New report sums up automotive cyber threats2 min read

A new report from global intelligence firm IntSights, Under the Hood: Cybercriminals Exploit Automotive Industry’s Software Features, has highlighted the cyber-threats facing manufacturers in the automotive industry, shining a light on how and why hackers are looking to infiltrate automobile infrastructure.

“The automotive industry is undergoing a transformation, as manufacturers pivot to focus on connectivity,” the report’s introduction reads. “The growing emphasis on software and connectivity in the automotive industry adds a new challenge: cybersecurity. The pressure to deliver products as fast as possible puts a big strain on the security capabilities of cars, manufacturing facilities, and automotive data.”

As the report points out, cyber-attacks targeting the automotive industry have only been an issue since 2010, but while vehicles typically have more complicated attack surfaces to penetrate compared to other options such as banks or retail shops, “the automotive industry still has numerous attack vectors,” that are currently being exploited by cyber-criminals.

These include:

• Remote keyless systems
• Tire pressure monitoring systems
• Software and infotainment applications
• GPS spoofing
• Cellular attacks

IntSights discovered online shops selling car hacking tools that disconnect automobile immobilisers, as well as services that sell code grabbers and forums that give bad actors a complete tutorial on how to steal vehicles.

“The automotive manufacturing industry is wrought with issues, stemming from legacy systems that can’t be patched to the proliferation of vehicle connectivity and software as consumers demand more integration with personal devices and remote access,” said Etay Maor, chief security officer, IntSights.

Maor explained that cyber-attacks against the automotive industry have the potential to cause more than just digital harm. “As opposed to other industries like finance or healthcare, the actual target in this case is visible, physically approachable and very common. In addition, cars include multiple components that can be compromised providing for a greater attack surface.

“The automotive industry is already undergoing a great transformation in terms of cybersecurity – car manufacturers are hiring security researchers to test out new components that they add to their cars, and security teams with a focus on IT and OT are deployed more and more. When it comes to the cars themselves – it all starts with architecture and design with security in mind. The industry must have threat intelligence on what their adversary is doing in order for them to understand and prepare for the types of attacks the cyber-criminals are carrying out.”

For the IntSights report, click on the link.