Two US senators question cybersecurity vulnerabilities of connected cars

Two US senators have raised concerns about the cybersecurity vulnerabilities of internet-connected cars with the country's National Highway Traffic Safety Administration (NHTSA) in a letter dated 22 August. Senators Edward Markey and Richard Blumenthal asked whether the NHTSA has been notified about any malicious hacking attempts on internet-connected cars and how they plan on addressing these cyber risks.

The lawmakers also enquired whether the NHTSA had received any communication from automakers regarding cybersecurity vulnerabilities, saying carmakers including BMW, Chrysler, Daimler, Ford, General Motors (GM), and Tesla have disclosed such vulnerabilities to their investors and shareholders but not their consumers.

"We are concerned about the lack of publicly available information about the occurrence and handling of cyber vulnerabilities in internet-connected cars, and that NHTSA should be aware of these dangers in order to take possible regulatory actions," the senators said.

Significance: The senators were referring to a report by Consumer Watchdog that said safety-critical systems are being linked to the internet without adequate security and with no way to disconnect in the event of a fleet-wide hack. The head unit is connected to the internet through a cellular connection and to the vehicle's controller area network (CAN) buses. This technology, dating to the 1980s, links the vehicle's most critical systems, such as the engine and the brakes.

The report added that the three top-selling carmakers in the US—GM, Toyota, and Ford, representing nearly half the US auto market—will only sell internet-connected cars by the end of this year.

The report also predicted that by 2022, no less than two-thirds of new cars on American roads will have online connections to the cars' safety-critical system, putting them at risk of deadly hacks.

Hacking has become a major headache in the automotive industry. A few years back, hackers were able to remotely disrupt the driving of a 2014 Jeep Cherokee and turn off the SUV's transmission, prompting the US government to introduce security legislation. In 2015, Fiat Chrysler Automobile (FCA) recalled nearly 1.4 million cars in the US to update a software that the automaker claims would insulate these connected vehicles from remote manipulation in the future.

Read more articles like this one. Subscribe to SupplierInsight

The above article is from SupplierInsight by IHS Markit. SupplierInsight provides a wealth of original thought leadership, data, and analysis on a broad spectrum of automotive industry topics and sectors. Content includes news and analysis, topical reports, supplier profiles, and an automaker-supplier relations database across 13 domains. Visit SupplierInsight to view all our offerings.