Move comes as IT magazine details successful remote hack of a Jeep on the road
Just as autonomous vehicle developments are making headlines in the United States and Australia, another example of vehicle information technology’s vulnerability to hacking has emerged.
Tech publication Wired has related the efforts of security researchers to control the behaviour of a Jeep Cherokee while it was on the road.
Writer Andy Greenberg notes that, two years ago, the same researchers had gained access to a vehicle’s electronically controlled systems through an onboard diagnostic port.
This time they were able to do so remotely.
Coincidentally, US senators Ed Markey and Richard Blumenthal have introduced the Senate the Security and Privacy in Your Car Act of 2015 (SPY Car Act) to amend Title 49 of the US Code of Federal Regulations, which covers transportation and related security.
The Act seeks to mandate in two years’ time “cybersecurity standards for motor vehicles”.
“All entry points to the electronic systems of each motor vehicle manufactured for sale in the United States shall be equipped with reasonable measures to protect against hacking attacks,” it states.
If passed, it would see:
- isolation measures to separate critical software systems from noncritical software systems
- evaluation for security vulnerabilities following best security practices, including appropriate applications of techniques such as penetration testing
- protection for data collected by inbuilt electronic systems either on-board, transmitted or stored elsewhere
- capabilities to immediately detect, report, and stop attempts to intercept driving data or control the vehicle.
While the move is aimed at carmakers and focused on privacy as much as security, the senators, both Democrats, mention developments that have made their mark in trucks.
Markey speaks of “minimum standards and transparency rules to protect the data, security and privacy of drivers in the modern age of increasingly connected vehicles”, while Blumenthal mentions the need for protection “against cybercriminals who exploit exciting advances in technology” such as self-driving and wireless connected vehicles.
The latest development came as media excitement about the potential to hack aircraft had begun to settle down.
That coverage tapped into growing concern in IT circles about the adequacy of defences in what is called ‘the internet of things’.