I was excited when I got my current vehicle primarily because it came with some cool features like a wireless phone charger, phone-to-car data transfer, real-time scanning of street signs, and sensors.
I could also use an app to start the vehicle, lock doors, and set and monitor speed. There was also an option to connect the vehicle to my home network or turn it into a hot spot.
However, I was jolted from my reverie by the sudden realization that connecting my phone to the car exposes me to potential cybersecurity risks. After all, 7.3% of incidents affecting connected vehicles between 2010 and 2021 involved a companion mobile app.
Remotely Carjacking Is Not Just a Hollywood Fantasy
My concern about potential cyber incidents was not due to Hollywood's portrayal of hacked vehicles like in Fast and Furious 8. There is evidence pointing to the possibility of vehicles being hacked and hijacked.
Cybersecurity researchers were not the only ones interested in exploiting vulnerabilities in connected automobiles. According to a report, cyberattacks on vehicles increased by 225% in 2021 from 2018, while threat actors were responsible for 54.1% of the incidents.
About 85% of attacks were executed remotely, 40% targeted back-end servers, 38% involved data/privacy breaches, and 20% affected control systems. Keyless entry and key fob attacks accounted for 50% of all vehicle thefts.
An increase in
Some of the ways used to compromise smart vehicles include manipulating internal codes and data, sending harmful messages through infotainment systems, exploiting vulnerabilities in software and connected devices, compromising privileged access, embedding viruses in communication media, hijacking servers to communicate malicious codes to networked vehicles, and deploying denial-of-service attacks to cause vehicles to malfunction.
Emerging threat vectors are proving to be very disruptive. An increase has been observed in attacks exploiting vulnerabilities in APIs to remotely access and control vehicles, steal them, and disrupt critical functionalities. Threat actors also use charging stations to attack electric vehicles, commit impersonation fraud, and disrupt the ability to charge electric vehicles at scale.
Connected Vehicles Risk Is an Emerging Imminent Threat
Like any other Internet of things (IoT) devices, connected vehicles are susceptible to cybersecurity risks. The infamous 2016 Mirai botnet attack weaponized many IoT devices to cause global widespread distributed denial-of-service (DDoS) attacks.
In the US, nearly half of organizations using an IoT network have been hit by a security breach, resulting in significant financial loss. The possibility of weaponizing smart vehicles is achievable if appropriate cybersecurity controls are not in place.
Common Vulnerabilities and Enumerations (CVEs) found in smart vehicles increased by 321% in 2021 from 2020.
There were 26 critical and 70 high
Connected vehicles and charging stations running Apache Log4j libraries are susceptible to Log4Shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105).
These vulnerabilities have been exploited to
Emerging cyber threats against connected vehicles include threats to communication channels (89.3%), threats to vehicle data/code (87.7%), unpatched vulnerabilities (50.8%), threats to vehicle connectivity and connections (47.1%), and threats to backend servers’ connectivity (24.1%).
With the growth of vehicle-to-everything (V2X) and cellular vehicle-to-everything (CV2X) technology networks, the opportunities are endless for threat actors to explore.
This network includes vehicle-to-pedestrian (V2P), vehicle-to-network, (V2N), vehicle-to-vehicle (V2V), vehicle-to-cloud (V2C), vehicle-to-grid (V2G), and vehicle-to-infrastructure (V2I).
Any vulnerability in the ecosystem could be weaponized to cause mass disruption, including safety hazards.
With More Smart Vehicle Growth Comes Greater Risk
The connected vehicle market is projected to grow to USD 121 billion by 2025. By 2023, the global automotive industry is predicted to deliver more than 76 million connected vehicles.
5G connectivity is set to transform the automotive experience through enhanced telematics, automated factory parking, advanced driver-assistance systems, autonomous driving, seamless data, and cellular connectivity.
A smart vehicle is estimated to generate 25GB of data per hour by 2025, surpassing web browsing or video streaming activities.
The growth and transformation of the automotive industry extend the attack surface and amplifies exposure to significant business risk. According to the World Economic Forum, the forecast for the connected vehicle market is USD 215 billion by 2027.
However, by 2024, it is estimated the industry would lose more than USD 500 billion to
Besides cybersecurity regulatory standards such as the United Nations Economic Commission for Europe’s (UNECE) WP.29 R1552 & R1563 regulations and the ISO/SAE 21434 standard, smart vehicle manufacturers must prioritize adequate security controls to reduce the attack surface and minimize successful exploitation of vulnerabilities.
Things You Can Do to Secure Your Smart Vehicle
Protecting connected vehicles is not only the responsibility of vehicle manufacturers. Vehicle owners have a role to play in minimizing data access and breaches. Following these simple recommendations will make it difficult for criminals to steal your data or vehicle.
- Limit personal information shared with your smart vehicle, including how you save your home address (funny enough, after my car updated, it requested that I set up a user profile with my intelligent key - you guessed right, I declined the setup).
- Keep your mobile phone updated and ensure apps are safe to install. Infected apps could be used to compromise phones and connected vehicles.
- Don’t synchronize your phone with rental vehicles. You might be leaving too much information than desired.
- Update firmware when available, but not in motion. You can’t predict what the new update will affect, so you want to do it safely.
- Ensure connected devices such as USB dongles are free of malware.
- Try as much as possible to avoid connecting your vehicle to your home network. If you must, keep the connection on a dedicated channel.
- Be aware of your surroundings when using key fobs. If your vehicle is equipped with a keyless entry on the door, use it to lock/unlock the vehicle rather than the key fob.
- Charge your electric vehicles only at dedicated stations with adequate deterrence control (e.g., surveillance cameras).
- When connected to social media through your vehicle, be careful not to click on suspicious links.
- Be aware that if your vehicle can connect to the internet, it can download malicious software. Be aware of the websites you visit.
- If you notice that your dashboard is displaying strangely, it is better not to drive till you are sure that the infotainment system has not been messed with.
Hit The Road With Confidence
The possibility of a cyberattack should not deter you from enjoying your smart vehicle. Making smart security choices as recommended above empowers you to explore the cool features your connected vehicle offers without compromising your safety and security.
Furthermore, automotive makers should ensure secure engineering principles are integrated into every phase of the vehicle development life cycle.
Third-party suppliers play a significant role in maintaining the integrity of connected vehicles by implementing adequate controls to minimize the exploitation of vulnerabilities in the digital supply chain.