INSUBCONTINENT EXCLUSIVE:
A new report from the independent consumer body Which? has discovered serious security flaws in best-selling connected cars from Ford and
Volkswagen which could allow them to be hacked.The organization worked closely with cybersecurity experts to examine the computer systems
that power the connected features of two of the most popular cars in Europe, the Ford Focus Titanium Automatic 1.0L petrol and the
Volkswagen Polo SEL TSI Manual 1.0L petrol.The results of the investigation confirmed Which?'s fears that a lack of regulation for on-board
tech in the automotive industry allows manufacturers to cut corners when it comes to security
While the organization looked at two popular connected car models from Ford and Volkswagen, it is concerned that similar issues could be
widespread throughout the industry.Through its work with testing partner Context Information Security, Which? was able to hack into the
infotainment unit of the Volkswagen Polo that serves as part of the car's central nervous system
The vulnerability was discovered in a section of the vehicle that can enable or disable traction control but the infotainment unit also
contains a wealth of personal data including users' phone contacts and location history.When it came to the Ford Focus Titanium Automatic,
the experts were able to intercept messages sent by the tire pressure monitoring system using basic equipment and an attacker could
potentially trick the system to display that flat tires were fully-inflated which poses a security risk
By examining Ford's code, Which? Found that it also included WiFi details along with a password for the computer systems on Ford's
production line.Which?'s investigation also raised concerns regarding how much data connected cars are generating about their owners and how
this information is stored, shared and used.The Ford Pass app allows a vehicle's location and travel direction to be shared at any time
along with data from the car's sensors including its warning lights, fluid levels and fuel consumption
The company's privacy policy says that its app collects data when people use it but that this data is only shared with third parties when it
has engaged with the consumer body since the findings were shared.Editor of Which? Magazine, Lisa Barber provider further insight on the
The government should be working to ensure that appropriate security is built into the design of cars and put an end to a deeply flawed
system of manufacturers marking their own homework on tech security."Via Which?