NEW YORK (MainStreet) — Today’s cars ship with big brains. Sensors monitor everything from oil temperature to tire pressure and, on many cars, they can tell you exactly how many miles you can drive before running out of gas. Cars also are networked, and that means their condition and location can, in many cases, be monitored remotely.
“A car now has 30 to 100 computers in it,” said Kelsey Mays, consumer affairs editor at Cars.com.
All of that raises a big scare: could a hacker make that Lincoln Town Car that is ferrying you to Newark Airport do a 360 degree turn at speed on the NJ Turnpike? Could that hacker decide to crash it into a big truck transporting gasoline in an attempt to turn the highway into a bonfire?
Grim, macabre thoughts. Some say they are delusional.
But for now focus on Senator Ed Markey (D-Mass.), who in a February report, made startling claims. His report said: “Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.”
The report added: “Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all.”
And Markey dove into the frightening issue revolving around all the data car companies now are collecting on drivers.
“Automobile manufacturers collect large amounts of data on driving history and vehicle performance,” said the report. And, noted Markey, in most cases there is no simple way to opt out of data harvesting and transmission - often to third parties too - without also opting out of valuable services such as navigation.
Know this: those devices can and do track late night runs to Satin Dolls in Lodi, N.J., the real life locale of the Bada Bing in HBO’s Sopranos. They can track travel to the casino at Mohegan Sun. They can track drives to street corners known to be storefronts for narcotics. They can, in fact, track just about every move, note the speed, and determine whether the driving was erratic? Stow those thoughts.
First off, can cars in fact be hacked? There have been proofs of concept where hackers in fact seized control of a car. But less reported is a fact that eases many worries.
“In every case, for someone to get control of the vehicle, they need to have had physical access to the vehicle,” said Dave Miller, chief security officer for Covisint, a company that manages millions of user identities for connected systems including GM’s OnStar and Hyundai’s BlueLink.
Miller readily acknowledged that successful hacks have taken place -- but only after the criminal had time to physically tamper with the car, typically uploading malware that lets the bad guy seize control. He added: “I don’t want to say we shouldn’t think about this, but the fears are overstated.”
Miller is right. Right now, there is not much reality to worry about when it comes to criminals hacking cars. Can it occur in a lab? Sure. But not so much on city streets, at least not today.
Which brings up Markey’s worry about data privacy. How real is that? Miller insisted that companies like OnStar in fact collect a lot less data than some fear, in part because there are costs involved in the bandwidth to transmit and in servers to store it.
But, said Charles Tendell, CEO of Azorian Cyber Security, a lot of data is in fact flying off cars. The metrics often involve location but can cover many other aspects of the vehicle and its performance. What's more, said Tendell, the data are often not even encrypted. That makes the data easy to grab and also easy to read.
“Markey is chasing something very interesting,” said Tendell.
Know too that matters are going to get a lot worse. Said Mays: “If you are concerned about privacy, be prepared to be much more concerned in five years.” That’s because cars will keep getting smarter and more networked and ever more data will spill out of them.
All this is beginning to frighten you? Join Markey’s club and know that for you the solution is a used car. A 2012 model may do, said Hugh Thompson, chief technology officer at security company Blue Coat.
“There is a lot more connectivity and many more sensors today than there were two or three years ago,” he said.
Cars.com’s Mays is more cautious. He advises going back five to seven years. Buy a 2008, he said, and “they really were pretty unconnected.”
Of course going that route you give up all the cool sensors and navigation; is privacy really worth it? It’s a question we all have to answer for ourselves. But it is a question that needs asking - and answering.
—Written by Robert McGarvey for MainStreet