SBIR CONSULTANT BULLETIN – See National Science Foundation Proposal SBIR Topic WT1 on Smart Vehicles for Potential Bidding Opportunities
According to the Guardian, “The FBI believes the “game changing” vehicle (i.e., driverless vehicles) could revolutionize high-speed car chases within a matter of years. The report also warned that autonomous cars may be used as ‘lethal weapons'”. This blog post presents findings that support the FBI’s apprehensions. Driverless vehicles could become the weapon of choice for terrorists by eliminating the need for suicide drivers.
Many late model vehicles are equipped with a variety of technologies that support driver assistance, lane position monitoring, emergency braking and infotainment. Some of these subsystems will undoubtedly lead to driverless vehicles that are under development.
According to a report written for Senator Markey (D-MA) , “The proliferation of these technologies raises concerns about the ability of hackers to gain access and control to the essential functions and features of those cars and for others to utilize information on drivers’ habits for commercial purposes without the drivers’ knowledge or consent.”
“Senator Markey sent letters to the major automobile manufacturers to learn how prevalent these technologies are, what is being done to secure them against hacking attacks, and how personal driving information is managed…These letters were sent to16 major automobile manufacturers: BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen (with Audi), and Volvo. Letters were also sent to Aston Martin, Lamborghini, and Tesla, but those manufacturers did not respond.”
Here is a summary of the manufacturers’ responses taken from the Markey Report:
- Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
- Most automobile manufacturers were unaware of or unable to report on past hacking incidents.
- Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.
- Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all.
- Automobile manufacturers collect large amounts of data on driving history and vehicle performance.
- A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.
- Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.
- Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.
SUMMARY: The Markey report noted, “These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information…In response to the privacy concerns raised by Senator Markey and others, the two major coalitions of automobile manufacturers recently issued a voluntary set of privacy principles by which their members have agreed to abide.” It remains to be seen how effective these “voluntary principles” will be.Tags: Driverless Vehicles, FBI, SBIR, Senator Markey