BT this week launched a new ethical hacking service for connected vehicles, designed to provide industry players with vital intelligence which can be used to fortify systems against cyber attack.
BT Assure Ethical Hacking for Vehicles covers everything from passenger cars to vans, trucks, buses and any commercial vehicle which might be fitted with advanced connectivity and computing capabilities.
These technologies have provided a slew of new systems designed to improve road safety, vehicle efficiency and passenger/driver comfort including infotainment, safety monitoring, and carbon emission reduction.
However, alongside their numerous benefits, these systems have also exposed vehicle owners and manufacturers to the risk of being attacked by cyber-criminals, BT claimed.
Security is therefore vital to ensure such systems can’t be hacked, either to remotely hijack a vehicle or use data on driver habits for commercial purposes.
The new BT service will follow the usual parameters of 'ethical hacking' – that is, imitating hackers to provide vital information on where vulnerabilities in vehicle systems lie and how they can be remediated.
The telecoms giant said it will offer the service to manufacturers, insurance companies and other industry players so that vehicles can be fortified against cyber-attack before they hit the road.
Ongoing support is also available to keep vehicles secure throughout their lifetime, BT added.
Tests will apparently cover internal and external interfaces including USB ports, power plugs and DVD drives; and any other systems that interact with the car and could introduce malware, such as engineers’ laptops.
"Vehicles are now connected devices, confronting manufacturers and suppliers with a whole new world of security challenges. For example, we have seen cars infected with malware while connected to a power charging station – because nobody had expected this would be possible,” said Hubertus von Roenne, VP of global industry practices at BT Global Services.
“We use the expertise and knowledge of our Ethical Hacking consultants to identify these vulnerabilities – before others do. BT has decades of experience in securing connected devices and embedded systems across various industries and we are very proud to now offer that experience to the automotive industry.”
Roy Tobin, threat researcher at Webroot, claimed that “everyone” is taking cyber threats in connected vehicles extremely seriously today.
“This move from BT highlights a number of security issues and it’s one reason why many people are a reluctant to have these systems in their vehicles,” he added in a statement.
“Some of the more sophisticated cars can be set to start remotely, pre-heat the cabin, and activate the lights all from your smartphone. It doesn't take much imagination to realize that this could be hijacked by criminals.”