Automakers Slow To Address Cybersecurity Vulnerabilities

Automobile manufacturers have built security vulnerabilities into their vehicles that could cost them billions in judgements and privacy violation fines. A team of researchers found that hackers could access personally identifiable information, lock owners out of their vehicles, and in some cases take over starting and stopping the vehicle’s engine. Vulnerabilities across automakers’ internal applications and systems exposed by a proof-of-concept hack allowed commands to be sent using only the vehicle identification number, which can be seen through the windshield outside the car. A BMW Group spokesperson told Dark Reading, where the article about the flaws appeared, that the vulnerability mentioned in the report was discovered in November, processed according to BMW’s bug-bounty program, and resolved before vehicle-related IT systems were compromised. Experts quoted said variously that security vulnerabilities have been an issue in the industry for some time but automakers have been slow to recognize the potential severity of the developments, and as automakers develop more complex systems that connect customers with application stores and their smartphones, the stakes are raised. “The more the vehicle takes over driving, then of course the more chances there are that this can be used against the customer and against the automaker. It hasn’t happened yet, but it could very well happen in the future,” says one.