Connected vehicles vulnerable to major hacks, Upstream Security says

Connectivity can boost the capabilities of automated vehicles, enhance vehicle personalization and improve driver experiences.

These benefits are so widespread that connected vehicles — able to communicate with each other, the infrastructure, the cloud, even pedestrians — are expected to comprise nearly 86 percent of the global automotive market by 2025.

But all of this technology leaves vulnerabilities and increases opportunities for hackers, according to Upstream Security's 2021 Global Automotive Cybersecurity Report, released Tuesday.

The Israeli company analyzed 633 publicly reported cyber hacks or attacks since 2010, nearly one-third of which occurred this year.

"Traditional forms of cyber threats like ransomware, as well as more automotive-specific threats targeting telematics services, vehicle components, and the vehicles themselves, contributed to the recent increase in the number of cyber attacks targeting the automotive industry," the report says.

According to Forbes, nearly every auto manufacturer has been hacked. There could be a direct impact on safety and security of vehicles and road users. Hacks threaten a vehicle's data and codes, external connectivity, back-end servers, update procedures and more.

According to Upstream, the most common attack vectors — areas through which hackers gain access — include servers, keyless entry systems or key fobs, mobile apps, onboard diagnostics ports and infotainment.

The IT network, sensors, electronic control unit and in-vehicle network, among other vectors, also open a vehicle to attacks. Nearly 80 percent of all attacks examined between 2010 and 2020 were remote and relied on network connectivity, while 21 percent required physical access.

Autonomous vehicles are particularly vulnerable to hacks, but so are electric vehicles, as they are controlled mostly by electronic devices embedded within susceptible networks.

"Cyber vulnerabilities are magnified in EVs due to the unique risks associated with these vehicles' battery packs," according to Upstream.

The company says that factoring in security at the time a component or software is in the development phase as well as implementing multilayered cybersecurity features are critical to protecting vehicles against attacks.

"With the continued rise of cyber attacks against the automotive industry and the regulatory requirements that were developed in response, now more than ever, automotive stakeholders must take heed of the cyber threat landscape," said Oded Yarkoni, Upstream Security's vice president of marketing, in a release.

-- Alexa St. John

What you need to know

Ban on gasoline-only vehicles could jump-start Japan's EV bid Despite their early advances into electrification, Japanese automakers look like laggards today. The hybrid systems favored by Toyota and Honda seem somewhat yesterday in an era abuzz over a worldwide wave of full EVs. Nissan and Mitsubishi long ago saw competitors pass them by in battery-electrics. But now a dramatic policy shift by Japan's government could make the industry newly competitive. Under an initiative floated this month, Japan's powerful Ministry of Economy, Trade and Industry is proposing phasing out sales of new gasoline-powered vehicles by the mid-2030s. The plan, first reported by national broadcaster NHK, is expected to be adopted by year end.

Motional and Lyft prep robotaxi service Self-driving vehicle maker Motional and ride-hailing giant Lyft Inc. plan to launch a multimarket robotaxi service in 2023. Motional, the $4 billion Hyundai-Aptiv autonomous driving joint venture, will deploy fully driverless vehicles on the Lyft network in major U.S. cities, the two companies said Wednesday. Motional and Lyft are behind a self-driving taxi service operation in Las Vegas, which was paused this year because of the coronavirus pandemic but resumed in October. The partners began offering rides in 2018.

Roundup

Zoox unveils autonomous taxi for future ride-hailing service.

Electric vehicles may have more interest from U.S. consumers than anticipated, according to a survey from Consumer Reports.

Electric vehicle startup Canoo reveals delivery van, lays out plans for pickup.

Gatik, Walmart to expand autonomous vehicle delivery pilot.

Electric van startup Arrival aims to reshape vehicle production.

Mobileye looks to build its own lidar to drive down AV costs.

Ten more automakers meet automatic emergency braking commitment.

President-elect Joe Biden introduces Pete Buttigieg as pick to lead transportation.

A big task for energy secretary nominee Jennifer Granholm: Making good on Biden pledge to help the U.S. compete with China on electric vehicles.

Baidu considers making own electric vehicles, report says.

Alliance proposes national strategy to ensure U.S. leadership in autos.

May Mobility embarks on international expansion.

Next-gen Toyota Mirai hits U.S. with big cut in starting price.

Nikola plans to buy cheap power in Arizona to make hydrogen.

Mercedes Alabama plant to build two EVs as part of global push.

Magna's next CEO predicts big gains for driver-assistance systems.

Volkswagen targets Tesla with long-range EV battery technology.

December issue of Fixed Ops Journal examines how dealers and automakers are preparing for the coming EV marketplace.

Brain food

Consumers prefer riding solo but feel lonely in other aspects of life.

Last mile

GMC engineers have some fun with Hummer EV plates.