Automakers Push Back as Research Shows Car Hacking

• By Sydny Shepard
• Nov 19, 2015

To manufacturers, the increased technology in vehicles leads to a world of networked cars that have fewer deadly crashes, reduced traffic and new revenue systems. But to data security researchers, a world of networked cars could only lead to possible vectors of attack – high velocity weapons and roving data-reapers – posing as enticing targets for hackers.

As part of a series of Congressional hearings focused on tech issues, representatives of Tesla, General Motors and Toyota were asked to appear in front of an oversight subcommittee in the House of Representatives in late November. After lawmakers voiced concerns over consumer privacy, data collection and network security, the automakers responded with a unified message: Premature regulation can deter or block safety innovations.

Toyota vice president of connected services, Sandy Lobenstein, said that the auto industry has tried to tackle this fear together. The automakers developed privacy principles together for the new networked cars and believed they were at the forefront of protecting consumer data in the emerging Internet of Things.

Of particular interest to the members of Congress is the possibility of advancing industry-wide standards for cybersecurity and consumer privacy. Several lawmakers mentioned a widely-read article in which security researchers were able to hack at Jeep Cherokee and remotely tamper with its brakes, steering and engine.

While the government wants initiate a one-year government study to recommend regulations for automotive software, safety, cybersecurity, and privacy, the automotive representatives pressed that the industry was not going to be able to wait that long. Harry Lightsey, executive director for consumer experience at General Motors, mentioned that the company was already hard at work developing technologies intended to limit collisions and protect connected cars from being hacked.

When asked by Rep. John Mica, a republican from Florida, if an industry-wide cyber security standard exists, all automakers were not able to indicate if a set group of principles were set.

Location data, credit card numbers and text messages are all things that may be stored in a car now. And, according to Khaliah Barnes, associate director for the Electronic Privacy Information Center, carmakers are not doing a good job telling consumers how that data is used.

Barnes supports a Senate bill that would establish baseline federal standards for automobile cybersecurity, instituting federal penalties for car hacking. The same proposal limits how car data can be shared with marketers and other third parties.