Who has access to the data from the driver assistance systems?
It is essential that the injured are helped as quickly as possible after a serious accident. As from April 2018 all new cars must be fitted out with an automatic emergency call system (“eCall”). The car automatically sends an emergency call immediately after an accident – with the exact location information. Data protectionists are criticizing the possibilities open for hackers and are challenging the car manufacturers, insurance companies and IT enterprises.
Both possibility and risk
Cars equipped with “eCall” (emergency call) send an emergency call to the nearest emergency call centre in real time using so called “crash sensors”. This is accessible using a standardized Europe-wide number. The emergency call centre gets the exact position of the car per GPS and a microphone and loudspeaker make it possible to speak to the occupants of the car in order to obtain further information about the accident. It is also possible to obtain further necessary information over the rescue sheet to be sent to the rescue services (fire brigade, police).
The “eCall” is an example of how future mobility will be influenced by the networked car. Emergency braking assistance systems with personal recognition and autonomous emergency braking systems, which already belong to the standardized fittings in lorries, could soon markedly reduce the number of serious car accidents. The progressive digitization in the automobile branch should, not only, save human lives but also reduce traffic jams and driving time, help the environment and make car driving altogether more comfortable. BMW, for example, enable their customers to book hotels, order tickets for concerts or call up mails/messages, during the car journey using the infotainment service “connected drive”. Volkswagen also offer an infotainment service.
Safety experts especially criticize the volume of saved vehicle data. Intelligent cars produce an enormous amount of sensitive data concerning driving behaviour, analyse and transmit it – mostly to car dealers. Cars that are networked using intelligent systems such as “connected drive” can contact the garage as to when whichever car goes in for inspection. Other points of intersection, such as satellites or spare part distributors can, under circumstances, obtain access to the data. Altogether up to 100 “mini computers” drive together with the networked car, integrating with their surroundings. Thus a multitude off weak points are offered to free-time hackers and professional criminals. Should they be able to break into the networked car, then they have more than just access to the motor steering and brakes. Using the infotainment system they have access to the driver’s smartphone, can start downloads, play the damage programme or steal credit card details.
Access points for hackers
1. The external points of attack of a car:
* The car manufacturers: The concerns use large data centres which store wireless communication information from the cars and, to some degree, transmit this to partner business concerns.
* Garages: They use software on the car and receive data using the diagnosis equipment. The firms can be infected by damaged software over mail or datasticks.
* Spare part dealers: Hackers can infiltrate criminal programme codes into the electronically steered elements. This is particularly relevant for spare parts that have been on the market somewhat longer.
* Satellites: The car manufacturers connect with their car fleet, asking for location and vehicle data. In this way the emergency “eCall” is connected per satellite to all new cars.
2. Internal points of attack of a car:
* Infotainment systems: All data runs via internet – when passengers are listening to music, for example, receiving mails or making a booking.
* Brake systems: Networked cars inform each other when a braking manoeuvre is made to avoid accidents – hackers can infiltrate here, too.
* Drive: Some criminals have already managed to externally take control of the acceleration.
Challenges for the car industry
Most car manufacturers have declared that they have eliminated all safety loopholes as far as cyber attacks are concerned. In reality, most of the recent developments in the assistant systems and smartphone applications have shown grave safety faults in the programming. The challenge facing the car manufacturers of the future is to reach the minimal standards set by the law – regular updates for electronic parts, for example. Until now the car manufacturers have only exchanged a part of the car electronics when changing a car model. Instruments with no immediate effect on the driving experience or the optical appearance continue to be fitted when their operational software is outdated. The digital danger defence should be the manufacturers’ top priority. One well-known manufacturer has already engaged professional hackers who specifically attack new systems and products in order to discover potential weaknesses.
Who does the data belong to?
The rights to the data are another problem area. According to the guidelines, given by the data protection laws in Germany, the driver or the vehicle owner has the right of self-determination over the individual data produced in the car. In the past the manufacturers have sometimes taken the stance that the data stored in the car only dealt with car and not driver related data so that the driver had no rights over the data. In the case of “eCall” the system is only permitted to send the accident car’s location data in an emergency. The driver must specifically agree to data transmission at the initial switching on of the engine. The transmitted data may only be used for rescue purposes and may not be given to third parties or used for other purposes. Over and above this, different voives, such as the ADAC/AA or the central federation for consumers, demand that it should be possible to switch off the “eCall” function and that the driver should have self-determination over data transmission. Car manufacturers should be forced to install an “open view point”. In this way the drivers could freely decide to whom their vehicle data is transmitted.
Text source: www.polizei-dein-partner.de,
Fotos: karneg / 123RF Lizenzfreie Bilder, mikkolem / 123RF Lizenzfreie Bilder