Why BT's hacking connected cars - before criminals do

Connected cars pose a security risk that needs addressing

Imagine you're in a smart car when it's taken over by hackers - giving you no control over the steering, brakes or even the seatbelt. 

That's the situation BT is trying to avoid with a new security testing service for connected vehicles.

BT Assure Ethical Hacking for Vehicles is targeted at companies developing connected cars as well as those using them.

Connected cars aren't only about driverless vehicles, they also include ones where a driver is still at the wheel but assisted by connected devices that show traffic updates and track routes.

Advertisement
Advertisement - Article continues below

Because such systems are linked via standard connectivity networks like Wi-Fi, 3G/4G or Bluetooth, they're as at risk of being hacked as any mobile device.

"Vehicles are now connected devices, confronting manufacturers and suppliers with a whole new world of security challenges," said Hubertus von Roenne, VP of global industry practices at BT Global Services.

"For example, we have seen cars infected with malware while connected to a power charging station because nobody had expected this would be possible."

BT's ethical hacking service will cover a wide range of vulnerabilities inside a car or other vehicles, including lorries, buses and even bulldozers.

The BT team will look at everything from Bluetooth links, USB ports and DVD drives, as well as external connections such as mobile networks and power plugs. 

"The ultimate objective is to identify vulnerabilities that would allow unauthorised alteration of configuration settings or that would introduce malware into the car," BT said in a statement. "These remote systems can include the laptops of maintenance engineers, infotainment providers, and other supporting systems."

Hacking cars

As cars become more connected, the threat of hacking increases.

While there's few widely publicised instances of hackers successfully targeting smart cars, plenty of security researchers have achieved it - and that means it's only a matter of time before criminals find a financial motivation and the means to do the same. 

Last year, researchers Charlie Miller and Chris Valasek hacked a Prius, taking control of the brakes, gas gauge, steering wheel, horn and seatbelts, all from a laptop in the backseat of the car. 

Advertisement
Advertisement - Article continues below

You can watch their gleeful video here. The duo also hacked a 2010 Ford Escape, taking control of the engine and lights, and followed that work up with a report ranking the most hackable cars, with the 2014 Jeep Cherokee topping the list

A 2010 report from the University of Washington and UC San Diego revealed there was essentially nothing electronic in a car that couldn't be hacked.

Researchers managed to pop the trunk, disable windshield wipers and fiddle with the accelerator, brakes and engine of a car - all while it was travelling at 40 miles per hour, according to one report.

More recently, BMW rolled out a patch to 2.2 million of its cars in February this year to fix a flaw that could have let hackers open the doors via its ConnectedDrive system.

"It appears the vulnerability revolved around the insecure transmission of data, as the patch rolled out by BMW appears to have enabled HTTPS," noted security analyst Graham Cluley at the time. "Something you would probably have hoped that BMW's engineers would have thought about in the first place."

Security standards

And that's the problem: not enough security is being built into conencted systems - whether they're smart cars, smart homes or other devices making up the Internet of Things (IoT) - and that's worrying experts, who are calling for researchers and car makers to work together on a security standard for smart cars. 

Udo Steininger is Head of Assisted and Automated Driving at TV SD, one of BT's partners for the ethical hacking project. He pointed out that increasing connectivity in cars means drivers "will expect the same usability he is used to from his smartphone". 

"This bears complex challenges for the automotive industry, as cars are equipped with a number of embedded systems that have not been designed to be connected to the outside world," he added.

"The industry needs to join forces, including with suppliers, IT security specialists and certification bodies, to agree on a common approach to interfaces and security standards for the connected car." 

Advertisement
Advertisement - Article continues below

In the meantime, expect more reports of security experts making connected cars bend to their will - and hope hackers don't follow suit before we're ready. 

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/strategy/27302/driverless-cars-news/page/0/4
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019
Visit/strategy/27302/driverless-cars-news
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019
Visit/strategy/27302/driverless-cars-news/page/0/3
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019