BT Assure security is launching its “ethical hacking” service to improve connected car security. The service will hack and attack connected vehicles to help automotive players develop security solutions. This is good news, since there has been a rash of key fob hacks in Los Angeles, Toronto and other areas. In fact, Mission Secure remotely hacked a connected car via key fob at 63 meters.
Connected vehicles, cars trucks, buses or even bulldozers can be connected with W-iFi, 3G or 4G mobile data, Bluetooth and other wireless technologies. Often systems are connected for navigation, infotainment, safety, car diagnostics and remote vehicle functions such as remote start.
Wireless connections could allow hackers to gain access and control vehicles or steal data. BT claims it has a strong, award-winning, global team of security specialists, including “ethical hackers”, who will provide methods to test systems by imitating hacker attacks, reporting possible vulnerabilities and providing recommendations.
BT is now offering its service vehicle manufacturers, insurance companies and other automotive industry providers, to identify and fix vulnerabilities before cars go on sale. BT will also offer ongoing support to maintain security against new and evolving threats.
BT Assure Ethical Hacking for Vehicles includes tests that cover Bluetooth links, USB ports, or the DVD drive, as well as external connections such as links to mobile networks or power plugs.
BT looks at the end-to-end security by testing and verifying all the systems that interact with the connected vehicle. Remote systems that can be hacked include the laptops of maintenance engineers, infotainment providers, and other supporting systems.
After 10 day BT will give the client a report with:
• A detailed explanation of the testing activities that have been completed and the methods used by us to determine the results.
• A listing of all the vulnerabilities of the embedded systems in the vehicle with a ranking of their level of risk, the ease with which they can be exploited and mitigating factors.
• An explanation of how to mitigate or eliminate the vulnerabilities including enhancement of your policies, adoption of industry best practices, changes to security processes and enhancement to the architecture of the embedded systems in the vehicle.
Other car hackers out there who may help automakers are Chris Miller and Charlie Valesek have started to work as consultants to automakers.
Eric Evenchick is selling device to help car hackers break into vehicle Connected Area Network (CAN buses) with commercial support available.