Could Hackers Take Over Ford and Volkswagen Cars and Also Threaten Owners' Privacy?

We'll be stating the obvious if we say that cars have come a long way, but the changes automobiles went through over the last few decades have really been astonishing. Some of you might remember, for example, what dashboards looked like in the 1990s. You had a radio, knobs for the climate control, and lots of other buttons and switches that controlled a wide range of vital and non-vital functions. On brand new cars, most of these have been replaced by touchscreens that offer great graphics in addition to many useful features. Quite a few people tend to forget what sits behind those screens.

The so-called infotainment system isn't responsible for the radio and the heater only. It's often the central part of a vehicle-wide network of sensors, systems, and electronics. You can connect your phone to it, you can hook it up to your home Wi-Fi network, and you can also update its firmware. You probably won't be too surprised to hear that with the right skills and equipment, you can hack into it as well.

Security researchers poke holes in modern infotainment systems

As we all know, if you want to build and sell a car, you need to meet quite a few very strict regulations. Most of the systems in an automobile should meet specific requirements, and entire agencies are devoted to ensuring that everyone plays by the rules. With on-board technology, however, thinks are a lot looser, and a UK consumer group by the name of Which? decided to see what sort of impact this might have on modern cars' security.

Which? bought a couple of cars, a Ford Focus and a Volkswagen Polo, and handed them over to cybersecurity experts from Context Information Security. The models were picked not because Which? had something against Ford or Volkswagen but because the Focus and the Polo are among Britain's best-selling cars. The experiment should concern a lot of people, and unfortunately, the results are not brilliant.

As soon as they started looking into the infotainment systems in more detail, the experts noticed a few glaring problems. The use of old libraries meant that, in some cases, the researchers had readily available exploits and known vulnerabilities that would allow them to poke through the cars' nervous system. In the case of the Polo, they managed to find a way of turning off the car's traction control system – a critical security feature that can save lives. In addition to this, a vulnerability with Volkswagen's key fob could potentially allow hackers to break into the car without leaving a trace.

While examining the Focus, they realized that they could intercept the signal sent from the car's tire pressure monitoring system and give the driver false information, which is another potential safety hazard. The problems aren't limited to the physical well-being of drivers and passengers, either.

Hacked infotainment systems could reveal Wi-Fi passwords, location history, and other personal data

While they were examining the Focus' firmware, the researchers were rather shocked to find the Wi-Fi password for Ford's assembly plant in Detroit. This discovery sent the researchers down a completely different rabbit hole, and it's fair to say that they didn't like what they found. They said that a hacker would need access to your car for just five minutes in order to extract a host of personal information like phone contacts and location history. During the experiment, the researchers also bought a second-hand infotainment system for the Polo, and in it, they found data that belongs to the previous owner. The details included contacts, physical location, and even home Wi-Fi passwords.

Fixing the issues is going to be difficult, but on the bright side, Volkswagen expressed its intent to analyze the problems more closely and look for a solution in the future. Ford, on the other hand, wouldn't even accept the technical report.

This confirms Which?'s fears. Car manufacturers are unlikely to follow strict security rules when implementing on-board technology unless they are forced to do it. Consumers can do little more than hope that regulators will soon step in.