Did Markey Miss the Mark on Vehicle Hacking?

The staff of Edward J. Markey, U.S. Senator for Massachusetts, issued a report on February 10, 2015, called “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” which is available at http://www.markey.senate.gov/imo/media/doc/2015-02-06_MarkeyReport-Tracking_Hacking_CarSecurity%202.pdf

It’s certainly acceptable to discuss the issue of how auto companies are collecting data about your vehicle and its whereabouts and what they are doing with that information, but it’s not so reasonable to imply that this is somehow a new phenomenon. General Motors’ OnStar system has been available since 1996. Congress, where have you been for 20 years? Why did it take so long for politicians to raise this issue? And it’s not even the most important issue of vehicle safety, which is safety and which Markey’s report hardly mentions.

Anyone who is somewhat familiar with the OnStar system knows that it collects detailed data about your vehicle whenever you are on the move—GM sends you emails each month regarding the status of many aspects of your car, such as when you need an oil change, if your tire pressures are too low, and the like, and when you access the OnStar navigation service via a human operator, they certainly know your location and where you hope to go.

If you are unfortunate enough to be in an accident, OnStar will automatically call the police and ambulance and direct them to you, which can be life-saving if you are unable to make such a call yourself. Only beware of power outages … the OnStar system does not operate if your car battery is dead (from personal experience) or connection to the battery is interrupted. As an aside, when I called the OnStar operator to report the dead battery, she said that she was unable to locate my vehicle. Of course, she couldn’t … the battery was dead … the GPS wasn’t operating! Haven’t they heard of battery backup?

The location tracking is also very helpful if your vehicle has been stolen, since OnStar can locate your vehicle and use the brakes to force it to an orderly halt. Also, it is not surprising to learn that OnStar operators are capable of monitoring private conversations … but aren’t we assured that they don’t? In fact, the FBI and other police agencies have tried to get permission to listen in on passengers’ conversations, but were prevented from doing so … as described in Declan McCullagh’s November 19, 2003 article “Court to FBI: No spying on in-car computers,” which is available at http://news.cnet.com/Court-to-FBI-No-spying-on-in-car-computers/2100-1029_3-5109435.html And there was a recent report that DARPA was able to demonstrate that it could hack into OnStar and “take over several functions, including the brakes.” See Gary Gastelu’s February 9, 2015 article “GM working to close OnStar security hole dug up by DARPA,” at http://www.foxnews.com/leisure/2015/02/09/gm-closing-onstar-security-hole-uncovered-by-darpa/ Gastelu’s article refers to a cyber security segment on CBS’s “60 Minutes” aired on February 8, 2015 in which Dan Kaufman of DARPA demonstrates hacking into OnStar. If you get to see the video, watch how CBS reporter Lesley Stahl starts out laughing as Kaufman turns on the windshield wipers and blows the horn. Then, see how laughter turns to fear as Kaufman deactivates the brakes. It’s no joke.

By the way, one of the most popular OnStar features has been the ability to unlock your car if you left your keys inside, although this service is becoming less useful with the transition to proximity fob controls. Now anyone can unlock your car if you left the fob inside. Actually, the system won’t let you lock the car if you didn’t pocket the fob, but, if you’re in a hurry, you just might not notice that the car is unlocked.

In any event, it comes down to the usual tradeoff between features and privacy … and features usually win. On the other hand, if it’s features versus safety, safety should win.

So why do I think the MA senator missed the mark? If you read through the report, there is scant reference to what I believe to be the real issue (briefly mentioned on page 5), namely, the potential for hackers to gain control of the vehicle’s steering, braking, acceleration, gauge readings, and the like. That is where the real danger lies. If you watch the video of researchers fooling around with a car’s acceleration, braking, steering and controlling the speedometer, which is available at http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/  you will soon see how vulnerable modern automobiles might be. To some it may be funny (the researchers can’t stop laughing), but to most of us it would be startling. Imagine how this could all play out with fully autonomous vehicles, the so-called driverless cars.

Post a Comment

Your email is never published nor shared. Required fields are marked *