In this episode of Security Ledger Podcast (#164): your car is spying on you. But who owns the data it collects? Also: LastPass’s Dan DeMichele joins us to talk about why password security is still so hard.
In-brief: Carnegie Mellon CERT warned drivers that a popular aftermarket product for vehicles could leave them open to potentially “life threatening” wireless attacks. Update: added info on recommended remediation. PFR 4/8/2016
In-brief: the Department of Homeland Security is putting $4 million towards to research projects aimed at securing connected cars. (Updated to add comments from Dan Massey of DHS. – PFR 11/10/2015)
In-brief: Charlie Miller and Chris Valasek, the two researchers who developed a wireless software attack on Fiat Chrysler vehicles, will leave their respective employers to join Uber’s advanced technologies research group, the two announced this week.
A group representing some of the leading foreign automakers who sell in the U.S. released guidelines to protect consumer data collected by in-vehicle technologies and make sure that car owners consent to the collection of everything from geolocation data to biometric identifiers. The group, Global Automakers, represents foreign auto manufacturers and original equipment makers (OEMs). The Privacy Principles document (PDF here) include guidance on issues like transparency, anonymity and security and are intended to set ground rules for the collection and use of driver or owner information by increasingly sensor-rich vehicles. “As modern cars not only share the road but will in the not too distant future communicate with one another, vigilance over the privacy of our customers and the security of vehicle systems is an imperative,” said Global Automakers President and CEO John Bozzella in a published statement. The Privacy Principles are voluntary are are based on the U.S. Federal Trade […]