The Scary Things Hackers Can Do to Your Car

Sen. Ed Markey released a report listing potential risks of wireless car tech.

ByABC News
February 9, 2015, 11:46 AM

— -- Nearly all new cars on the market include wireless technology that make drivers vulnerable to hacking or an invasion of privacy, according to a report released today.

The report, titled "Tracking and Hacking: Security and Privacy Gaps Put American Drivers at Risk," was released by Sen. Edward Markey, D-Mass.

Markey said in his report that he wrote letters to major car manufacturers to try to determine the prevalence of technologies that are intended to improve driver safety and car performance but raise concerns about security.

For the report, he used feedback from the 16 major car manufacturers who responded, including BMW, Chrysler, Ford, General Motors, Honda, Hyundai and Jaguar Land Rover.

As for the security concerns, one expert expressed sentiments similar to Markey's.

"Automobiles have become increasingly more connected, creating both opportunities as well as vulnerabilities, through wireless networks," credit security expert Adam Levin, chairman and founder of IDT911, told ABC News today.

Though Markey and Levin didn't cite actual incidents, here are some things that hackers could do potentially with access to your car and its information:

1. Car movement

In a 2013 Defense Advanced Research Projects Agency (DARPA) study cited by Markey, researchers used a laptop to see how they could control two cars from different manufacturers. They were able to cause the cars to "suddenly accelerate, kill the brakes, activate the horn" and more, according to the report.

Levin said the frightening scenarios of thieves stealing property or exposing drivers and their children to carjacking by unlocking car doors or imprisoning them by locking the doors are within reach. He adds that exposing drivers to accidents is another malicious activity that could happen.

PHOTO: Sen. Edward Markey of Massachusetts released a report on Feb. 9, 2015: "Tracking and Hacking: Security & Privacy Gaps Put American Drivers at Risk."
Sen. Edward Markey of Massachusetts released a report on Feb. 9, 2015: "Tracking and Hacking: Security & Privacy Gaps Put American Drivers at Risk."

2. Modify car indicators

In the same 2013 DARPA study, the researchers could also modify the speedometer and gas gauge readings and control the headlights. Last year, the same researchers analyzed the "hackability" of 21 different car models from 10 manufacturers and found varying levels of security for each car with respect to wireless entry points.

Of the 16 car makers that responded to Markey’s letter, 14 provided the percentage of 2013 model year cars that have wireless entry points and projections for their 2014 vehicles. Eleven of those 14 said 100 percent of their cars have wireless entry points and some cited the federal mandate for tire pressure monitoring systems as the major contributor.

3. Reading data

While car manufacturers sometimes collect data from vehicle technologies to improve safety or the customer experience, others could access driver data for malicious purposes, the report states. The report mentions previous research that shows one can "remotely and wireless access a vehicle's network through Bluetooth connections, OnStar systems, malware in a synced Android smartphone, or a malicious file on a CD in the stereo."

"While I understand that vehicle manufacturers have begun the process of exchanging threat assessments and are communicating more with transportation safety officials, it is critical that we treat this matter with urgency," Levin told ABC News.

PHOTO: A man adjust the volume of a car stereo in this stock image.
A man adjust the volume of a car stereo in this stock image.

4. Finding a driver's location

Markey refers to the increasing use of navigation or other technologies that could be used to record someone's location or driving history.

"A number of new services have emerged that permit the collection of a wide range of user data, providing valuable information not just to improve vehicle performance, but also potentially for commercial and law enforcement purposes," the report states.

5. Disabling a car

Car dealerships and navigation systems providers also use "remote disabling" to track and disable cars if drivers fall behind on payments, or if cars are stolen.

Millions of these devices are on the road, including the PassTime GPS tracker that helped catch Delvin Barnes, accused last year of kidnapping Carlesha Freeland-Gaither of Philadelphia.

Corinne Kirkendall, vice president of compliance and public relations for PassTime, told ABC News in November that the company requires dealers to obtain written consent from drivers acknowledging that the device is on the car and how it is used. All dealers must follow laws regulating the collection of personal information, she said.

Spokesman for the Alliance of Automobile Manufacturers Wade Newton said the trade group hasn’t fully reviewed the report but released a statement that said, “Manufacturers today employ a variety of methods to provide consumers with clear notices of their privacy practices, including through owner’s manuals and company websites.”

“Auto engineers incorporate security solutions into vehicles from the very first stages of design and production – and security testing never stops,” Newton said in the statement.

In January, the alliance, an association of 12 major manufacturers, signed on as a “Champion of Data Privacy Day 2015.”