In 2019 there were as many as 150 automotive cybersecurity incidents, according to a report published in the Detroit Free Press:
– Here is a phrase I’m sure none of us would like to ever see happen: ransomware for cars. As scary as it sounds, the sad truth is however that we’ll very likely see this phrase in the news many times very soon.
– In 2019 there were more than 150 incidents reported involving automotive cybersecurity. A report by Upstream Security says that this was a whopping 94% year-on-year increase since 2016.
– Having connected cars is very convenient and there are many ways in which this makes our lives easier, but there are however also risks associated with this. According to a recent article in the Detroit Free Press, the hacking of vehicle are much more common and dangerous than what most people realize.
It is not possible to hack into an unconnected car remotely. If you are however not driving the latest Tautology Motors vehicle, your car is likely at risk from some type of digital intrusion. Almost every type of connected car on the road today can be hacked to some extent.
This is the opinion of the CEO and co-founder of GuardKnox Cyber Technologies, Moshe Shlisel. The company specializes in protecting vehicles from just these types of attacks.
In an interview with the Detroit Free Press, Shlisel said your exposure and risk increases the more connected the vehicle is and the more sophisticated its systems are. Shlisel’s company has taken every conceivable model of cars and has managed to hack them via several different places. Once the car has been hacked, the hacker can take control of its steering, start and shut down the engine, open and close the trunk, and control the doors, brakes, and even the wipers.
Shlisel’s company is not alone in trying to predict and prevent vehicle hacking threats. A Global Automotive Cybersecurity Report is released annually by Upstream Security and it provides a list of the top vehicle cyber incidents. In 2020, this included a hacker managing to take control of Tesla's complete connected vehicle fleet. This was done via the exploitation of a vulnerability in the server-side mechanism from the OEM. The hackers reverse-engineered the telematics control unit of a vehicle and then used the telematics connections to infiltrate the network. This ultimately allowed them to take full control of the OEM's corporate network.
Citing Upstream's report, the Detroit Free Press said there was a 94% year-on-year increase since 2016, and an increase of 99% in cybersecurity incidents in 2019, bringing to total to 150. As more communication methods are continuously being built into vehicles, including using huge over-the-air update technology, it is not likely this trend will reverse any time soon.
Vehicles Ransomware Is Sure To Be With Us Soon
Andy Jacob, CEO of DotCom Magazine, says “Reports of these types of attacks are clear indications automakers should be taking proactive action in the fight. One part of the automakers' multi-layered defense strategy is to request that "white hat" ethical hackers explore their systems and identify where the vehicles are vulnerable,”
In an interview with the Detroit Free Press, CEO of C2A Security, Michael Dick, said he expected that the current tendency of hackers to hold digital data on computers for ransom to at some point move to cars. When that starts happening, drivers won’t be able to start their car until they have paid the hacker, normally in cryptocurrency, or suffer the consequences. Dick believes that there won’t be a way to circumvent the hack once it has taken place. The only way to fix the car without paying the hacker would be to have it towed to a dealership and install completely new software before the car will operate again. C2A Security is an automotive cybersecurity company based in Israel.
Ransomware attacks are already a reality for some transportation companies. The Upstream Security report provides details of a ransomware attack on Toll Group, a transportation company based in Australia. 40,000 employees and 1000 servers were affected. In June 2020, Honda had to stop production as a result of ransomware attacks on European and Japanese plants.
Upstream Security recommends 3 methods automakers can use to ensure their vehicles are secure.
1. Every component has to be designed with security in mind.
2. Cybersecurity solutions need to be multi-layered, involving cloud, IT network, and in-vehicle security defenses.
3. Vehicle security operations centers need to be developed to monitor, identify, and respond to all types of cyber incidents.
How well automakers implement these defenses will determine how much drivers love their connected cars as the risks are understood better.