April 20, 2015—BT announced the launch of "BT Assure Ethical Hacking for Vehicles," a new security service developed to test the exposure of connected vehicles to cyber attacks and help all market players develop security solutions.
Connected vehicles rely on a variety of connectivity options, including WiFi, 3G or 4G mobile data links, Bluetooth, and other wireless technologies. These provide a range of new on-board features and value-added services, such as predictive systems to bypass traffic jams, reduce carbon emissions, improve safety and vehicle performance. Vehicles are also becoming more connected through electronic systems like navigation, infotainment, and safety monitoring tools.
The proliferation of these technologies raises concerns about the ability of hackers to gain access and control to the essential functions and features of those vehicles and for others to use information on drivers' habits for commercial purposes without the drivers' knowledge or consent. As with all other devices plugged into the "Internet of Things," security and integrity of data is of critical importance to prevent unauthorized access or remote hijacking of a vehicle.
BT has a strong, award-winning, global team of security specialists, including "ethical hackers," who provide a standardized method to test systems by imitating hacker attacks, reporting possible vulnerabilities and providing recommendations. BT aims to identify and fix vulnerabilities before the keys of a new vehicle are handed to a proud owner.
BT Assure Ethical Hacking for Vehicles includes a range of tests targeted at the "attack surfaces" of the vehicle. These cover interfaces that are accessible inside the car, such as Bluetooth links, USB ports, or the DVD drive, as well as external connections such as links to mobile networks or power plugs. BT looks at the end-to-end security by testing and verifying all the systems that interact with the connected vehicle. The ultimate objective is to identify vulnerabilities that would allow unauthorized alteration of configuration settings or that would introduce malware into the car. These remote systems can include the laptops of maintenance engineers, infotainment providers, and other supporting systems.