L.A. Auto Show: Hackers Now Targeting Cars and Driver Data

hacking auto dataBack in the day, car thieves used muscle and crowbars to wreak havoc on cars. Now, the worst threat could come from keyboards and clicks.

Source: Source: LA Times | Published on November 20, 2014

auto insurance premiums fanning inflation

Automakers have launched an effort to improve coordination among themselves to combat hackers who are moving from computers and smartphones to increasingly tech-laden cars.

The future of transportation is all about connections -- to the Internet, to other cars and more, experts at the L.A. Auto Show said Tuesday. Connectivity is key to enabling a future with self-driving cars, among other advances in transportation.

The problem is that people with malicious intent want to take advantage of those connections.

This month, for example, security researchers in Israel said they were able to unlock doors and change readings on the dashboard by exploiting a flaw in an aftermarket device connected to a car. The device, called a Zubie, allows drivers to save information online about their car's condition.

As automakers ramp up their defenses to hacking, they have to be looking at multiple fronts. There's the car itself, the devices a user brings into a car and online storage spaces where companies are storing data about drivers, their driving and their vehicle.

"No one should know who you are, where you drove," said Gil Litichever, chief executive of Arilou Information Security Technologies. "By no means should the cloud be the only defense line."

Last week, Global Automakers and the Alliance of Automobile Manufacturers announced a pledge to be transparent about the data they collect, how they protect the data and how the data are used (including when they might share it with law enforcement).

The groups are also building a program so automakers can share cybersecurity information with others in the industry.

It's part of a culture change that will bring them more in line with Silicon Valley technology companies, said Chris Valasek, director of vehicle security intelligence at cybersecurity firm IOActive.

For example, if Valasek finds a bug in a smartphone app, reporting it to the developer is as simple as emailing "security@whoever.com" in most cases, he said.

"For vehicles, you don't know who to talk to as an outsider yet," he said.