BT tackle 'connected car' security concern

Credit: chrisdorney/Shutterstock.com

The "BT Assure Ethical Hacking for Vehicles" will test "attack surfaces" - the points where a hacker could potentially extract personal information or access a vehicle's software.

Wi-fi, 3G and 4G to communicate data from cars are all high-risk targets and the announcement comes amid growing concern over poor security measures by manufacturers.

Most serious is the potential for physical harm if a car's control systems are hacked and BT aim to find security problems before new vehicles are sold.

But BT admit there's "no such thing as 100% security" and Udo Steininger, Head of Assisted and Automated Driving says the industry will need to join forces with certification bodies to "agree on a common approach to interfaces and security standards for the connected car".

Consumer worry

High profile hacks like those on Sony Pictures Entertainment's email system heighten awareness of potential threats to personal information.

But they've also harmed people's perception of IoT technology; a recent GFI Software survey found 64% of respondents were worried about owning Internet connected home devices.

According to a report by American Senator, Ed Markey, there is good reason to be cautious when it comes to connected cars.

Among car manufacturers he found a "clear lack of appropriate security measures" to protect people against hackers who could take control of a vehicle or collect and use personal information.

He says, "even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected".

Regulating the IoT

There are over 40 million IoT connected devices and Ofcom predict there'll be a more than eight-fold increase by 2022.

As cars become increasingly connected and technology improves, hacking is becoming an important topic for manufacturers and regulators to tackle.

BT use ethical hacking - a standardised method to test systems and imitate hacker attacks.

Vulnerabilities are reported to manufacturers so problems can be fixed before a car is sold, but they also carry out on-going testing for emerging threats.

Ofcom have already identified data privacy and network security as "priority areas", intending to work with industry in the UK and internationally to develop new rules.

They've emphasised an interest in developing regulation alongside the European regulatory body, BEREC.

Providing the right regulations to encourage innovation - specifically connected cars - was a part of the European Commission's "Connected Continent" legislative package.

While there's controversy over how effective this package will be after changes made earlier this year, it's likely the Commission's work on the "Digital Single Market" will continue to address regulation.

Not that connected

In the next 10-30 years, Ofcom want automated "intelligent transport systems": systems that communicate directly with cars, automatically imposing speed limits and redirecting from areas of high congestion.

Of course this innovation will require cars to become much more connected than they are currently, so it's certainly important to begin serious discussions about standardising security now.

But it's not necessary to develop a sudden fear of cars being hacked just yet.

At present, the various software that controls each aspect of a cars' functions are fairly disconnected from each other. And in many cases, hacking requires a very close range or physical connection to a car.

Because of this, it's unlikely a hacker could take down all of a car's systems and cause any real danger - they're not connected enough yet.

And personal information sent from cars to manufacturers is protected by the Data Protection Act 1988.

However, as increased data sharing is vital for new services like intelligent transport systems to function, it's likely more work will need to be done in future to ensure consumers' privacy remains protected.

Remote unlocking

Most of the immediate problems are more about the potential for hackers to break into cars.

Earlier this year ethical hackers at German driver association, ADAC found a problem with BMW's ConnectedDrive software, which can unlock a car via a smartphone.

Understandably, they provide little detail of exactly how it was done, but say a hacker managed to exploit the software and unlock a car remotely.

The issue was easily fixed when BMW rolled out a software patch to affected cars.

In this case at least, ethical hacking was vital for finding a problem before the hack could be used maliciously.

And even if it had been exploited, a hacker would still have required the owners' car key to start the car.

As car software becomes more connected - in a driverless vehicle for example - the danger to consumers is set to become more serious. Until then, it's not really so bad as Markey makes out.