Americans’ interest in Internet-connected cars continues to grow quickly. According to Kelley Blue Book, 42 percent of the Americans responding to a recent survey support efforts to make cars even more connected. Furthermore, 60 percent of Millennials responding to the survey are in favor of cars being even more connected. At the same time, 62 percent of the respondents fear cars in the future will be easily hacked.
I found the answer to a follow-up question surprising, and yet, considering consumers’ attitude toward protecting their phones and computers from cyber hackers, perhaps it shouldn’t be unexpected. That response is that only 13 percent of the respondents said they would never use an app if it increases the potential for their vehicle to be hacked.
In a recent panel discussion about vehicle cyber vulnerabilities, Karl Brauer, a senior director with Kelley Blue Book, further explained that soon, all new cars will be connected, a USA Today article reports. The bad news, he continued, is that if a car has GPS or Bluetooth access or a WiFi hotspot in your car, which is coming soon, then the car is vulnerable to a wide range of hacks.
On the other hand, that fact doesn’t seem to bother U.S. consumers. Indeed, more than 33 percent of the people buying cars have already decided that if a car doesn’t feature the technology they want, they’ll buy a different car, Brauer says. Millennials in particular don’t want to go anywhere without being connected, so auto manufacturers are delivering to that expectation, he says.
Given the growing number of possible entry points for hackers to gain remote access to a connected car, such as through in-car entertainment, navigation and advanced driver assistance systems, I was also intrigued by news of how one auto manufacturer is addressing the growing potential for vehicle hacks. It was widely reported earlier this year that General Motors launched a program to connect the company with white hat hackers. It encourages hackers who find security bugs or vulnerabilities to inform GM through a secure website portal hosted by HackerOne, a venture-backed security startup devoted to helping companies coordinate security vulnerability disclosure with independent researchers.
“If you have information related to security vulnerabilities of General Motors products and services, we want to hear from you,” the page on HackerOne’s website reads. “We value the positive impact of your work and thank you in advance for your contribution.”
According to its terms, GM promises not to sue researchers who submit security-flaw reports as long as they’ve followed some basic rules in their car hacking—such as to not endanger GM customers, violate their privacy or break any laws. Unlike big tech companies such as Google and Facebook, however, GM won’t pay any monetary rewards for those reports, so-called “bug bounties.” Be that as it may, even welcoming outside security research on GM vehicles puts the company one step ahead of its competitors.
“We’re thrilled that a major automotive manufacturer is stepping up to the plate in terms of providing a way for hackers to get in touch with them if they find a security vulnerability,” says Katie Moussouris, HackerOne’s chief policy officer, in a Wired article. “The first step in any vulnerability-handling program is to open the front door.”
The results of the Kelley Blue Book survey and the GM initiative leave me with two questions. The first is, do you have fears about connected cars being hacked? Secondly, what are your thoughts on GM encouraging white hat hackers to search for and report cyber vulnerabilities of new cars?