Fiat Chrysler may not be the only car company with cybersecurity problems.
In a memo posted on its website last week, the National Highway Traffic Safety Administration (NHTSA) – the United States’ top auto safety regulator – said an estimated 2.8 million car audio systems supplied by manufacturer Harman International Industries, Inc. could be vulnerable to the same kind of hacking that led Fiat Chrysler Automobiles to recall a record 1.4 million vehicles on July 24.
The memo is the latest sign that the NHTSA has increased its efforts at cracking down on auto companies, as the agency faces both calls from Congress to be more aggressive in catching car defects and concern from the public that the growing number of Internet-connected cars on the road lack basic security measures.
“There are hundreds of thousands of cars that are vulnerable on the road right now,” Charlie Miller, formerly with the National Security Agency and now with Twitter, told Reuters.
Mr. Miller is one of two hackers who, in a July 21 report for Wired magazine, demonstrated that a Jeep Cherokee could be wirelessly controlled through its radio system. The report led to the Fiat Chrysler recall and drew renewed attention to cybersecurity in the auto industry.
“This is the shot across the bow. Everybody's been saying ‘cybersecurity.’ Now you’ve got to step up,” NHTSA administrator Mark Rosekind told Reuters. “You’ve got to see the entire industry proactively dealing with these things.”
The inquiry into Harman Kardon – which provides sound systems for Mercedes-Benz, BMW, Subaru, and Volvo as well as Fiat Chrysler – opened on July 29 with the goal of determining whether radio systems that the company provided other automakers are open to the same kind of third-party control found in Chrysler’s Uconnect units, according to the memo.
“If sufficient similarities exist, the investigation will examine if there is cause for concern that security issues exist in other Harman Kardon products,” the memo reads.
The evolving relationship between automobiles and technology has the potential to be life-saving, NHTSA officials have said. But as cars increasingly rely on computers, the risk of data breaches rises as well, CNN Money reports.
Some car companies have taken steps to safeguard their own systems, The Christian Science Monitor reported in July.
Ford and Toyota have built protective firewalls built into their hardware and hired teams of hackers to hunt for weak spots. Toyota has also installed chips in cars’ computers to narrow communication and bolster safety.
Tesla has a 'responsible disclosure' program that gives hackers incentives to disclose their findings with the company.
The government is addressing the issue as well. Massachusetts Sen. Edward Markey (D) and Connecticut Sen. Richard Blumenthal last month introduced a bill that would direct the NHTSA and the Federal Trade Commission to establish federal standards around car security and driver privacy.
“Drivers shouldn’t have to choose between being connected and being protected,” Sen. Markey said in a statement. “We need clear rules of the road that protect cars from hackers and American families from data trackers.”