Threat Analysis

Threat Analysis

Research on and insights into threats to connected vehicles

Threat Analysis

Incident analysis

Overview of automotive threat incidents through the lens of UN Regulation No. 155 (UN R155)

Brokenwire Hack Disrupts Charging of Electric Vehicles

Brokenwire Hack Disrupts Charging of Electric Vehicles

Researchers from the University of Oxford and Armasuisse Science and Technology (S+T) discovered an attack method that would work against the Combined Charging System (CCS) and disrupt the ability of electric vehicles to charge at scale.

Charging Port Opener Attack

Charging Port Opener Attack

A hacker who goes by the name NotPike on Twitter revealed how they were able to conduct a replay attack on Tesla’s charging port. This was because the ports use 315 MHz as their standard signal to open ports, which can be replayed to open charging ports.

Vulnerability in Remote Keyless Systems

Vulnerability in Remote Keyless Systems

Ayyappan Rajesh submitted a proof of concept for CVE-2022-27254 and showed how the keyless systems of different Honda vehicles send the same unencrypted radio frequency (RF) signal for commands like opening a car door and starting the engine remotely. This could allow threat actors to conduct a replay attack.

Cuba Ransomware Group’s Attack on an Auto Parts Manufacturer

Cuba Ransomware Group’s Attack on an Auto Parts Manufacturer

The Cuba Ransomware, known for targeting critical infrastructures, claimed to have gone after Hyundai’s auto parts manufacturer, Hyundai Powertech.

Rook Ransomware’s Attack on an Automotive Parts Company

Rook Ransomware’s Attack on an Automotive Parts Company

Various reports show how cybercriminals have been targeting suppliers for major car manufacturers like Toyota. For example, the Rook ransomware group announced that it has attacked Denso, one of the largest automotive parts suppliers in Japan.

LockBit Ransomware’s Attack on a Tire Manufacturing Company

LockBit Ransomware’s Attack on a Tire Manufacturing Company

Bridgestone, one of the largest and well-known tire manufacturing corporations in the US, confirmed being hit with the LockBit ransomware. The LockBit ransomware gang took credit for the attack and threatened to publish Bridgestone data.

More research

Previous threat studies

Examining Log4j Vulnerabilities in Connected Cars and Charging Stations

Examining Log4j Vulnerabilities in Connected Cars and Charging Stations

This entry looks into how Log4j vulnerabilities affect devices or properties embedded in or used for connected cars, specifically chargers, in-vehicle infotainment systems, and digital remotes for opening cars.

A Roadmap to Secure Connected Cars: Charting the WP.29's UN Regulation No. 155

A Roadmap to Secure Connected Cars: Charting the WP.29's UN Regulation No. 155

As connected cars become more commonplace, the UN Regulation No. 155 sets guidelines to ensure cybersecurity in vehicles. This research assesses the risks of its highlighted attack vectors and looks beyond its scope to identify top priorities.

In Transit, Interconnected, at Risk: Cybersecurity Risks of Connected Cars

In Transit, Interconnected, at Risk: Cybersecurity Risks of Connected Cars

The use of connected cars continues to grow. While the vehicles’ link to technologies such as 5G and the cloud presents opportunities for improving efficiency and safety, it can also attract risks from threat actors as well.

A Ride on Taiwan’s Self-Driving Bus

A Ride on Taiwan’s Self-Driving Bus

This blog entry follows a ride on the self-driving bus now being tested in Taiwan and shares security insights.

The Cybersecurity Blind Spots of Connected Cars

The Cybersecurity Blind Spots of Connected Cars

Connected cars face a range of ever-increasing and ever-progressing cyberthreats. This research provides an in-depth examination of the risks connected cars might run into.

ISO/SAE 21434: Securing Tomorrow's Connected Cars

ISO/SAE 21434: Securing Tomorrow's Connected Cars

The upcoming standard sets the tone for future mandates for the cybersecurity of cars.

Start your journey to better automotive cybersecurity