Security flaws have been uncovered in two best-selling cars that could allow computer hackers to gain access and put safety and privacy at risk.
The research concluded that manufacturers are being ‘careless with security’ because there is no meaningful industry-wide regulation for in-car technology.
Cyber security experts found they could intercept the tyre pressure monitoring system on the Ford. Hackers could tell the system to show that flat tyres were fully inflated – a potentially dangerous safety concern.
Analysing the code also uncovered wi-fi details and the password of a computer system at Ford’s factory in Detroit, Michigan. (The Focus is built in Europe.)
Which? also noted the amount of personal information the car was storing, including location and travel direction, speed, acceleration, braking and steering.
‘Simply lift the VW badge’
On the Volkswagen, the security experts gained access to the infotainment system, through the ‘disable traction control’ function.
They noted it contains a huge amount of personal information, including phone contacts and location history.
Furthermore, the tech experts found they could access the car’s front radar module – simply by lifting the VW badge on the front grille.
This would allow hackers ‘to tamper with the collision warning system’.
Which? magazine editor Lisa Barber said: “Most cars now contain powerful computer systems, yet a glaring lack of regulation of these systems means they could be left wide open to attack by hackers – putting drivers’ safety and personal data at risk.
“The government should be working to ensure that appropriate security is built into the design of cars and put an end to a deeply flawed system of manufacturers marking their own homework on tech security.”
A regulation for on-board car computer systems is planned for 2021, adds Which? – but this is only voluntary.
The consumer group adds that while Volkswagen is engaging positively with it, Ford declined to receive the Which? technical report.