A sneak peek into Automotive Hacking Whys and Hows

We live in an era of smart so obviously, everything around us got to be smart too, like watches, phones, homes, bathrooms, limbs and cars. The smarts have so overpowered our lives that anything of the non-smart variety are developing quite a complex. However, an overdose of smartness comes with detriments. Smart products are usually connected to the internet, which stands a risk of being hacked. In this blog, we are going to discuss about one such type of smarts, the digitally equipped “Connected Automobile”.

Car hacking is nothing new and apparently, it has been happening since 2005. 2019 reported a 605% increase in the number of cars hacked than the 2016. According to 2021 Global Automotive Cybersecurity Report, 55% of the automotive hacks reported in 2020 were carried out by black-hat hackers’ intent upon disrupting business and demanding ransom, whereas 38.6% were carried out by white-hat hackers. Out of the total reported cases in 2020, 77.8% were remote attacks.

So, what is automobile hacking?

When a connected automobile’s software, hardware or connectivity is targeted to gain unauthorized access by a hacker is termed automobile hacking. It is reported that a modern connected car runs 15 times more code than a connected plane, which gives the hackers as many entry points.

VULNERABILE ACCESS POINTS

Research has it that a connected car has 4 vulnerable points that the hackers target:

1. Mobile

Smartphone apps for connected cars have literally converted them into a remote control vehicle by which you can locate, lock or unlock your cars. Some can even summon these cars to you. Cool, right? However, where such cars present a plethora of fun, entertainment and convenience they are also highly susceptible to hacking. According to the Russian security firm, Kaspersky after analyzing these apps found that most of them lacked even basic software defenses. In one such experiment, a hacker found a way to kill thousands of these connected car engines by remotely accessing the GPS tracking apps like ProTrack and iTrack. The total percentage of vehicle mobile app cyberattacks accounts to 12.71% of the total hacking incidents accounted so far.

2. Server

Hacking connected cars through company servers are the second most common type and accounts to a total of 26.42% of the automotive cyberattacks. In 2019, Toyota’s servers were breached exposing the data of over 3.1 million customers. Server hacks are found to be more disastrous than the other type of automotive hacking as it not only exposes customer data, it also provides access to company’s sales data, can remotely control vehicles and hack mobile apps.

3. Key Fob

Ranking first with 29.95% is cyberattacks on automotive cars by Key Fob. Tesla’s White Hat hackers found several vulnerabilities of its S Model Key Fob that allowed the car to be hacked within a few seconds. Moreover, most of them were reported to be remotely accessible hacks, which are usually tough to defend and reverse.

4. OBD Ports and Infotainment system

Hacking OBD ports and infotainment systems of automotive cars have becoming a common hacking method. Experts say that using unsecured public wireless networks will make the ports three times more vulnerable.

CYBERSECURITY CHECKPOINTS

With all the above mentioned easy access to hack into an automotive car, it is imperative that these motor car producers take cyber security a notch higher. As is with remote hacking becoming more and more common place addressing vulnerabilities to prevent loss of data and property definitely takes center stage. Ways to enhance security of an automotive car include:

1. Threat detection

The high code complexity of these automotive vehicles makes defensive strategies nearly impractical as it invites potential hackers at every point. Moreover, the systems are created by multiple stakeholders making the single, static cybersecurity platform pointless. Meeting these challenges needs the intervention of real-time, laser sharp AI security systems that are specifically designed for AI connected vehicles. Moreover, it will be more prudent to customize cybersecurity to suit the design of the automotive vehicle and the features included with real-time data-encryption and AI-driven intrusion detection systems.

2. Secure Logins

The remote control features of automotive cars are one of the key vulnerabilities exploited by black hat hackers. The more the number of remote access points the greater the risk. With key fobs and servers being the most targeted access point by hackers it is imperative that we need to secure these with strong passwords that would minimize the threat of major breaches. Moreover, features like multi-factor authentication and biometrics may help to enhance security features.

3. Secure API

API or Application Programming Interface acts is a software system that helps to integrate the automotive car’s software to other third party software and hence, is highly susceptible to vulnerabilities from hackers. It can act as a critical entry point for viruses and hackers if not properly fortified with strong multi-factor authentication features for threat detection and secure logins.

PERSPECTIVES

With digital devouring every aspect of our lives, cybersecurity has taken center stage as our guardian angel against cybercrimes and hackers. Multi-factor authentication, threat detection and identity management has become the bare minimal requirement for staying safe in this hyper-volatile ecosystem and that includes automotive cars. The only way of addressing the increasing number of automotive hacking is if the manufacturers of these cars take a proactive interest in creating a security system that can address the vulnerabilities specific to these connected cars.

Latest posts by Vidya Ramakrishnan (see all)