Serious security flaws in best selling “Connected” cars have come to light following the release of a report from consumer body Which?.
The report highlights some pretty substantial flaws found in well regarded retailers vehicles, Volkswagen and Ford, which could allow them to be hacked.
In working with cybersecurity experts, Which? has examined the computer systems of the 2 most popular cars in Europe, the Ford Focus Titanium Automatic1.0L petrol and the Volkswagen Polo SEL TSI Manual 1.0L petrol.
This in depth investigation unfortunately revealed that fears of a lack or regulation for the internal technology in the automotive industry have allowed manufacturers to cut corners.
However, just because findings have been brought to light on the security flaws in these vehicles, this does not mean they are the only culprits.
Similar issues are feared to be common practice by many car manufacturers, and therefor this has clearly outlined that regulation needs to be brought to the industry.
The Volkswagen Polo was able to have the infotainment unit broken into by the testing, this is part of the cars central “nervous system”, allowing the testers to disable the traction control, and also capture a wealth of personal information that was gathered by the car through the user mobile phone.
The Ford allowed the testers to intercept and alter messages sent to the driver about the tire pressure, through the electronic tire pressure monitoring system, therefore giving the driver false information about the inflation of the wheels.
In addition to this the Ford also allowed the testers to gain Fords own manufacturing plant WiFi information and a password for the computer systems on Ford’s production line.
What other information do they need?
The investigation has also pricked some ears on why vehicles are collecting so much data on every driver, why is this needed, how is it stored, shared or even used.
The Volkswagen We Connect app was tested and finding suggested that the car can request a range of permissions that includes access to “confidential information” in users’ calendars and the contents of USB storage.
The privacy policy of Volkswagen states that the application only shares this data with third parties when,“necessary for the purpose of performing a contractual obligation”.
The Ford Pass app seems to go even further into the grey area, collecting a users vehicle location and travel direction and the vehicle sensor information, this information is then shared with “authorized dealers and or affiliates”.