BT launches new service to tackle connected car security

As we move deeper into the world of the Internet of Things, and the likes of connected vehicles, there are plenty of worries on the security front about how all these new devices might be exploited – a possibility which BT, for one, is taking seriously.

Indeed, BT has just announced that it’s working on security for the connected car, with the launch of a new BT Assure Ethical Hacking for Vehicles service.

The idea of this is to determine what sort of exposure and danger the connected car might have when it comes to cyber-threats, and to develop appropriate counter-measures.

Threats range from the simple stealing of data related to car systems, through to potential hazards such as the remote hijacking of a vehicle – something the FBI has been concerned about in the past ever since self-driving cars entered testing, relating to potential ‘bombs on wheels’ scenarios.

BT’s ethical hackers will be subjecting cars to a range of tests probing Bluetooth links, USB ports, DVD drives, 3G (or 4G) mobile links and so forth, looking at end-to-end security and picking out potential vulnerabilities.

Hubertus von Roenne, Vice President Global Industry Practices at BT Global Services, commented: “Vehicles are now connected devices, confronting manufacturers and suppliers with a whole new world of security challenges. For example, we have seen cars infected with malware while connected to a power charging station – because nobody had expected this would be possible.

“We use the expertise and knowledge of our Ethical Hacking consultants to identify these vulnerabilities – before others do. BT has decades of experience in securing connected devices and embedded systems across various industries and we are very proud to now offer that experience to the automotive industry.”

Udo Steininger, Head of Assisted and Automated Driving at TÜV SÜD, added: “The industry needs to join forces, including with suppliers, IT security specialists and certification bodies, to agree on a common approach to interfaces and security standards for the Connected Car.”

UPDATE: Roy Tobin, threat researcher at Webroot has offered the following comment: "This is an extremely timely announcement after the news that a threat researcher was detained by the FBI for tweeting about hacking an aircraft over the weekend. It’s obvious that everyone is taking connected transport and cyber threats extremely seriously right now.

"What is worrying is that in the case of aircraft's and cars the systems that can be accessed by users using Wi-Fi that are supposed to be on isolated networks. Vital systems are supposed to be on a physically different network with no cross-over whatsoever for this exact reason. Aviation manufacturers have been warned about this for years by a number of security experts.

"This move from BT highlights a number of security issues and its one reason why many people are a reluctant to have these systems in their vehicles.

"Some of the more sophisticated cars can be set to start remotely, pre-heat the cabin, activate the lights all from your smartphone. It doesn't take much imagination to realise that this could be hijacked by criminals.

"Any information found by BT needs to be brought to the car manufacturers and actively used to make the car systems more secure. If its brushed under the carpet then this is could have serious implications. I just hope that it won’t take a tragic incident for this issue to be taken seriously."