Edward Markey, a Democrat from Massachusetts, has asked 20 of the world’s biggest automakers for information on how they secure their vehicles from cyber attacks, in light of reports by security experts who say they have identified ways to hack into cars.
The senator asked the companies to respond to a series of questions including how they test electronic components and wireless networks to make sure that attackers cannot gain access to onboard networks. He cited recent research by security experts who uncovered cyber vulnerabilities in cars that they said hackers might be able to exploit to cause them to crash.
“As vehicles become more integrated with wireless technology, there are more avenues through which a hacker could introduce malicious code and more avenues through which a driver’s basic right to privacy could be compromised,” Markey said in the letter. “These threats demonstrate the need for robust vehicle security policies to ensure the safety and privacy of our nation’s drivers,” he added.
The letter, dated Monday, also asked about measures the carmakers take to ensure the privacy of information collected by automobile computer systems. Recipients included BMW, Chrysler, Ford, General Motors, Mazda, Toyota and Volkswagen.
The Auto Alliance, an industry group whose members include those seven companies, released a statement on Tuesday saying that automakers were reviewing the letter.
“Auto engineers are incorporating security solutions into vehicles from the first stages of design and production, and their security testing never stops,” the group said in the statement. “Vehicle hardware has built-in security features that help protect safety critical systems, and auto control systems are isolated from communications-based functions like navigation and satellite radio.”
Concerns that hackers could attack cars with potentially lethal results have been growing for several years.
A group of U.S. computer scientists startled the industry in 2010 with research showing that viruses could take control of computers running car brakes, lights, locks and other systems. A year later the same researchers identified ways to remotely infect cars over Bluetooth and other wireless systems.
The National Highway Traffic Safety Administration responded by beginning an auto cyber security research program.
“While increased use of electronic controls and connectivity is enhancing transportation safety and efficiency, it brings a new challenge of safeguarding against potential vulnerabilities,” the agency said in a statement on Tuesday. “NHTSA recognizes these new challenges but is not aware of any consumer incidents where any vehicle control system has been hacked.”
Researchers have recently begun going public with details about vulnerabilities in automobiles in a bid to pressure manufacturers to boost security.