|Connected vehicles vulnerable to major hacks, Upstream Security says|
Connectivity can boost the capabilities of automated vehicles, enhance vehicle personalization and improve driver experiences.
These benefits are so widespread that connected vehicles — able to communicate with each other, the infrastructure, the cloud, even pedestrians — are expected to comprise nearly 86 percent of the global automotive market by 2025.
But all of this technology leaves vulnerabilities and increases opportunities for hackers, according to Upstream Security's 2021 Global Automotive Cybersecurity Report, released Tuesday.
The Israeli company analyzed 633 publicly reported cyber hacks or attacks since 2010, nearly one-third of which occurred this year.
"Traditional forms of cyber threats like ransomware, as well as more automotive-specific threats targeting telematics services, vehicle components, and the vehicles themselves, contributed to the recent increase in the number of cyber attacks targeting the automotive industry," the report says.
According to Forbes, nearly every auto manufacturer has been hacked. There could be a direct impact on safety and security of vehicles and road users. Hacks threaten a vehicle's data and codes, external connectivity, back-end servers, update procedures and more.
According to Upstream, the most common attack vectors — areas through which hackers gain access — include servers, keyless entry systems or key fobs, mobile apps, onboard diagnostics ports and infotainment.
The IT network, sensors, electronic control unit and in-vehicle network, among other vectors, also open a vehicle to attacks. Nearly 80 percent of all attacks examined between 2010 and 2020 were remote and relied on network connectivity, while 21 percent required physical access.
Autonomous vehicles are particularly vulnerable to hacks, but so are electric vehicles, as they are controlled mostly by electronic devices embedded within susceptible networks.
"Cyber vulnerabilities are magnified in EVs due to the unique risks associated with these vehicles' battery packs," according to Upstream.
The company says that factoring in security at the time a component or software is in the development phase as well as implementing multilayered cybersecurity features are critical to protecting vehicles against attacks.
"With the continued rise of cyber attacks against the automotive industry and the regulatory requirements that were developed in response, now more than ever, automotive stakeholders must take heed of the cyber threat landscape," said Oded Yarkoni, Upstream Security's vice president of marketing, in a release.
-- Alexa St. John