Major car makers sued for allowing vehicles to be hacked

Reuters / Mike Blake
The class action lawsuit against Ford, General Motors and Toyota rests on the fact that they have known for years about the vulnerabilities of their cars due to hacking, but have done nothing about it.

"Toyota, Ford and GM have deliberately hidden the dangers associated with car computer systems, misleading consumers," lead attorney Marc Stanley said.

Today’s cars use electronic control units (ECUs), which are connected to a controller area network, referred to as a CAN or CAN bus. ECUs communicate to the CAN with digital messages, which contain small amounts of data. If a hacker can then send an ECU a so-called CAN packet, they can control the basic functions of the car – including braking, acceleration and steering.

"It's scary to know you could be driving down the highway and a hacker could seize control of your car. Toyota never mentions this risk when extolling its technology to sell you the car,” lead plaintiff Helen Cahen said in her written complaint.

On March 10, she sued the companies for breach of warranty, breach of contract and breach of consumer protection laws.

Cahen’s 343-page lawsuit points to a 2013 study by the US Defense Advanced Research Projects Agency which warned drivers that they are now at the mercy of the code that runs all the electronics in their automobiles.

As such, “unlike when their web browser crashes or is compromised, the threat to their physical well-being is real,” the study reads.

Researchers found that cars could be hacked and controlled remotely in 2011, but auto companies did not address the problem.

Since this information first came to light, car makers have done everything possible to avoid saying if their vehicles are vulnerable or not.

But Massachusetts Senator Edward Markey has started demanding answers.

READ MORE: Death, injury claims from defective GM ignition switch expected to rise

He published a report last month where he revealed answers he had received from 20 car makers over their security and protection measures.

The results show that nearly all modern vehicles have some sort of wireless electronic connection that controls their critical systems, and that protection against hacking is often “inconsistent and haphazard.”

“These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information,” the report reads.