A new report from the independent consumer body Which? has discovered serious security flaws in best-selling connected cars from Ford and Volkswagen which could allow them to be hacked.
The organization worked closely with cybersecurity experts to examine the computer systems that power the connected features of two of the most popular cars in Europe, the Ford Focus Titanium Automatic 1.0L petrol and the Volkswagen Polo SEL TSI Manual 1.0L petrol.
The results of the investigation confirmed Which?’s fears that a lack of regulation for on-board tech in the automotive industry allows manufacturers to cut corners when it comes to security. While the organization looked at two popular connected car models from Ford and Volkswagen, it is concerned that similar issues could be widespread throughout the industry.
Through its work with testing partner Context Information Security, Which? was able to hack into the infotainment unit of the Volkswagen Polo that serves as part of the car’s central nervous system. The vulnerability was discovered in a section of the vehicle that can enable or disable traction control but the infotainment unit also contains a wealth of personal data including users’ phone contacts and location history.
When it came to the Ford Focus Titanium Automatic, the experts were able to intercept messages sent by the tire pressure monitoring system using basic equipment and an attacker could potentially trick the system to display that flat tires were fully-inflated which poses a security risk. By examining Ford’s code, Which? Found that it also included WiFi details along with a password for the computer systems on Ford’s production line.
Connected car apps
Which?’s investigation also raised concerns regarding how much data connected cars are generating about their owners and how this information is stored, shared and used.
While Ford declined to receive Which?’s technical report, Volkswagen has engaged with the consumer body since the findings were shared.
Editor of Which? Magazine, Lisa Barber provider further insight on the investigation’s findings in a press release, saying:
“Most cars now contain powerful computer systems, yet a glaring lack of regulation of these systems means they could be left wide open to attack by hackers – putting drivers’ safety and personal data at risk. The government should be working to ensure that appropriate security is built into the design of cars and put an end to a deeply flawed system of manufacturers marking their own homework on tech security.”