Why BT's hacking connected cars - before criminals do

Connected cars pose a security risk that needs addressing

Imagine you're in a smart car when it's taken over by hackers - giving you no control over the steering, brakes or even the seatbelt. 

That's the situation BT is trying to avoid with a new security testing service for connected vehicles.

BT Assure Ethical Hacking for Vehicles is targeted at companies developing connected cars as well as those using them.

Connected cars aren't only about driverless vehicles, they also include ones where a driver is still at the wheel but assisted by connected devices that show traffic updates and track routes.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Because such systems are linked via standard connectivity networks like Wi-Fi, 3G/4G or Bluetooth, they're as at risk of being hacked as any mobile device.

"Vehicles are now connected devices, confronting manufacturers and suppliers with a whole new world of security challenges," said Hubertus von Roenne, VP of global industry practices at BT Global Services.

"For example, we have seen cars infected with malware while connected to a power charging station because nobody had expected this would be possible."

BT's ethical hacking service will cover a wide range of vulnerabilities inside a car or other vehicles, including lorries, buses and even bulldozers.

The BT team will look at everything from Bluetooth links, USB ports and DVD drives, as well as external connections such as mobile networks and power plugs. 

"The ultimate objective is to identify vulnerabilities that would allow unauthorised alteration of configuration settings or that would introduce malware into the car," BT said in a statement. "These remote systems can include the laptops of maintenance engineers, infotainment providers, and other supporting systems."

Advertisement - Article continues below

Hacking cars

As cars become more connected, the threat of hacking increases.

While there's few widely publicised instances of hackers successfully targeting smart cars, plenty of security researchers have achieved it - and that means it's only a matter of time before criminals find a financial motivation and the means to do the same. 

Last year, researchers Charlie Miller and Chris Valasek hacked a Prius, taking control of the brakes, gas gauge, steering wheel, horn and seatbelts, all from a laptop in the backseat of the car. 

Advertisement
Advertisement - Article continues below

You can watch their gleeful video here. The duo also hacked a 2010 Ford Escape, taking control of the engine and lights, and followed that work up with a report ranking the most hackable cars, with the 2014 Jeep Cherokee topping the list

A 2010 report from the University of Washington and UC San Diego revealed there was essentially nothing electronic in a car that couldn't be hacked.

Advertisement - Article continues below

Researchers managed to pop the trunk, disable windshield wipers and fiddle with the accelerator, brakes and engine of a car - all while it was travelling at 40 miles per hour, according to one report.

More recently, BMW rolled out a patch to 2.2 million of its cars in February this year to fix a flaw that could have let hackers open the doors via its ConnectedDrive system.

"It appears the vulnerability revolved around the insecure transmission of data, as the patch rolled out by BMW appears to have enabled HTTPS," noted security analyst Graham Cluley at the time. "Something you would probably have hoped that BMW's engineers would have thought about in the first place."

Security standards

And that's the problem: not enough security is being built into conencted systems - whether they're smart cars, smart homes or other devices making up the Internet of Things (IoT) - and that's worrying experts, who are calling for researchers and car makers to work together on a security standard for smart cars. 

Udo Steininger is Head of Assisted and Automated Driving at TV SD, one of BT's partners for the ethical hacking project. He pointed out that increasing connectivity in cars means drivers "will expect the same usability he is used to from his smartphone". 

Advertisement - Article continues below

"This bears complex challenges for the automotive industry, as cars are equipped with a number of embedded systems that have not been designed to be connected to the outside world," he added.

"The industry needs to join forces, including with suppliers, IT security specialists and certification bodies, to agree on a common approach to interfaces and security standards for the connected car." 

In the meantime, expect more reports of security experts making connected cars bend to their will - and hope hackers don't follow suit before we're ready. 

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/strategy/27302/driverless-cars-news/page/0/4
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019
Visit/strategy/27302/driverless-cars-news
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020