Can Government Legislation Really Protect the UK’s Connected Cars?

The Government has mandated new legislation in an attempt to prevent hackers from gaining the upper hand. Connected cars continue to flood the market, but can they really protect us?

It’s a bold step and a big claim for a government to make. But on the 6th August parliament announced that they would protect a new generation of smart cars from hackers.

How do they plan to do this? Well, working with manufacturers the government guidance will force engineers to toughen their cyber security, effectively designing out any hacking abilities. 

This new guidance comes off the back of the new ‘Autonomous and Electric Vehicles Bill’ which will help underpin a new framework for the insurance industry when it comes to self-driving cars.

Whilst that’s all well and good, new exploits and back doors are always found. Any connected device has an ‘always on’ connection to the wider world, so to say you’re going to ‘design out’ any and every threat is a near impossibility.

The end result would be an electronic fortress on wheels, most likely hampering the end user instead of helping them. 

As we mentioned in our last connected cars piece the basic issues are already rearing their ugly head. From smartphone apps, that can give you full access and tracking abilities long after you’ve parted ways with the car, to having your call, text and email history stored on a hire vehicle for everyone to peruse.

But just as you thought connected cars were the problem, security might need to be taken one step further.

The proliferation of ‘car plugs’ or wireless OBD devices are also open to attack. 

Imagine a scenario where you hand your brand new £80,000 car over to the airport parking attendant. Whilst in their care they plug in a hacked OBD reader which you’d never even notice. Weeks later you find your car spirited away in the middle of the night. Keys still untouched in your home.

Think that’s far too sci-fi to ever happen? A Chinese team of researchers were able to hack into a Tesla Model S last year. 

The attack was completed through the car’s own connected system. It would be much easier if you already had a route in via your own hardware.

As we’ve seen with Dieselgate this could seem like too little, too late in terms of government response. Words and good intentions do a lot to reassure, but out here in the real world, new exploits are being picked through daily, so what can Parliament really do to protect us?