To minimize cyber attacks, Senate bill proposes standards for cars

Good news for cars users and bad news for hackers as Senators
Ed Markey and Richard Blumenthal has proposed new legislation that is designed
to require cars sold in the United State to meet certain standards of
protection against digital attacks and privacy.
It is said that the new privacy standards would govern data
collected from vehicles under proposed legislation introduced in the U.S.
Senate on Tuesday.
Soon after the WIRED revealed that two security researchers (Charlie
Miller and Chris Val) have developed and plan to partially release a new attack
against hundreds of thousands of Chrysler vehicles that could allow hackers to
gain access to their internal networks, the U.S. government  has planned to come up with the legislation to
increase the security in vehicles.
According to a new report posted on Wired, “Drivers
shouldn’t have to choose between being connected and being protected,” Markey
wrote in a statement. “Controlled demonstrations show how frightening it would
be to have a hacker take over controls of a car. We need clear rules of the
road that protect cars from hackers and American families from data trackers.”
As per the proposed legislation, data stored in the car
should be secured to prevent unauthorized access and vehicles will also have to
detect, alert and respond to hacking attempts in real time.
Similarly, National Highway Traffic Safety Administration
(NHTSA)will develop new privacy standards under which vehicle owners will be
made aware of what data is being collected, transmitted and shared.
“Owners will be offered the chance to opt out of such data
collection without losing access to key navigation or other features where
feasible,” the news report read.
The increasing hacking attacks against vehicles said to be
the reason behind the proposed law.
Earlier this year, BMW fixed a vulnerability in its
connected drive system that allowed an attacker to remotely unlock a car. It
had not enabled encryption on its servers, allowing an attacker to mimic the
server and send a lock or unlock command to a car. The fix was as simple as
enabling HTTPS, but 2.2 million cars had to be upgraded.

Leave a Reply