Ethical Hacking Services for AutomotiveDatasheet

BT Assure

Today’s vehicle is an astonishingly complicated piece of technology. The embedded systems in modern vehicles have many interfaces that are vulnerable to threats – and when it comes to moving vehicles, malicious attacks can potentially put lives at risk.

Among the vulnerable interfaces are well-known names such as OBDII and Bluetooth, as well as Wi-Fi hotspots and internet connections via 3G/4G, but there are other less obvious ones. One example is the USB or SD media interface, or the charging connector of an electrical car – the fact that some of these are located inside the car doesn’t mean they are safe.

All of these interfaces are connected through multiple networks in the car, known as controller area network (CAN) buses. These connect up to 100 microprocessors, with the latest executive cars having up to 100 million lines of code, a 787 Dreamliner jet by comparison has close to 6.5 million! Basic functions to control the car such as electronic steering, anti-lock brakes and drive by wire throttle are all connected to these networks as well.

When applications are being developed, particularly for embedded systems such as those applied in vehicles, the first opportunity to identify vulnerabilities is when a review of the source code is carried out. This creates an understanding of the robustness, dependencies, business logic and design of these applications before the source code is compiled and installed on the host system or other sub-systems in the vehicle.

However, it is widely acknowledged that 1,000 lines of code can contain up to 50 bugs, which can potentially result in thousands of bugs in today’s vehicles that could be exploited by hackers. Not all defects will lead to potentially harmful situations, but it takes just one to have a negative effect on your brand. So regular testing is key if you are to uncover any vulnerabilities missed during design stage.

Risks to the vehicle

Automotive manufacturers live in a world of constant change – and with all of these changes come increased security risks.

Evolving customer needs have encouraged the development of connected vehicles that can ‘talk’ to each other and access the internet with features that might previously have seemed like science fiction. The advances in technology are amazing – but they mean connected vehicles are vulnerable to malware and can be subject to hijacking causing irreparable brand damage.

Innovative design concepts and production techniques have brought cutting-edge IP-enabled devices into the production environment, but this also places new security demands on operational technologies, controls and automation.

All of this change means you and your business may no longer be as secure as you once were. Do you know where to look for the weaknesses in your business-critical systems, vehicles, procedures, processes and people? Are new environmental and industry safety regulations causing delays and cost while you assess their impact?

When considering cyber security risks in the automotive industry there are three important areas that need to be assessed: threats to vehicle security, design and manufacturing risks for the manufacturer and security at the dealership.

A changing landscape

Nowadays, dealerships use their websites not only for showing company information and promotional activities, but also for scheduling car maintenance appointments. In fact, these websites have become more and more important to the successful running of a dealership and a site put out of action will have an immediate impact on the business.

The network within your dealership connects everything together and is the basis for all communication between internal systems, ranging from printing invoices for customers, looking up stock or watching your premises – even surveillance cameras are connected to the network.

Your connection to the outside world is vital because it gives you access to all kind of services including ordering spares, following the latest developments, and communicating with your customers and suppliers. It also lets you determine the lead time cars you have ordered at the importer. Additionally, the connection gives you access to government’s car registration system, allows you to contact your traders for second-hand cars and enables you to deal with credit companies to arrange loans for your customers.

Wireless connectivity is crucial in your dealership these days. It can be used to give internet access to your customers while they visit your showroom or when they are waiting for their car to be returned after is has been serviced. However, wireless connectivity may also be used as an extension of your internal network.

The car workshop is the heart of your business and is vital for the delivery of the ultimate customer experience. Customers may ask you to upload new software to their car during a maintenance or service check or to add new devices to the car inventory such as a navigation system, whereby you need to connect the car’s electronics directly to the factory. If a cyber attacker installed malware in the operating system of the car via the service connection, your customer service could be brought into question – and potentially result in life-threatening situations.

Though systems provide all these important facilities for your company, your staff is the human connection and responsible for interacting with your customers and suppliers. However, even the best employee may forget to adhere to procedures you have in place and reveal sensitive information or give unintentional access to your premises or systems. This can lead to unwanted and potentially unsafe situations that put your reputation at risk.

At the dealership

For example, the car service platform used by all your dealerships, is at risk because it’s difficult to know if the dealership is acting according to your procedures. This means your car service platform needs to be robust and comprehensively protected at all times.

In datacentres and manufacturer sites modems can be used to connect all kinds of systems on your network to the outside world via a public switched telephone network (PSTN). These can be used to enable suppliers and/or specialists to dial in and deliver support whenever needed, or were perhaps set up for access during a project and then not properly ceased. They even might have been deliberately set up for malicious purpose. It’s important to understand potential threats in this area so you can determine whether your business is at risk.

The internal networks used in your research and development departments also need special attention, because new developments and trade secrets could be vulnerable to theft. Proper network segmentation may be needed to isolate and protect these special departments.

At the manufacturing site

Although the manufacturer faces the same challenges as the dealership when it comes to connections to the outside world and applications used for all kinds of activities, there are other threats which might introduce risk to your business.

It’s all about ensuring proactive protection of the brand, reputation and valuable electronic assets you need to provide an excellent service to your customers every day.

It’s also about having a clear view of what might be at risk, ranging from the potential financial impact of website downtime, to life-threatening situations, and the loss of customer trust.

At an operational level, it’s also about understanding the countermeasures and actions that you may need to take if your information or services were compromised. You need to have full visibility of your own security estate and that of your service providers and the services they are managing.

A good security strategy supports your organisation’s business strategy and needs to move and develop in tandem with your business. Security management is as important as any other critical operation in your business – you need to have a clear understanding of the security threat challenges you face.

To strengthen your security posture now, start to identify existing vulnerabilities in your products, network infrastructure and supporting systems. You should also evaluate your procedures and ensure your people are supporting them, which will help you determine your overall risk profile.

A joined-up approach from one single supplier will make it far easier to prioritise investment and show how effective security supports your business’ strategic objectives.

So what is required?

This also applies to your production areas, where downtime will immediately affect your business.

Many manufacturers are now offering concierge services, so that a central server can run remote diagnostics to provide peace of mind, or update your SATNAV with the destination of a recommended restaurant, or the nearest free parking space. However, all it would take would be a compromised employee with IT skills to abuse these services and damage confidence in your brand.

Remember, too, that controlling physical access to your premises is important – the competition would like to know what you are doing and cyber criminals want to understand how they can successful attack the heart of your car service platform. Unauthorised people should not be able to enter your premises, and even employees should not have access to systems or networks if they are not authorised, because they might share sensitive information.

We can offer you expert assistance with a set of Ethical Hacking services:

• Web and Thick Client Application Testing • Vehicle Testing • Mobile Testing • Secure Code Review • Network Testing • Wireless Testing • Host Configuration Review • Red Teaming / Social Engineering • Firewall Policy Review • War Dialing

Additional information about these types of vulnerability assessments are available in separate datasheets.

If needed, we have additional professional services available to assist you when mitigating the identified vulnerabilities after the Ethical Hacking services have been completed.

Our services

Put your Ethical Hacking needs into expert hands. We operate across many industries, including industries that are significantly more advanced in dealing with cyber threats. This means we are ideally placed to bring expertise and know-how acquired with customers on the leading-edge of cyber security and apply it to the automotive industry. Our world-class credentials include:

• Our global Ethical Hacking capability with more than 20 years’ experience, combines the vast knowledge and experience of our consultants with proven methodologies

• Being a network operator, we have specific in-depth knowledge of network infrastructure devices and as a large company we use many server and workstation platforms, mobile devices and (web) applications. These are thoroughly tested by our Ethical Hacking capability before being deployed on our network infrastructure, on which many international customers rely

• Our highly skilled consultants hold industry certifications that include CISSP, CISA, CISM, GPEN, CPTE, OSCP, OSCE, OSEE, OSWE, OSWP, CPTS, CCIE, LPT, PCI QSA, ECSA, CESG CHECK and CREST

• We are accredited for performing its professional services on a global scale by Lloyd’s Register Quality Assurance for the ISO9001:2008 quality management system

• Holding the ISO9001 certification since July 2003 shows our long-term commitment to continuously improve the quality of our services

• Other relevant certification programs are CESG CHECK and the following CREST schemes: Penetration Testing and Simulated Target Attack & Response (STAR)

• We are one of the largest security and business continuity practices in the world, with more than 2,000 security consultants and professionals globally and we have been offering security and business continuity expertise successfully to our customers for many years

• We are one of only a few organisations providing integrated network and security solutions both commercially and technically

• Analyst-recognised capability – Current Analysis states (2014) “for the growing number of enterprises seeking a broader, integrated solution rather than treating security as an isolated silo, BT can offer a one-stop-shop security experience.”

Why BTBacked by accreditation with standardised methodology, our approach is simple and aims to answer the question: how secure are the critical systems, people and procedures that protect and grow your business?

The areas mentioned below need special consideration if you are in the automotive industry, as interruption of them will harm your business and cause potentially lethal situations.

We will work with you to review your current risks against your desired risk profile, and then provide a reliable, flexible roadmap that will help you manage your vulnerabilities.

How we can help you?

Bringing it all together

Offices worldwide

The services described in this publication are subject to availability and may be modified from time to time. Services and equipment are provided subject to British Telecommunication plc’s respective standard conditions of contract. Nothing in this publication forms any part of any contract.

© British Telecommunication plc 2015Registered office: 81 Newgate Street, London EC1A 7AJRegistered in England No: 1800000

bt.com/btassure/ethical-hacking