Tiffiany Greene

Potential for hacking into cars puts drivers at risk

I: Image of a smart car
N: todays smart cars are vulnerable to hacking, which can result in the theft of personal driving
information and control of the vehicle taken over by hackers.
I: Image of reporter speaker
A report by Senator Mackey of Massachusetts entitled, Tracking and Hacking: Security and
Privacy Gaps put American drivers at risk, notes in its findings that there is a clear lack of
appropriate security measures to protect drivers against hackers who may be able to take control
of a vehicle or against those who may wish to collect and use personal driver information.
I: Image of car manufacturers logos
N: The findings are based on responses by sixteen major car manufacturers to question submitted
by Senators staff among the major findings from those responses. Nearly hundred percent of
cars on the market include wireless technologies that could pose vulnerabilities to hacking or
privacy intrusions. Most car manufacturers were unaware of or unable to report on past hacking
incidents. Security measures to prevent remote access to vehicle electronics are inconsistent and
haphazard across all car manufacturers, and many manufacturers did not seem to understand the
questions that were asked. Only two manufacturers were able to describe any capabilities to
diagnose or meaningfully respond to any infiltration in real time.

I: Image of senator Markey

N: Senator Markeys report says, The alarmingly inconsistent and incomplete state of the
industry and privacy practices, along with the voluntary principles put forward by industry, raises
a need for the National Highway Traffic Safety Administrations in consultation with the Federal
Trade Commission on privacy issues, to promulgate new standards that will protect the data,
security and privacy of drivers in the modern ages increasingly connected vehicles. Also there
are findings that are similar to the issues raised by Balough Law Offices in Chicago Illinois that
began in 2013.
I: image of reporter
Senator Edward J. Markey reported how sixteen automobile manufacturers responded to
questions about how hackers can infiltrate the computer systems inside Americans cars and
trucks. Senator Markey also states Drivers have to come to rely on these new technologies, but
unfortunately the auto makers havent done their part to protect us from cyber - attacks or
privacy invasion. Even as we are more connected than ever in our cars and trucks or technology
systems and data security remain largely unprotected.
I: Image of a black hat
Markey is also a member of the Commerce, Science, and Transportation Committee. The senator
also states We need to work with the industry and cyber- security experts to establish clear rules
of the road to ensure the safety and privacy of 21st century American drivers. He too highlights
four trends which states almost a hundred percent of vehicles include wireless technologies
which could pose vulnerabilities to hacking or privacy intrusions. Most automobile
manufacturers were unaware of or unable to report on past hacking incidents. Security measures

to prevent remote access to vehicle electronics are inconsistent and haphazard across the
different manufacturers.
I: car logo and ? Is your car protected?
N: Only two automobile manufacturers out of sixteen were able to describe any capabilities to
diagnose or meaningfully respond to an infiltration in real-time, and most said they rely on
technologies that cant be used for this purpose at all. The findings are based on responses from
BMW, Chrysler, Ford, General Motors, Honda, Hyundi, Jaguar Land Rover, Mazda, MercedesBenz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen(with Audi), and Volvo. Letters
were also sent to Ashton Martin, Lamborghini, and Tesla, which didnt respond.
I: Image of a lock and key
N: These findings reveal that there is a clear lack of appropriate security measures to protect
drivers against hackers who may be able to take control of a vehicle or against those who may
wish to collect and use personal information.
I: privacy image
N: In response to the privacy concerns raised by Senator Markey and others, the two major
coalitions of automobile manufacturers recently issued a voluntary set of privacy principles by
which their members have agreed to abide. These principles send a meaningful message that
automobile manufacturers are committed to protecting consumer privacy by ensuring
transparency and choice, responsible use and security of data, and account-ability. However, the
principles depend on how the manufacturers interpret them.
I: Picture of the reporter

N: The alarming inconsistent and incomplete state of industry security and privacy practices,
along with the voluntary principles put forward by industry, raises a need for the National
Highway Traffic Safety Administration in consultation with the Federal Trade Commission on
privacy issues, to promulgate new standards that will protect the data, security and privacy of
drivers in the modern age of increasingly connected vehicles. Such standards should ensure that
vehicles with wireless access points and data-collecting features are protected against hacking
events and security breaches.
I: opt out symbol
N: They should also validate security systems using penetration testing and include measures to
respond real time to hacking events. The industry should require that drivers are made explicitly
aware of data collection, transmission, and use to ensure drivers are given the option to opt out of
data collection and transfer of driver information to-off board storage and require removal of
personally identifiable information prior to transmission, when possible and upon consumer
request.
I: Flexray definition
N: Todays cars and light trucks contain more than fifty separate electronic control units which
connect through a controller area network or other network (such as Local Interconnect
Networks or Flexray). Local interconnect and Flexray protects your car once connected to the
internet. Vehicle functionality, safety, and privacy all depend on the functions of these small
computers, as well as their ability to communicate with one another. They also have the ability to
record vehicle data to analyze and improve performance. On-board navigation technologies as
well as the ability to integrate mobile devices with vehicle-based technologies have also

fundamentally altered the manner in which drivers and the vehicles can communicate themselves
during the vehicles operation.
I: Technology related to car security
N: Technology is emerging as a viable tool for improving active safety through collision
avoidance, and one of the main unknowns in their development is a robust communication
security system. This security system doesnt breakdown easily or is not wholly affected by a
single application failure. As vehicles continue to become more integrated with wireless
technology, there are more avenues through which a hacker could introduce malicious code, and
more avenues through which a drivers basic right to privacy could be compromised.
I: Image of reporter
N:All These threats demonstrate the need for robust vehicle security policies to ensure the safety
and privacy of our nations drivers. Automobile security experts consulted by Senator Markeys
staff states Unique I.D. numbers and radio frequencies can be indemnified by hackers, that
closed systems codes have been proven to be re-writable, and seed key security is easily by
passed.
I: Image of WEP security
The other half of the responses named procedures utilized in the development process that
manufacturers use to ensure WEP security, which was more in line with the wording and intent
of the question. WEP security intention was to provide data confidentiality compared to that of a
traditional wired network. These responses included the following steps: Threating modeling,
Penetration testing, Input validation and verification, virtual testing component testing Physical

testing. The percentages of vehicles that contain such technologies varied greatly among the
manufacturers, with some claiming that almost no vehicle have them while others claim that all
of their vehicle models do.
I: Image of reporter
A median response of thirty five percent of vehicles from a manufacturer containing
technologies can collect driving history information. These percentages either showed slight
increases or stagnation from 2013-2014. Automobile manufacturers store data in a variety of
different ways. Some said that it is only stored on- board the vehicle and cant be wirelessly
retrieved, and others described how they wirelessly transfer all data to a central location. Also the
large majority of the companies that responded claimed that they do contracts with third party
companies to provide the data collecting features that they offer. Three manufacturers
specifically stated they license third party companies to transmit and store data associated with
the features. Twelve manufacturers replied that they do store information in some of their
vehicles. Only one manufacturer stated that they dont collect such data and three didnt respond.
This indicates that an overwhelming majority of vehicles collect driving history information.
Only eight manufacturers stated that they transmit and store driving history data in a server off
board the vehicle, while the other four stated they dont. This reveals that a majority of vehicle
manufacturers offer features that not only record but also transmit driving history wirelessly to
themselves or to third parties.
I: Image of Argus cyber security
Argus cyber security provides a comprehensive cyber security solution suite for automobiles to
prevent the next massive cyber recalls. Argus also states Argus Cyber Security helps the

automotive industry promote innovation and vehicle connectivity by mitigating the rising risk to
human lives and property. Argus provides carmakers a unique intrusion prevention system which
prevents all vehicles critical components from being hacked in real time. The system also
generates reports and alerts for remote monitoring of a vehicles cyber health and is an
automotive cyber security pioneer enabling carmakers to protect technologically advanced
connected vehicles from current and future malicious attacks.

Work Citied
WWW. MARKEY.SENATE.GOV
http://www.jdsupra.com/legalnews/potential-for-hacking-into-cars-puts-dri
http://www.waaytv.com/tech_alabama/u-s-senator-your-car-can-be-hacked/article
http://argus-sec.com