Increased connectivity causing security risks

Internet of Things

Source: Fleet News

The Government-sponsored Transport Software Initiative (TSI) says fleets are risking their vehicles being hacked if they let them connect with external devices.

TSI’s concern is that, with the advent of the ‘Internet of Things’ (IoT), a home’s lighting, heating and white goods are all being linked to the internet – and to vehicles.

A car could connect wirelessly to the systems in a house. The theory is that hackers can use an access point in the house connected to a vehicle to get to the car’s systems.

The more connectivity = the more chance of vulnerability to be exploited.

Tony Dyhouse, TSI knowledge Transfer Director and software security specialist, told Fleet News: “A car is now an internet browser on wheels.

“We’re connecting devices to everything at a rate of knots. Home devices can be a very uncertain property and any fleet operator is taking a risk by letting drivers connect vehicles to external devices."

Dyhouse said fleets should take the same attitude businesses have to any downloads that are made at work on PCs, with all software treated as malicious until checked.

A Ford spokesman said the company has long been aware of security threats to connected vehicles and takes security “very seriously by consistently working to mitigate the risk", adding: “We focus on the security of our customers  before the introduction of any new technology feature, by instituting policies, procedures and safeguards to help ensure their protection.

“We are not aware of any instance in which a Ford vehicle was infiltrated or compromised in the field."

As more manufacturers, like Ford, look into their future vehicles connecting with external devices, it is important that everyone is aware of the security side of things.

He said: “It’s worth discussing concerns and getting all affected parties, including manufacturers and the Government, to discuss what’s being done to improve vehicle security."

Dyhouse says one way vehicles could be made more secure is for the operating system that controls critical features like brakes and the engine to be sectioned off separately from the controls for other features like entertainment.

He added: “Currently, if a hacker gains access to the entertainment system, they gain access to the engine and brake controls too on most vehicles."

Dyhouse suggests there should be some sort of certificate of competence for software applications that are developed, so users and drivers downloading them can know they have at least been submitted to a strong quality check process.

Ensure that you connect your vehicle to a known supplier and do not use unknown manufacturers or service providers. Known suppliers have secure servers, data policy agreements and will protect your information and your vehicle.

To find out more about the Internet of Things (IoT), click here.