward to working with Senator Blumenthal to ensure auto safety and security in the 21st century.”
“Rushing to roll out the next big thing, automakers have left cars unlocked to hackers and data-trackers,” said Senator Blumenthal. “This common-sense legislation protects the public against cybercriminals who exploit exciting advances in technology like self-driving and wireless connected cars. Federal law must provide minimum standards and safeguards that keep hackers out of drivers’ private data lanes. Security and safety need not be sacrificed for the convenience and promise of wireless progress. I thank Senator Markey for his leadership and profoundly significant fact-finding in protecting consumers. The road to new auto technology is wide enough for both progress and privacy.”
For more: http://www.markey.senate.gov/news/press-releases/sens-markey-blumenthal-introduce-legislation-to-protect-drivers-from-auto-security-privacy-risks-with-standards-and-cyber-dashboard-rating-system
The Ghost In The Car May Be A Hacker
JULY 21, 2015 1:49 PM ET npr
Andy Greenberg was minding his own business, driving a Jeep Cherokee on the highway in St. Louis when the SUV’s air vents suddenly started blasting cold air. Then the radio switched stations and began blaring hip-hop at full volume. Spinning the radio control knobs did nothing. Soon, the windshield wipers turned on and wiper fluid obscured Greenberg’s view.
Then things started getting really interesting.
Let’s stop the story for a moment. Greenberg is a senior writer for Wired and he knew he was taking part in a demonstration by Charlie Miller and Chris Valasek. For years, the two researchers have been hacking cars’ onboard computers to show that modern autos are vulnerable to various cyber exploits.
You may remember that NPR’s Steve Henn reported on their experiments in 2013. Back then, Miller and Valasek demonstrated that they could jerk the wheel of a Prius or kill the brakes of a Ford Escape — using laptops wired to the cars’ computer systems.
This time, though, they didn’t have to be in the car — or anywhere near it — to wreak havoc on the controls. From miles away, the researchers were able to use a cellular connection to access the Jeep with Greenberg behind the wheel.
Now, back to Greenberg’s 70 mph drive from hell:
“As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.
“Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun… .
“Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror.
For entire article and audio interview: http://www.npr.org/sections/alltechconsidered/2015/07/21/424988397/the-ghost-in-the-car-may-be-a-hacker