When we think about car security most think of immobilisers, alarms and sensors, or even GPS trackers. 

For threat actors, these technology reliant accessories offer an entry point that can be compromised and monetised.

According to a study, conducted by Upstream, cyberattacks on cars increased 225 percent from 2018 to 2021.

So what are these attacks and how can we defend against them?

Point of least resistance

The most common automotive cyberattacks are unauthorised access or theft of vehicles due to keyfob relay attacks, spoofing, key jamming or diagnostics hacking.

Thieves only need to be close to the key fob and, using computer software, they can pick up and reproduce the signal to steal the car. According to figures from the DVLA, Ford Fiestas and Range Rovers are among the most stolen cars nationally, with a significant number fitted with keyless entry technology.

In Germany, a teen claimed to have found flaws in a piece of third-party software used by a relatively small number of Tesla owners that could allow hackers to remotely control some of the vehicles’ functions - unlock doors, honk horns and start the cars.

And it's not just the physical car that presents a target.

The threat to the infrastructure to support electric vehicles (EV) presents a prime target - particularly charging points are prime for point of sale (POS) attacks.

In fact, research of EV charging points by Carlos Alvarez College of Business’ Department of Information Systems and Cyber Security found 13 significant areas of security threats and vulnerabilities, such as missing authentication and cross-site scripting

Another issue is that a company’s digital infrastructure, that is core to its business, presents a target to criminals.

If IT systems go down the entire company comes to a screeching halt as was the experience of Toyota and Honda earlier this year .

And it’s not just the manufacturers who are at risk as, in February, Emil Frey - one of Europe's largest car dealers, was hit with a ransomware attack with TrustFord - the UK’s largest Ford vehicle dealer group, also confirmed as suffering the same fate.

Why is the car industry being targeted?

All industries go through periods of dramatic evolution. For the automotive industry, that time is now.

Following 100 years of the ‘petroleum engine’ era the industry is being forced to change the heart of the car - the engine - from fossil fuels to be electric.

The speed of that transformation is unique in comparison to the age of this industry.

This requires not just an adaptation of the engine but the whole infrastructure to support EV cars from roadside charging points, online services to connect these, and backend systems to support the networks. Powering this is IT transformation.

The time of old segregated operational technology (OT), used to control physical systems on a traditional production line, is over. Instead Industrial Internet of Things (IIoT), connected devices and traditional technology is all part of the physical car production supply chain.

However, any rapid IT transformation isn’t without risks and cybercriminals have stepped into the breach and capitalised on the opportunity to deploy attacks and compromise these new services.  

Why is cybercrime so easy?

Awareness is critical - understanding what the risks are and implementing security measures to mitigate them.

When it comes to securing our vehicles, the greatest issue is that manufacturers are focused on functionality - how something should work and what it delivers to the end user. This mindset has to change from functionality and instead embrace cybersecurity as a key component of both the development and deployment phase. In the meantime, for consumers who drive a keyless car its about taking the necessary precautions to prevent theft, such as placing the key in a container that jams the signal.

In the case of EV charging points - monitoring and management will be critical to identify and patch vulnerabilities that cyber criminals could exploit. Being vigilant when using these stems to signs that they may have been tampered with will also help.

In the case of ransomware, threat actors rely on disruptions to incentivise organisations to pay. Criminals will look for an easy target and, by raising the stakes and strengthening defenses, attackers will move focus to other insecure victims

In the majority of instances it is a known vulnerability that allows threat actors an entry point to the organisation’s infrastructure. Having gained entry threat actors will then look to exploit misconfigurations in Active Directory to further infiltrate the organisation to steal data, encrypt stems or other nefarious activities.

Organisations must know where their risks are and continuously monitor and respond to threats as new vulnerabilities are discovered and threat actors weaponise these flaws.

Systems must be treated as if a sophisticated adversary already has or can gain access, which demands that tight identity management practices be in place to limit damage.

If organisations find and fix the flaws threat actors climb through, the vast majority of attack paths will be closed off, preventing compromise, malware infiltration and/or exfiltration of data.

Understanding and managing cyber risk is just as important as any other risk. It’s about knowing the latest criminal tactics and taking aversive action.

As manufacturers, whether that’s the cars themselves or added extras, those that prioritise security and privacy could enjoy a competitive advantage over those who don’t.

Collectively, we all play a part in stopping criminals driving off into the sunset with their illicit gains.

Author: Bernard Montel, EMEA technical director and security strategist, Tenable