Recognizing and reducing the impact of auto cyberattacks

Over the past decade, the share of connected vehicles in the automobile market has steadily increased. Electrification trends, autonomous driving development and rising consumer interest in shared mobility ensure that connected vehicles will dominate the auto market in the future. 

That said, connected vehicles present a host of vulnerabilities, including risks to data privacy, driver safety and uninterrupted services. Cybersecurity is a crucial talking point within this ambit, as cyberattacks are becoming more frequent among connected vehicles. 

Between 2010 and 2019, the number of cybersecurity events climbed by over 700%, with the industry witnessing 99% growth in the number of incidents since 2018. Though about 38% of these recent-year attacks were white hat attempts, 57% were malicious black hat attacks, meant to disrupt processes and damage property.

“Most of the attacks happen on connected vehicles when they connect to the internet through a telematics unit. From an attacker’s perspective, a connected vehicle is a complex machine with a lot of internal electronics along with being connected to a back-end set of applications that sit on the ground,” said Dan Sahar, vice president of product at Upstream Security, an auto cybersecurity firm for connected and autonomous vehicle fleets. 

Malicious actors can leverage this constant interaction between internal systems on board the vehicle and cloud-based applications as attack vectors. Several such attack vectors have been repetitively used across the world. Among these are hacking of telematics servers, targeted attacks on the software processes, and attempts on internal components like electronic control units (ECUs) in vehicles.

In some cases, attackers can target multiple vehicles simultaneously, which Sahar called a fleetwide cyberattack. “There’s a lot of complexities within these vehicles and multiple ways via which it connects, enabling malicious actors to attack them in a lot of ways,” he said. 

The reasons for cyberattacks could be as varied as the means of attack. Sahar explained that most cyberattacks today are financially driven, such as ransomware. These attacks are primarily about disrupting the services of fleets and can include acts such as remotely starting or shutting off engines and unlocking doors in the morning. 

That apart, such attacks can still lead to repercussions such as data theft. For instance, bad actors could extract routes of a trucking fleet and use it to penetrate the corporation that owns or employs the fleet. This could lead to major data breaches within enterprise corporations. 

“But there’s a larger risk that’s on the mind of law enforcement agencies around the world, which is state actors and criminal organizations trying to create larger disruptions that are not necessarily financially driven,” said Sahar. “We haven’t seen many of those yet, but they definitely have occurred on the enterprise corporation side. There have also been multiple alerts by the FBI of state actors targeting connected vehicles.”

Regulations have cropped up in an attempt to tackle the growing menace of cyberattacks. The European Union and the U.S. have created rules that task suppliers, such as electronics manufacturers, as well as automakers with taking on a higher level of responsibility for their vehicles. 

“Apart from having to incorporate processes in the vehicle development cycle, automakers will have to continuously monitor how their vehicles regularly behave, whether there are breaches, detecting and tackling breaches while still small, and creating solutions to remediate such breaches,” said Sahar.