The FBI said: “The industry will likely face a range of malicious activity shortly as the data collected by connected and autonomous vehicles become a target for nation and state and financially motivated actors.”
Though terrorism and sabotage are possible, experts believe financial crime is far more likely.
Andy Davis, Transport Cyber Security Practice Director at NCC Group, says: “Media reports tend to focus on the physical attacks, but most cyberattacks come from organized crime groups – and they want to make money, not kill the general public.”
Car hackers can be expected to use the same methods they use on PC users.
Ransomware, for example.
Here, criminals will hack into a vehicle, disable it, and demand money from drivers or manufacturers to relinquish control. Davis says: “You get in the car, and a message on the infotainment system says: ‘Send money if you want your car to start.’ I can also see hackers stealing ID and card details from cars to sell on the black market.”
Why is this?
What compounds the car's cybersecurity threat is the sheer number of entry points into the vehicle. Criminals can sneak in via telematics systems or even the radio.
They can also hack into the many external devices – phones, key cards – that drivers link to the car’s electronic control unit (ECU).
Regrettably, car cybersecurity crimes are now rising.
According to the Upstream’s Automotive Cybersecurity 2022 report, only 75 annual incidents were reported in 2018, whereas in 2021 that number jumped to over 240 incidents. That is a three-fold jump in the number of automotive cybersecurity incidents in four years.
The findings of this report show that 84.5% of automotive attacks were carried out remotely.
Re-thinking connected car cybersecurity
So without question, the connected car hack is a huge challenge for the motor industry.
It demands a mental re-think from companies that have traditionally been unaffected by cybercrime.
The challenges around security, and the reputational damage if something goes wrong, are inspiring partnerships between car manufacturers and best-in-class industry leaders.
Car manufacturers need to build in security from the start, rather than patch ‘holes’ as they arise. This will require multi-party collaboration, given the hundreds of suppliers producing parts for today’s cars.
The process will start with securing the connected car’s firmware and software applications (using public key infrastructure, or PKI, and other tools).
But it’s also critical to encrypt the data transmitted to and from the car, both at rest and in motion.
Of course, this security must extend across the life of the vehicle.
Manufacturers should be able to disable connected services during shipping, for example, and can deliver over-the-air software updates to prevent data breaches.
The good news is that carmakers are working hard to address the growing threat against connected car security.
To compete in the new automotive landscape, global carmakers (OEMs) are teaming up with security experts. To ensure trust in the ecosystem, they must deliver a strong cybersecurity framework that meets evolving automotive regulations.
The United Nations Economic Commission for Europe (UNECE) WP29 regulation, adopted in June 2020, is moving the industry in this direction by requiring automotive OEMs to integrate vehicle cybersecurity along the entire value chain.
The connected vehicle is at the crossroads of multiple stakes. Among those stakes, two are of particular interest to car manufacturers (OEMs), equipment suppliers (Tier 1 and Tier 2) and drivers: connectivity and cybersecurity. The development of the connected and, ultimately autonomous vehicle requires all types of embed reliable connectivity capable of withstanding the rigors of urban environments while supporting both critical systems and infotainment applications.
Cybersecurity is complex and quickly evolving. Leveraging advanced and proven expertise in digital security and IoT, the Thales Trusted Key Manager provides car makers with support for digital transformation while ensuring the end-to-end security of the automotive ecosystem.
This dossier provides insight into areas of connected cars technology: what is connected car, how connected cars will integrate with smart cities, drive cellular IoT and 5G adoption, be better for the environment, and offer innovative mobility services while inventing ...
For more information regarding our services and solutions contact one of our sales representatives. We have agents worldwide that are available to help with your digital security needs. Fill out our contact form and one of our representatives will be in touch to discuss how we can assist you.
Please note we do not sell any products nor offer support directly to end users. If you have questions regarding one of our products provided by e.g. your bank or government, then please contact them for advice first.