By Staff Writers, CISOMAG
April 15, 2020
Connected cars manufactured by Ford and Volkswagen have major security flaws which could put owners’ privacy and safety at risk, a new research found. An investigation from consumer group Which? exposed vulnerabilities in connected technology like media and computer systems in Ford Titanium Automatic 1.0L petrol and a Volkswagen Polo SEL TSI Manual 1.0L petrol car models.
Which? Magazine stated that it found vulnerabilities in a section of the car that can enable or disable traction control, a feature that helps drivers to control the vehicle, and in the infotainment unit that holds owner’s personal data, such as people’s phone contacts or location history. It also claimed that it was able to hack the infotainment system in the Volkswagen Polo.
The investigation also revealed that by lifting the Volkswagen badge on the front of the car gave them access to the front radar module. This could potentially allow an attacker to tamper with the collision-warning system, posing a safety risk. Which? warned that the security flaws expose the cars to malicious hackers who could steal data or send misleading information to the vehicle’s management system.
Lisa Barber, Editor of Which? Magazine, said, “Most cars now contain powerful computer systems, yet a glaring lack of regulation of these systems means they could be left wide open to attack by hackers – putting drivers’ safety and personal data at risk. The government should be working to ensure that appropriate security is built into the design of cars and put an end to a deeply flawed system of manufacturers marking their own homework on tech security.”
Connected Cars are Vulnerable to Attacks
A similar study by Consumer Watchdog, a non-profit organization, revealed that all advanced cars with internet connections to their safety-critical systems are apparently vulnerable to fleet-wide hacks. The survey report, “Kill Switch: Why Connected Cars Can Be Killing Machines And How To Turn Them Off”, revealed that automakers have disclosed the high risk of such hacks to their investors, but are keeping the public in the dark as they market new features based on internet connections.
According to the report, the infotainment system is connected to the internet through a cellular connection, and also to the vehicle’s CAN (Controller Area Network) buses. This outdated 1980s era technology links the vehicle’s most critical systems, such as the engine and the brakes. Experts agree that connecting safety-critical components to the internet through a complex information and entertainment device is a security flaw. This design allows hackers to control a vehicle’s operations and take it over from across the internet.
Security Tools to Identify Flaws in Connected Cars
Earlier, Cisco released an open-source hardware tool dubbed “4CAN” to find security vulnerabilities in connected cars. The newly launched security tool will allow automobile security researchers and car manufacturers to identify potential flaws in sensors and control systems in modern cars, to ensure vehicle security. Cisco stated that vulnerabilities in the control systems might cause serious threats in the cars, which allows attackers to get control of the vehicle’s system.