“Controlled demonstrations show how frightening it would be to have a hacker take over controls of a car. We need clear rules of the road that protect cars from hackers and American families from data trackers,” he said.Ken Westin, Senior Security Analyst at Tripwire, explains that a number of security researchers have identified vulnerabilities in vehicles over the past several years. “Although often times the hacks required physical access to or tampering with the vehicle’s firmware and installing additional gizmos manually, they have identified a number of real risks,” he said.
“The bills that Ed Markey and Richard Blumenthal are proposing are a drop in the bucket, which will provide some standards for car manufacturers, but what also needs to happen is for car manufacturers to continually invest in security and identify risk, particularly when introducing new features, as well as provide open channels of communication with security researchers to report vulnerabilities they identify.”Westin adds that car manufacturers also have a challenge with how they update vehicle firmware when a security hole needs to be patched. “Opening the vehicle up to a remote download would increase the risks, so it will be more likely that updates will need to be done at the dealership,” said Westin. This could then raise another potential risk of improperly trained technicians and potentially malicious mechanics, Westin concludes.