As telematics systems become part of, and evolve into, a “connected car” ecosystem in new automobiles, consumer privacy and technology security advocates have begun ringing alarm bells about the new vulnerabilities these systems represent.
A mix of telematics and other types of connectivity solutions have emerged – dongle-based third-party systems, usage-based insurance (UBI) solutions, smartphone-connected systems, and increasingly advanced (and proprietary) OEM systems. If not properly secured, these systems could be used by hackers to gain access to drivers’ personal information or payment data, or (in a worst-case scenario) gain control of systems within the vehicle itself.
“This isn’t just security on a phone connected to a vehicle, but the security of the over-the-air updates the manufacturer issues, or security of the data being collected when the car transmits to the cloud,” says Christina Segal, vice president and general manager of connected vehicle systems at Honeywell. Honeywell recently partnered with LG Electronics to develop a cybersecurity solution for connected vehicles. The solution could detect anomalies that indicate an intentional hack of a vehicle while protecting in-vehicle network traffic.
Automotive OEMs are increasingly using security concerns as a justification for further lock down of their own telematics systems and access to vehicle data via OBDII ports. In the “Cybersecurity for Modern Vehicles” guidance that the National Highway Traffic Safety Administration (NHTSA) issued recently, limiting third-party device access to vehicle systems was listed as a best practice.
That type of limitation is a threat to aftermarket companies that want continued access to vehicle data, and worry that OEM telematics systems will increasingly be used to control vehicle data and drive more repair business to dealerships.
The Auto Care Association and other industry organizations are working together to develop alternatives that would ensure aftermarket access to vehicle data.
For example, the industry successfully lobbied to have language supporting open access inserted into the AV START Act, a bill targeted at promoting safe development of self-driving cars. Senator James Inhofe (R-Okla.) added an amendment to the bill that requires the Department of Transportation to convene a federal advisory committee to provide recommendations on “with respect to the ownership of, control of, or access to, information or data that vehicles collect, generate, record, or store in an electronic form that is retrieved from a highly automated vehicle or automated driving system.”