U.S. Senate’s New Cybersecurity Bill Could Make Connected Cars Safer
The bill aims to address vulnerabilities in the “Internet of Things.”
As the House of Representative ponders new legislation for self-driving cars, the U.S. Senate is looking at possible cybersecurity regulations that could address issues with connected cars and the fear of car hacking. A new Senate bill aims to enact stricter security protocols for the array of connected devices that comprise the so-called "Internet of Things," including cars. Put forward by a bipartisan group of senators, the bill is one of the first major legislative steps to address security vulnerabilities in consumer products.
According to Reuters, the bill would require companies to provide Internet-connected devices to the federal government to determine whether they are patchable, and whether they meet other cybersecurity requirements. It would also prohibit companies from selling products with unchangeable passwords, or that possess known security vulnerabilities.
The bill would also expand legal protections for cybersecurity researchers working in "good faith." These researchers often hack consumer products to expose vulnerabilities and bring them to the attention of manufacturers. Such research was demonstrated in dramatic fashion in 2015, when white hat hackers Charlie Miller and Chris Valasek digitally cracked into a Jeep Cherokee through its infotainment system. Fiat Chrysler Automobiles subsequently issued a software update to address the vulnerability.
Vehicles were previously insulated from hacking because any computer-controlled systems were not accessible through the Internet. But the onrushing age of automotive connectivity has changed that; as automakers continue to pile on connectivity features, they increase potential routes of attack for hackers. Over the past couple of years, both Nissan and General Motors have had to address security issues with their telematics systems. Likewise, in two recent cases, thieves in San Diego and Houston allegedly stole Jeeps off dealer lots by hacking into them using laptops.
The trend toward cars with Internet connections may be unstoppable; automakers view it as essential to winning attention from consumers enamored with smartphones, and it allows software-based systems to be updated without bringing vehicles into dealerships. That being the case, strong regulations will be necessary in order to keep companies from introducing insecure systems to cars.
MORE TO READ
Famed Jeep Hackers Charlie Miller, Chris Valasek Join GM’s Cruise Automation
The two cybersecurity experts leave Uber and Didi Chuxing behind for General Motors’s self-driving car division.
Automatic Car Washes Can Be Hacked to Trap, Attack Drivers Inside, Researchers Say
A scary possibility in a connected future.
Can We Please Stop Pretending Car Hacking Is a Grave Threat?
The Egyptians had “hackers,” too.
The Jeep Hackers Are Back, and They’ve Come for Your Steering Wheel
Duo renowned for hacking a Cherokee in 2015 is at it again.