By Ling Cheng (Senior Product Marketing Manager)
In today’s automotive ecosystem, application programming interfaces (APIs) have become both ubiquitous and indispensable. Especially with the emergence of software-defined vehicles (SDVs), APIs are pervasive throughout the modern automotive ecosystem, encompassing cloud-based APIs, cloud-to-vehicle APIs, mobile-to-vehicle APIs, mobile-to-cloud-to-vehicle APIs, and in-vehicle APIs. These diverse types of APIs play pivotal roles, ensuring seamless connectivity and efficient operations across the entire automotive industry.
Figure 1. Interconnectivity within the automotive ecosystem made possible by API
However, the extensive use of APIs has also made them a prime target for cyberattacks. Our automotive threat intelligence database reveals that from 2020 to 2022, API attacks evolved from targeting individual components to adopting a comprehensive strategy encompassing the entire ecosystem. This shift in API attacks highlights a greater challenge to automotive ecosystem security, indicating that concentrating solely on protecting individual APIs is no longer adequate.
Figure 2. API attacks evolved from having single targets to having multiple targets.
The automotive API attack landscape
The evolving threat landscape has introduced a range of API vulnerabilities with serious implications. The threats and risks resulting from API vulnerabilities include:
- OTA spoofing: Unauthorized API calls can mimic legitimate OTA update requests.
- Cyberattacks/Ransomware incidents: APIs can be a gateway for attackers to infiltrate systems and deploy ransomware.
- Vehicle entry/Immobilizer systems: API flaws can allow unauthorized access to vehicle control systems.
It is important to note that SDVs inherently rely heavily on APIs. Consequently, the potential attack surface expands, introducing risks due to the frequent updates of software over-the-air (SOTA) technology. If attackers breach OTA servers and inject malicious software, they could masquerade as legitimate SOTA update requests, distributing them to vehicles via unauthorized APIs. The nature of SDVs significantly boosts the attackers’ chances of success. Previously, OTA updates occurred quarterly, offering only four to five chances per year. The frequency is expected to increase to potentially 12 to 14 times annually in the future. These factors underscore the critical importance of automotive API security.
Figure 3. Risks in the SDV ecosystem
Mitigating automotive API security risks
To effectively mitigate API security risks in the expansive automotive ecosystem, it is essential to implement a systematic approach that includes:
- A shift-left strategy: Integrate continuous vulnerability assessment during the design phase to detect and address potential API issues early, minimizing future risks.
- Runtime protection: Deploy real-time protection to safeguard APIs and detect anomalies and attacks promptly, ensuring robust security during operation.
- Unified risk visibility: Consolidate vulnerability and security event data into a centralized platform to achieve comprehensive risk visibility and use advanced analytics for actionable threat insights.
- A highly integrated, future-proof solution: Opt for a solution that supports seamless phased implementation, transitioning smoothly from agentless to agent-based configurations. This approach ensures effortless scaling and long-term adaptability, safeguarding system stability and sustainability for decades.
Download our white paper to learn more about automotive API security risks, including real-world examples and an expanded systematic approach to mitigation.
