As connected vehicle sales rise, security incidents skyrocket 6X in the last decade
The top 10 most popular car manufacturers in the U.S. responsible for 95 percent of care sales in the region all have connected vehicles in their sales portfolio. By 2020, General Motors, Toyota and Ford, announced all the vehicles for sale would be connected, according to a report by Consumer Watchdog.
And it’s not just the top-selling car companies in the U.S. that base their business on smart mobility. By 2022, Fiat-Chrysler aims to follow in their footsteps, as will Renault-Nissan-Mitsubishi. Connected vehicles such as fleets are equipped with technology that collects and sends confidential data including driver behavior, GPS location and route management. The more such vehicles are on the road, the more risks there are for vulnerable data to fall in the wrong hands. This is why it’s critical to have security solutions tailored to the needs and risks of the automotive industry landscape.
New research from Israeli firm Upstream Security highlights the how severe and pervasive connected vehicle hacking has become. As manufacturers are seeking to deliver appealing products for consumers, security seems to be lagging far behind adoption of online connectivity. Based on 367 publicly reported and documented automotive cyber incidents in the last decade, the report found automotive-related cybersecurity incidents have doubled in 2019 and have registered a 605 percent increase since 2016.
Connected vehicles are an attractive target to hackers. There are already more than 330 million connected vehicles on the market today. In 2018, Juniper Research estimated that by 2023, the market would grow to some 775 million consumer connected vehicles, connected via telematics of by in-vehicle apps. With that growing market comes a growing financial incentive for hackers to spend time developing their hacking methods to be more technologically complex. The result is that in 2019 alone there were around 150 incidents.
Bad actors make up majority of incidents
According to Upstream Security, 57 percent of attacks in 2019 were performed by black hat hackers with an aim to interrupt business operations, steal intellectual property, and make money out of ransomware infections, while 38 percent were executed by white hat hackers under bug bounty program agreements to search for system vulnerabilities. For instance, since it started the bug bounty program with HackerOne in 2014, Uber has more than 1,300 solved reports amounting to $2.3 million in total bounty pays. Companies such as Tesla pay as much as $15,000 per vulnerability.
Since 2010, the most common attack vectors have been keyless entry/start-engine systems (30 percent), servers (27 percent), and mobile apps (13 percent). Other attack vectors detected are onboard diagnostic (OBD) ports (10.36 percent), infotainment (7.96 percent), sensors (5.33 percent), and Wi-Fi (5.33 percent). In 2019, key-fob vulnerability exploits were responsible for 38 percent of automotive security incidents, while 25 percent were server attacks.
As per Upstream Security findings, hackers have successfully gone after every single business in the smart mobility space, including OEMs, fleets, telematics and after-market service providers, and ride-sharing services. The top three impacts of incidents over the past 10 years were car thefts/break-ins (31 percent), control over car systems (27 percent), and data/privacy breaches (23 percent).
“With the rapid rise of attacks on the automotive industry, OEMs and smart mobility providers need extensive visibility and clarity into the threat landscape, helping them design the proper security architecture spanning their vehicles and cloud environments,” said Oded Yarkoni, Upstream Security’s VP of Marketing. “Our annual automotive cybersecurity report shows that the threats faced by the entire industry are real and increasingly more prevalent,” he noted.
In 2019, hackers did not need physical access to cars to hack them. As many as 82 percent of incidents were executed from a remote location. Millions of vehicles are affected by supply-chain vulnerabilities, many left undocumented in this industry. A supply-chain vulnerability in the Harman infotainment system of a Jeep Cherokee that enabled remote hacker control led to 1.4 million vehicles being recalled because they could not be patched over the cloud.
Although the overall picture is worrisome, manufacturer awareness is increasing. Bug bounty programs to detect system vulnerabilities are on the rise in the automotive industry, and government officials and consumers are more aware of risks and expect legislative frameworks to reduce cybercrime in the automotive space. Car manufacturers are looking to safeguard vehicles against key-fob hacks, as part of a multilayered security approach. The industry is taking up regulations and standards, and manufacturers want to adopt in-vehicle and cloud-based automotive cybersecurity solutions and promote the creation of VSOCs (Vehicle Security Operations Centers) for early detection and rapid remediation of vulnerabilities.
Network edge workload, traffic growth to impact on data center design
Intelligence Edge Expo
Comments