Report Warns About Hacking, Tracking Cars

Carmakers are inconsistent about how they guard data collected from the vehicles they sell. And most aren't prepared to actively defend against wireless attacks by hackers trying to gain control of the vehicle.

So says Tracking & Hacking, a 12-page staff report from the office of Sen. Ed Markey (D-Mass.). The report summarizes the spotty responses from 16 carmakers to a list of questions about how they collect and use data generated by their vehicles and whether their cars are equipped to detect or ward off cyber attacks.

Markey's office did not commission or conduct any direct research on either issue. But its survey raises alarms about both areas.

The report notes that manufacturers already collect huge amounts of data from customers' vehicles. It chides carmakers for not being forthcoming with customers about the practice. It complains that several companies acknowledge hiring third parties to manage the data they collect, raising data security questions about that information. The report also complains that the industry's voluntary guidelines on data monitoring are too vague.

The survey claims, without providing details, that most new cars on the road are vulnerable to wireless hacking. Markey's report cites two well-publicized efforts by others to demonstrate how a car's brakes, horn and other systems can be accessed by an outside computer plugged into the vehicle's onboard diagnostic (OBD) port.

The report assumes the same control could be achieved wirelessly and without first physically injecting malicious code into the vehicle's software even though it isn't clear whether anyone has done so.

No matter, the report concludes. It argues that such a threat will only grow as cars gain more wireless access points and become more closely connected with each other and their environment.