BT Launches Ethical Hacking Service for Connected Vehicles

By Matthew Broersma

BT said it has launched a security service dedicated to testing “connected vehicles”—including everything from automobiles to bulldozers—using methods that imitate those of malicious hackers.

The service, aimed at industry players, such as manufacturers and insurance companies, highlights the growing anxiety over the security of “Internet of things” devices, as systems ranging from household electronics to industrial equipment are exposed to the risks of the Internet.

Vehicles, such as automobiles, are a particular concern because they contain electronics that may not have been designed with security in mind, according to TÜV SÜD, a Munich-based industrial services organization.

“Cars are equipped with a number of embedded systems that have not been designed to be connected to the outside world,” said Udo Steininger, head of assisted and automated driving at the company, in a statement.

BT said automobile designers require additional expertise in order to ensure their vehicles are secure from the threats posed by greater connectivity.

“We have seen cars infected with malware while connected to a power charging station—because nobody had expected this would be possible,” stated Hubertus von Roenne, vice president global industry practices at BT Global Services. “Vehicles are now connected devices.”

BT called attention to the connectivity options now found in many vehicles, including WiFi, 3G or 4G mobile data links and Bluetooth, which are required by systems such as traffic-prediction, safety monitoring or entertainment services.

“The proliferation of these technologies raises concerns about the ability of hackers to gain access and control to the essential functions and features of those vehicles and for others to use information on drivers’ habits for commercial purposes without the drivers’ knowledge or consent,” BT stated.

Unauthorized Access

The new service, called BT Assure Ethical Hacking for Vehicles, is to target attack vectors both inside and outside the car, including Bluetooth links, USB ports, DVD drives, mobile networks and power plugs, accessed by links including maintenance engineers’ laptops and information or entertainment services providers.

“The ultimate objective is to identify vulnerabilities that would allow unauthorized alteration of configuration settings or that would introduce malware into the car,” BT stated.

Aside from advisory service, BT said it will also offer ongoing support to help defend against newly emerging threats.

A recent IDC study predicted that 90 percent of all IT networks will have an IoT-based security breach within the next two years, although many will be considered only “inconveniences” targeting non-crucial parts of the business.