Good news for cars users and bad news for hackers as Senators Ed Markey and Richard Blumenthal has proposed new legislation that is designed to require cars sold in the United State to meet certain standards of protection against digital attacks and privacy.
It is said that the new privacy standards would govern data collected from vehicles under proposed legislation introduced in the U.S. Senate on Tuesday.
Soon after the WIRED revealed that two security researchers (Charlie Miller and Chris Val) have developed and plan to partially release a new attack against hundreds of thousands of Chrysler vehicles that could allow hackers to gain access to their internal networks, the U.S. government has planned to come up with the legislation to increase the security in vehicles.
According to a new report posted on Wired, “Drivers shouldn’t have to choose between being connected and being protected,” Markey wrote in a statement. “Controlled demonstrations show how frightening it would be to have a hacker take over controls of a car. We need clear rules of the road that protect cars from hackers and American families from data trackers.”
As per the proposed legislation, data stored in the car should be secured to prevent unauthorized access and vehicles will also have to detect, alert and respond to hacking attempts in real time.
Similarly, National Highway Traffic Safety Administration (NHTSA)will develop new privacy standards under which vehicle owners will be made aware of what data is being collected, transmitted and shared.
“Owners will be offered the chance to opt out of such data collection without losing access to key navigation or other features where feasible,” the news report read.
The increasing hacking attacks against vehicles said to be the reason behind the proposed law.
Earlier this year, BMW fixed a vulnerability in its connected drive system that allowed an attacker to remotely unlock a car. It had not enabled encryption on its servers, allowing an attacker to mimic the server and send a lock or unlock command to a car. The fix was as simple as enabling HTTPS, but 2.2 million cars had to be upgraded.