A Detroit Free Press report shows there were 150 automotive cybersecurity incidents in 2019 alone.
It is impossible to remotely hack into an unconnected car. But if you're not driving the latest vehicle from Tautology Motors, your vehicle is likely at risk from some sort of digital intrusion. In fact, almost every car on the road today, if it can connect, can be hacked to some degree.
That's the opinion of Moshe Shlisel, the CEO and co-founder of GuardKnox Cyber Technologies, a company that focuses on protecting vehicles from just these kinds of attacks.
"The more sophisticated the system is, the more connected your vehicle is, the more exposed you are," Shlisel told the Detroit Free Press. "We have taken whatever model [car] you think of and we hack them through various places. I can control your steering, I can shut down and [start] your engine, control your brakes, your doors, your wipers, open and close your trunk."
Schlissel isn't the only one trying to predict and prevent hacking threats. Upstream Security put out its annual Global Automotive Cybersecurity Report that lists the top cyber incidents of 2020. These included a hacker gaining control over "Tesla's entire connected vehicle fleet by exploiting a vulnerability in the OEM's server-side mechanism" and hackers taking "full control of an OEM's corporate network by reverse-engineering a vehicle's [telematics control unit] and using the telematics connection to infiltrate the network."
The Free Press cited Upstream's report, which said there was a 99 percent increase in cybersecurity incidents (to 150) in 2019 and a 94 percent year-over-year increase since 2016. With more communication methods being built into new vehicles, including massive over-the-air update technologies, this trend is unlikely to reverse any time soon.
Ransomware for Cars Is Coming
All of these attacks mean automakers have to take a proactive stance in this fight. Part of the automakers' defense strategy is to ask "white hat" ethical hackers to show them where the cars are vulnerable in exchange for monetary rewards or, in some cases, jobs. The famous hacker duo who took control of a Jeep Cherokee back in 2015 now works for Cruise, the autonomous vehicle subsidiary of General Motors.
Michael Dick, CEO of C2A Security, an Israel-based automotive cybersecurity company, told the Free Press he expects the current trend of hackers holding digital data on computers for ransom to move to cars at some point. When this happens, drivers will not be able to start their vehicle until they pay off the hacker or suffer the consequences. "There's no way around it," he said. "You'll have to get it towed and get all new software to start it."
For some transportation companies, ransomware attacks have already happened. Upstream Security's report mentions a ransomware attack on the Australian transportation company Toll Group, which affected 1000 servers and 40,000 employees. And Honda was forced to stop production in June 2020 due to ransomware attacks on plants in Europe and Japan.
Upstream Security recommends three ways automakers can build secure vehicles, and they're all complicated. First, security has to be part of the design of every component. Second, there needs to be a multi-layered cybersecurity solution that involves in-vehicle, IT network, and cloud security defenses. Third, automakers need to develop vehicle security operations centers "to monitor, detect, and quickly respond to cyber incidents to protect vehicles, services, fleets, and road users." How well the auto industry builds up these defenses will define how much drivers love their connected cars as the risks are better understood.
-by Amaan Attar
0 Comments