New questions about security

Vehicle security is back in the spotlight after researchers revealed a potential vulnerability with the remote central locking system fitted to Volkswagen Group vehicles manufactured since 1995. This showed millions of cars worldwide could be opened using equipment costing only £30 – the only requirement was to be within 100m of them.

Said to possibly explain unsolved insurance cases of theft from allegedly locked vehicles, researchers from the University of Birmingham and the German engineering firm Kasper & Oswald explained that the security of these systems relies on a few, global master keys.

Volkswagen has already taken steps to make sure specific details on the hack do not fall into the wrong hands, and it’s working with top Israeli experts to establish an automotive cyber security company to make it’s vehicles more secure.

But it’s not the only carmaker in the spotlight – the researchers also identified other vehicles open to security hacks “including Alfa Romeo, Citroën, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot”.

Connected car challenges

If commonplace technology is vulnerable, then what about connected cars? Last year, two hackers revealed they could wirelessly break into a 2015 Jeep Cherokee and control vital functions, forcing Fiat Chrysler to issue a software update for 1.4 million vehicles. It came months after the BMW Group had to patch a security flaw, identified by German motorist association ADAC, that potentially left 2.2 million vehicles at risk of hacking. And this year the FBI itself has issued a public warning on the risks of car hacking.

Digital keys, also branded as smart or virtual keys, could complicate things further. Volvo will be the first to market in 2017 using Bluetooth technology and an app, enabling smartphones to unlock cars, and even start the engine remotely. Mercedes-Benz has partnered with Samsung to develop a digital smart key while Apple has been awarded a patent on controlling a vehicle using a portable device.

This could revolutionise the automotive industry, helping to ensure people won’t get locked out of their cars – a benefit for fleets too. The technology also offers broader applications, including for rental and car sharing – Volvo owners will soon be able to send a digital ‘key’ to other people, so they can drive the car. But it has raised concern. Research by broker Leasing Options showed 76% of UK drivers would feel less secure using such a method.

Rob Miller, head of operational technology at cyber security specialist MWR InfoSecurity, said: “Actual malicious uses are, as far as we know, few and far between. But until these occurrences increase, fleet operators may have to investigate for themselves the answers to some important questions. For example, if an employee’s phone is hacked and their car stolen, who is at fault? Should the blame be with the employee for installing untrusted apps? Or the handset manufacturer for including vulnerabilities in their operating system? Or with the car manufacturer’s app developers?

“By stepping into this arena, Volvo and others must be fully aware of modern threats facing mobile applications, and be sure that they can keep their customers safe. As fleet operators, we should take the time to fully understand the functionality and limitations of mobile applications for vehicles to decide if the new features are worth the new risks. Different vehicle manufacturers may offer different levels of support and guarantees for their applications, which may end up becoming a deciding factor in our future fleets.”

Meanwhile, Kit Wisdom, head of technical services at Alphabet, said the development will bring a number of positives for fleets: “I suppose we’re more concerned about the extreme practicalities. For example, if someone were to lose their phone or their battery were to die. These are potential issues – or perhaps potential behaviours that drivers are going to have to learn [to pre-empt].

“We need some clarification from the security perspective as well. Volvo would need to show that the smartphone key technology is as robust as one of the normal keys and there wasn’t a way. As a progressive leasing company we need to ensure that we adopt these technologies, and they work for us and the industry and the drivers.

For more exclusive features, click here.