Location data about drivers is continually sent to manufacturers, which allows navigation systems to update users on traffic and weather conditions and offer other services such as remote payment for parking.
Other examples of vehicle vulnerabilities include:
- A 92-page report revealing "the 20 most hackable cars" that was presented last year at the Black Hat security conference in Las Vegas by two industry experts.
- A device built by a 14-year-old to wirelessly communicate with a vehicle's controller area network (CAN) and remotely control non-safety related equipment such as headlights, window wipers and the horn. (He was also able to unlock the car and engage the vehicle's remote start.) The device was publicized at the CyberAuto Challenge in Columbus, Ohio.
At least one lawsuit has already been filed against automakers, claiming they have failed to take basic measures to secure their vehicles from hackers.
The SPY Act would address cybersecurity standards to help prevent hacking into vehicle controls systems and data security concerns to help ensure all collected information would be secured from unwanted access while stored on-board, in transit, and stored off-board.
The legislation also calls for vehicles to be equipped with technology that can detect, report and stop hacking attempts in real time. And it calls on the FTC to develop privacy standards on the data collected by vehicles, including transparency, so that owners are explicitly aware of any data collection. Owners would be able to opt out of data collection by automakers and others.
Sign up for CIO Asia eNewsletters.