April 13, 2023

Automotive Cyber Vulnerabilities You Need to be Aware of

As technology continues to advance, the potential for hacking and cyber-attacks on various devices and systems has become a major threat. This has extended to the automotive industry, with increasing numbers of car hacks being reported. With the rise in the production of electric vehicles (EVs), these attacks have escalated in frequency and severity. 

Two of the most disturbing reports of car hacking involves the VIN number of the vehicle, usually displayed on the windshield the second takes advantage of and exploitation of the headlight systems called Controller Area Network (CAN) injection. 

Disturbingly, the headlight hack is not specific to original equipment manufacturers (OEMs) but exploits the Tier 1 suppliers of headlights. This means that multiple OEMs are affected simultaneously, making it a serious issue that requires immediate attention. 

This hack allows the attacker to gain access to the car’s CAN bus responsible for connecting various systems within the car, such as the engine, brakes, and steering. If an attacker gains access to the CAN bus, they can drive away with your car without ever encountering the vehicle’s actual key fob. 

The use of EVs has also contributed to the increase in car hacking. EVs rely heavily on software systems to manage their complex powertrain and battery systems. As a result, they are more vulnerable to cyber-attacks that exploit software vulnerabilities. 

According to a recent report from Deloitte Canada looking at cybersecurity concerns in the automotive industry, 84% of cyberattacks on vehicles were done remotely, and 50% of the attacks were done in the past two years—indicating that cybersecurity issues in the automotive industry are predicted to increase in the next few years. 

Car manufacturers as well as Tier 1 suppliers are aware of these risks and should be taking steps to address them, implementing stronger security measures, such as encryption and secure communication protocols, to protect against attacks. Rigorous testing also needs to happen and the implementation of software updates to address any vulnerabilities that are discovered. 

However, it is important for consumers to be aware of these risks and take steps to protect themselves. This includes keeping software systems up to date according to manufacturer guidelines and avoiding connecting unknown devices. It’s also important to avoid modifying the car’s software or hardware, as this can introduce vulnerabilities that can be exploited by attackers. 

Overall, car hacking is a serious issue that requires the attention of the automotive industry, as well as consumers. With the increasing use of technology in cars, the potential for cyber-attacks is only going to increase. By implementing strong security measures and taking steps to protect themselves, car manufacturers and consumers can work together to reduce the risks associated with car hacking. 

Can Device Authority mitigate the risk of this type of attack?  

Specializing in security solutions for the Internet of Things (IoT), including connected cars and connected factories. The KeyScaler and our expertise in IoT security can help mitigate the risks of car hacking and enable car manufacturers to provide safer and more secure connected cars for their customers. 

Find out more about how our platform can help car manufacturers secure these vehicles and join the conversation by registering for our upcoming virtual summit with presentations from across the industry focused on securing your supply chain.  

 

WRITTEN BY
Louise José