Connected vehicles vulnerable to major hacks, Upstream Security says

Connectivity can boost the capabilities of automated vehicles, enhance vehicle personalization and improve driver experiences.

These benefits are so widespread that connected vehicles — able to communicate with each other, the infrastructure, the cloud, even pedestrians — are expected to comprise nearly 86 percent of the global automotive market by 2025.

But all of this technology leaves vulnerabilities and increases opportunities for hackers, according to Upstream Security’s 2021 Global Automotive Cybersecurity Report, released Tuesday.

The Israeli company analyzed 633 publicly reported cyber hacks or attacks since 2010, including nearly one-third of which occurred this year.

“Traditional forms of cyberthreats such as ransomware, as well as more automotive-specific threats targeting telematics services, vehicle components and the vehicles themselves, contributed to the recent increase in the number of cyberattacks targeting the automotive industry,” the report says.

According to Forbes, nearly every auto manufacturer has been hacked. There could be a direct impact on the safety and security of vehicles and road users. Hacks threaten a vehicle’s data and codes, external connectivity, back-end servers, update procedures and more.

According to Upstream, the most common attack vectors — areas through which hackers gain access — include servers, keyless-entry systems or key fobs, mobile apps, on-board diagnostics ports and infotainment.

The IT network, sensors, electronic control unit and in-vehicle network, among other vectors, also open a vehicle to attacks. Nearly 80 percent of all attacks examined between 2010 and 2020 were remote and relied on network connectivity, while 20.7 percent required physical access.

Autonomous vehicles are particularly vulnerable to hacks, but so are electric vehicles, as they are controlled mostly by electronic devices embedded within susceptible networks.

“Cyber vulnerabilities are magnified in EVs due to the unique risks associated with these vehicles’ battery packs,” according to Upstream.

The company says that factoring in security at the time a component or software is in the development phase as well as implementing multilayered cybersecurity features are critical to protecting vehicles against attacks.

“With the continued rise of cyberattacks against the automotive industry and the regulatory requirements that were developed in response, now more than ever, automotive stakeholders must take heed of the cyberthreat landscape,” Oded Yarkoni, Upstream Security’s vice president of marketing, said in a release.