Report: Cars' Wireless Security Measures 'Inconsistent and Haphazard'

By Steve Anderson
Contributing TMCnet Writer

“Inconsistent” and “haphazard” are two words you seldom want to see in a report, and when the report focuses on the security placed around wireless services, then it only gets worse to see these crop up. That's exactly what Massachusetts Democrat senator Edward J. Markey's office found, and the rest of the report his office issued on the subject only gets worse for wireless systems in cars.

According to the report, nearly every vehicle that uses wireless technology on some level has at least some kind of major flaw in its security, or in its means to protect customer privacy. Perhaps one of the largest such flaws in the system, according to the report, is that the lion's share of automakers don't actually any kind of systems that can respond to breaches in security, or worse, even detect that such a breach is taking place to begin with.

That's telling news in its own right, but it only gets worse; Markey's office revealed that the information going into the report came from 16 different automakers, showing just how widespread the problem actually is. Moreover, that wasn't the only concern that Markey's office revealed; not only were there issues around finding and preventing breaches, there were also some concerns about what automakers specifically are doing in regards to all that information gathered. Apparently, automakers are tracking driver behavior and storing and transmitting that information for later use. The report noted that substantial amounts of data are collected, and customers, by and large, aren't even aware such information is being gathered in the first place, let alone used. The report found fully nine automakers were turning to third-party companies to gather data, and that increased vulnerability still further.

Automakers, in turn, are responding to these concerns, but not in a fashion that would seem to actually reduce concern. Back in November, the Alliance of Automobile Manufacturers and the Association of Global Automakers offered up a new set of privacy principles that were intended to limit the data collected for marketing purposes. However, there were concerns; the principles in question were strictly voluntary, and even the principles themselves called for information to only be collected “...as needed for legitimate business purposes,” a loophole broader than the Lincoln Tunnel itself.

There's little denying that connected cars pose a great opportunity for the future. The idea of tracking driver behavior could lead to tailored insurance policies; why offer a one-size-fits-all package when someone who only drives locally needs so much less coverage than someone who drives nationwide? That could save people quite a sum, and in turn, that money could go back into the economy, which is valuable by any stretch of the imagination. Connected cars help form the basis of self-driving cars as well, and there are few that don't crave that development hitting the market. But it all has to start with connected cars, and as such, there have to be protective measures in place to ensure that not only are customers protected from over-analysis, but also from outside incursion like hackers, a development found to be all too likely with the Progressive Snapshot dongle.

This is a new technology, and new technologies always have a certain amount of issues needing to be worked out. But understanding that also implies that progress is forthcoming, and without protection of data, the use of connected cars will never reach its peak thanks to a pure lack of trust.