Smart Cars, Hacking, and the Legislation Behind It All
By John Atienza on March 4, 2016
US SPY Car Act of 2015: https://www.congress.gov/bill/114th-congress/senate-bill/1806/all-info
Veracode recently reported on the need of the automobile industry to secure their smart car systems. 50% of the people they polled (1,072 drivers in the UK and Germany) were very concerned about the security of their smart car on board systems. It has been found that certain vulnerabilities could give hackers access to steering, breaks, cruise control, and other functions. A large portion of the drivers believe that car manufacturers should be held liable for their safety in smart cars. The problem is that with the introduction of apps for infotainment, there is also an introduction of security vulnerabilities which could affect the safe operation of smart vehicles. Another concern drivers had with smart cars is privacy. GPS logs, favorite gas stations, SMS messages, and other private information could technically be gathered via a compromised system. As for right now the only thing manufacturer’s are trying to ensure is the separation of infotainment from the cars vital operational controls. Threatpost states that the automobile industry is three years behind in terms of securing smart cars from malicious threats.
There has to be certain controls put in place to protect the driver’s safety and privacy. In the US there is a proposed piece of legislation called the Security and Privacy in Your Car Act or SPY Car Act of 2015. This legislation directs the National Highway Traffic Safety Administration and the Federal Trade Commission to establish federal security and privacy standards for connected cars. This bill also creates an Automotive Cybersecurity Advisory Council to develop cybersecurity best practices for the automotive industry.