Connectivity Makes Vehicles Targets of Cyberattacks

Connectivity has transformed the driving experience into one of entertainment and personal assistance. Smart cars are allowing passengers to adapt the car’s settings depending on personal preferences. Entertainment and information is provided to passengers through infotainment systems and digital dashboards that connect to other smart devices through platforms like Apple CarPlay and Android Auto. However, this increased connectivity is leaving vehicle more vulnerable.

“By making every device smarter, we are making them targets of cyberattacks,” said Sneer Rozenfled, Member, Israel’s Cyber Innovation Community, and CEO, Cyber 2.0 at Mexico Cybersecurity Summit 2022.

OEMs are implementing technological features to make driving a more simplified and safe experience. For example, General Motors (GM) allied with INRIX to develop Safety View, a cloud-based safety analytics application that helps actors involved in mobility to achieve road safety goals, as reported by MBN.

In the coming years, Wi-Fi 6 and Bluetooth 5.2 will bring further enhancements to vehicle connectivity. This will improve the in-car experience and vehicles will become software-defined platforms that will evolve over their lifetime, as reported by EETimes.

“Connected cars are enabling automated fuel payments, predictive maintenance, remote software upgrades and self-driving functions. The advent of 5G networks, with higher capacity for data and lower latency, will likely supercharge connectivity and spawn new innovation,” says Sterling Pratz, CEO, Car IQ, to Mastercard.

Technological Vulnerabilities

Despite the multiple benefits that connectivity can bring to our daily activities, being part of a connected world makes drivers possible victims of cyberattacks. Anything that current vehicles are capable of can be controlled by attackers, according to PWC.

A recently published report of Kapersky shows that over half of the third-party mobile applications that control vehicle features use owners’ credentials without asking for consent. “When downloading a third-party application to control your car remotely, users should be aware of possible threats. We entrust a lot of private information and personal data to connected technology. Unfortunately, not all developers take a responsible approach when it comes to data storage and collection, which results in users exposing their personal information. This data may later be sold on the dark web and end up in untrustful hands,” said Sergey Zorin, Head of Transportation Security, Kaspersky.

Vulnerabilities caused by a third-party app that Tesla users commonly use to analyze data from their vehicle have also been reported recently. "Imagine music blasts at max volume and every time you want to turn it off it just starts again or imagine every time you unlock your doors they just lock again," said David Colombo, CEO, Colombo Technology, who reported one of these vulnerabilities after he was able to hack Tesla vehicles.

“Cybercriminals might not only steal your data and personal credentials but also gain access to your vehicle and that might lead to physical threats. For these reasons, we urge application developers to make user protection a priority and take precautionary measures to avoid compromising customers and themselves,” added Zorin.

Connectivity has also increased keyless thefts. Criminals are amplifying the signal of the devices to make the system of the car believe that the keys are nearby, when in reality, they may be far away, as reported by Forbes.

According to PWC, the transition toward autonomous vehicles will exacerbate the threat. “The risks are growing as more and more vehicles are moving toward over-the-air software update capabilities,” said James Anderson, Director, Justice Policy Program at Rand Corp to Yahoo! News.

Cybersecurity in the Sector

The global connected cars market is expected to grow from US$59.83 billion in 2021 to U$69.2 billion in 2022. By 2026, its value is expected to rise to US$123.87 billion. Furthermore, 50 percent of the EU’s total vehicle park is forecast to be connected by 2025. The deadline for this same level of connectivity is 2023 in the US and 2029 in China, as reported by Strategy and PWC.

In a more connected environment, OEMs are being forced to transform their organizational, procedural and technical capabilities to detect and address cyberattacks more efficiently, as reported by McKinsey & Company. “We estimate that the total cybersecurity market will increase from US$4.9 billion in 2020 to US$9.7 billion in 2030, corresponding to an annual growth of more than 7 percent,” says the firm. This entails upskilling regarding cybersecurity. “IT areas should share cybersecurity’s measures with all collaborators. The entire organization should be aware of the topic,” said Marcela Domenzain Carmona, Human Resources Director, Mexico, Central America and the Caribbean, BASF, at Mexico Talent Forum 2022.

“Fighting for cybersecurity will not be easy or cheap. But it will enable the industry and its customers to stay safely on the road,” says PWC.