Skip to main content
Canada’s most-awarded newsroom for a reason
Enjoy unlimited digital access
$1.99
per week
for 24 weeks
Canada’s most-awarded newsroom for a reason
$1.99
per week
for 24 weeks
// //

An eight-inch LCD touch screen with MyFord Touch is available on some models.

Auto makers are cramming cars with wireless technology, but they have failed to adequately protect those features against the real possibility that hackers could take control of vehicles or steal personal data, according to an analysis of information that manufacturers provided to a senator.

Sen. Edward Markey, D-Mass., asked auto makers a series of questions about the technologies and any safeguards against hackers built into their vehicles. He also asked about how the information that vehicle computers gather and often transmit wirelessly is protected.

Markey posed his questions after researchers showed how hackers can get into the controls of some popular cars and SUVs, causing them suddenly to accelerate, turn, sound the horn, turn headlights off or on and modify speedometer and gas-gauge readings.

Story continues below advertisement

The responses from 16 manufacturers "reveal there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information," a report by Markey's staff concludes.

Today's cars and light trucks typically contain more than 50 electronic control units — effectively small computers — that are part of a network in the car. At the same time, nearly all new cars on the market today include at least some wireless entry points to these computers, such as tire pressure monitoring systems, Bluetooth, Internet access, keyless entry, remote start, navigation systems, WiFi, anti-theft systems and cellular-telematics, the report said. Only three automakers said they still have some models without wireless entry, but those models are a small and declining share of their fleets.

"Drivers have come to rely on these new technologies, but unfortunately the automakers haven't done their part to protect us from cyberattacks or privacy invasions," Markey said in a statement.

Among the report's findings:

— Most manufacturers said they were unaware of or unable to report on past hacking incidents. Three automakers declined to answer the question. One auto maker described an app designed by an outside company and released for Android devices that could access a vehicle's computer network through the Bluetooth connection. A security analysis didn't indicate any ability to introduce malicious code or steal data, but the auto maker had the app removed from the Google Play store as a precautionary measure.

— Each manufacturer is handling the introduction of new technology in very different ways, and for the most part these actions are insufficient to ensure security. Hackers can get around most security protections cited by manufacturers, according to the security experts Markey consulted.

— Only one manufacturer appeared able to detect a hacking attempt while it was happening and only two described credible means of responding to such intrusions in real time. Information from most auto makers indicated they wouldn't know about a hacking attempt unless data from the vehicle's computers was downloaded by a dealer or at a service centre.

Story continues below advertisement

Most new cars are also capable of collecting large amounts of data on a vehicle's driving history through an array of pre-installed technologies, including navigation systems, telematics, infotainment, emergency assistance systems and remote disabling devices that allow car dealers to track and disable vehicles whose drivers don't keep up with their payments or that are reported stolen, the report said.

Half the manufacturers said they wirelessly transfer information on driving history from vehicles to another location, often using third-party companies, and most don't describe "an effective means to secure the data," the report said.

Manufacturers are also using personal vehicle data in various and often vague ways to "improve the customer experience," the report said. Policies on how long they store drivers' information vary considerably. Customers often are not made aware explicitly of the data collection and, when they are, they frequently cannot opt out without disabling valuable features like navigation.

Last November, 19 auto makers accounting for most of the passenger cars and light trucks sold in the U.S. agreed on a set of principles to protect motorists' privacy. The voluntary agreement was aimed in part at heading off possible legislation. Markey has said voluntary efforts don't go far enough.

The auto industry is also in the early stages of establishing a voluntary information sharing and analysis centre or other comparable program about existing or potential cyber-related threats. "But even as we explore ways to advance this type of industrywide effort, our members already are each taking on their own aggressive efforts to ensure that we are advancing safety," the Alliance of Automobile Manufacturers said in a statement.

The Society of Automotive Engineers also has established a security committee that is evaluating the vulnerability of cars to hacking and is drafting "standards and best practices to help ensure electronic control system safety," the alliance said.

Story continues below advertisement

The Association of Global Automakers, another trade association, said the responses provided to Markey are many months old and don't reflect extensive discussions between the industry and federal technology experts aimed at improving the industry's understanding of cyber threats.

The manufacturers who replied to Markey are BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen-Audi and Volvo. Three other automakers — Aston Martin, Lamborghini and Tesla — didn't reply to his request for information.

Like us on Facebook

Follow us on Instagram

Add us to your circles

Sign up for our weekly newsletter

Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies