Cybersecurity major Trend Micro Incorporated has announced a major new study into connected car security.
The study describes multiple scenarios in which drivers could encounter attacks that threaten the safety of themselves and others.
As per the report, the scope of the cybersecurity risks examined. Researchers evaluated 29 real-world attack scenarios according to the DREAD1 threat model for qualitative risk analysis.
These attacks could be launched remotely against and/or from victim vehicles.
Some examples and highlights are:
DDoS attacks on Intelligent Transportation Systems (ITS) could target connected car communications and pose a high risk.
Exposed and vulnerable connected car systems are easily found, making them at higher risk of abuse.
More than 17 per cent of all attack vectors examined were high risk. These require only a limited understanding of connected car technology and could be done by a low-skilled attacker.
Rainer Vosseler, threat research manager for Trend Micro, said, “Our research shows that there are ample opportunities for attackers looking to abuse connected car technology.”
He added: “Fortunately, there are currently limited opportunities for attacks, and criminals have not found reliable ways to monetize such attacks. With the U.N.’s recent regulations requiring all connected cars to include cybersecurity, as well as a new ISO standard underway, now is the time for stakeholders across the industry to better identify and address cyber risk as we accelerate towards a connected and autonomous vehicle future.”
Over 125 million passenger cars with embedded connectivity are forecast to ship worldwide between 2018 and 2022, and progress continues to advance towards fully autonomous vehicles. This advancement will create a complex ecosystem comprising cloud, IoT, 5G and other key technologies.
It also features an enormous attack surface comprising potentially millions of endpoints and end users.
Hactivists & terrorists
Even as the industry grows, there will be many opportunities for monetization and sabotage for hacktivists, terrorists, cybercriminals, nation states, insiders and even unscrupulous operators, the report says.
Out of all 29 attack vectors studied, the overall risk of successful cyber attacks was assessed as Medium. However, as SaaS applications become embedded in the Electrical/Electronics (E/E) architecture of vehicles and cybercriminals create new monetization strategies, an evolution in attacks will lead to higher risk threats.
To bring down the risks, connected car security must be designed with an integrated view of all critical areas to secure the end-to-end data supply chain.
(With inputs from Automotive Lead Research Team)
If you like this article from Automotive Lead, please feel free to share this in your social media platforms to help your contacts to understand more on this subject