Why BT's hacking connected cars - before criminals do

Connected cars pose a security risk that needs addressing

Imagine you're in a smart car when it's taken over by hackers - giving you no control over the steering, brakes or even the seatbelt. 

That's the situation BT is trying to avoid with a new security testing service for connected vehicles.

BT Assure Ethical Hacking for Vehicles is targeted at companies developing connected cars as well as those using them.

Advertisement - Article continues below

Connected cars aren't only about driverless vehicles, they also include ones where a driver is still at the wheel but assisted by connected devices that show traffic updates and track routes.

Because such systems are linked via standard connectivity networks like Wi-Fi, 3G/4G or Bluetooth, they're as at risk of being hacked as any mobile device.

"Vehicles are now connected devices, confronting manufacturers and suppliers with a whole new world of security challenges," said Hubertus von Roenne, VP of global industry practices at BT Global Services.

"For example, we have seen cars infected with malware while connected to a power charging station because nobody had expected this would be possible."

BT's ethical hacking service will cover a wide range of vulnerabilities inside a car or other vehicles, including lorries, buses and even bulldozers.

The BT team will look at everything from Bluetooth links, USB ports and DVD drives, as well as external connections such as mobile networks and power plugs. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The ultimate objective is to identify vulnerabilities that would allow unauthorised alteration of configuration settings or that would introduce malware into the car," BT said in a statement. "These remote systems can include the laptops of maintenance engineers, infotainment providers, and other supporting systems."

Hacking cars

As cars become more connected, the threat of hacking increases.

While there's few widely publicised instances of hackers successfully targeting smart cars, plenty of security researchers have achieved it - and that means it's only a matter of time before criminals find a financial motivation and the means to do the same. 

Last year, researchers Charlie Miller and Chris Valasek hacked a Prius, taking control of the brakes, gas gauge, steering wheel, horn and seatbelts, all from a laptop in the backseat of the car. 

You can watch their gleeful video here. The duo also hacked a 2010 Ford Escape, taking control of the engine and lights, and followed that work up with a report ranking the most hackable cars, with the 2014 Jeep Cherokee topping the list

Advertisement - Article continues below

A 2010 report from the University of Washington and UC San Diego revealed there was essentially nothing electronic in a car that couldn't be hacked.

Researchers managed to pop the trunk, disable windshield wipers and fiddle with the accelerator, brakes and engine of a car - all while it was travelling at 40 miles per hour, according to one report.

More recently, BMW rolled out a patch to 2.2 million of its cars in February this year to fix a flaw that could have let hackers open the doors via its ConnectedDrive system.

"It appears the vulnerability revolved around the insecure transmission of data, as the patch rolled out by BMW appears to have enabled HTTPS," noted security analyst Graham Cluley at the time. "Something you would probably have hoped that BMW's engineers would have thought about in the first place."

Security standards

And that's the problem: not enough security is being built into conencted systems - whether they're smart cars, smart homes or other devices making up the Internet of Things (IoT) - and that's worrying experts, who are calling for researchers and car makers to work together on a security standard for smart cars. 

Advertisement - Article continues below

Udo Steininger is Head of Assisted and Automated Driving at TV SD, one of BT's partners for the ethical hacking project. He pointed out that increasing connectivity in cars means drivers "will expect the same usability he is used to from his smartphone". 

"This bears complex challenges for the automotive industry, as cars are equipped with a number of embedded systems that have not been designed to be connected to the outside world," he added.

"The industry needs to join forces, including with suppliers, IT security specialists and certification bodies, to agree on a common approach to interfaces and security standards for the connected car." 

In the meantime, expect more reports of security experts making connected cars bend to their will - and hope hackers don't follow suit before we're ready. 

Advertisement
Advertisement

Recommended

Visit/security/cyber-security/355210/cyber-criminals-torn-over-how-to-adapt-to-post-coronavirus-threat
cyber security

Hackers torn over how to adapt their tactics to the coronavirus pandemic

3 Apr 2020
Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020

Most Popular

Visit/security/cyber-security/355200/spacex-bans-the-use-of-zoom
cyber security

Elon Musk's SpaceX bans Zoom over security fears

2 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020