VicOne 2022 Automotive Cybersecurity Report
Energy production around the world has evolved quickly over the past couple of years, spurred on by an energy crisis that affected many different countries. The automotive industry has kept up with these changes, especially in terms of electric vehicles (EV) and EV technology. However, this rapid evolution leaves certain security gaps that attackers can use to victimize car makers, their suppliers, and car owners.
In our report, we investigate the cyberthreats that have been launched on the automotive industry in 2021 and 2022. We dig into the most prominent attacks, point out high-risk areas that could be targeted in the future, and give our security recommendations and predictions for 2023.
Critical cyberattacks on the automotive industry
Many media outlets discussed automotive security, and in 2022 we noticed that keyless issues were often reported. Keyless technology is an intuitive entry point for criminals since this technology can unlock the door to a car or start the engine without physically inserting a key.
We also investigated over 50 significant security events to show the range of cyberattacks on the industry. These attacks affect different levels of the industry from supplier to vendor, and show that cybersecurity issues are present at almost every production stage. Incidents also happened several times each month without exception.
The most affected sector in the automotive industry are the suppliers.
Out of the cybersecurity incidents we investigated,
67.3% cases involved suppliers.
Attacks on suppliers mean that production is suspended or stopped during these incidents.
Recovery time is lengthy because most suppliers don't have a plan for handling such attacks.
What are the major types of incidents?
Cybersecurity incidents affect many different organizations in industries all over the world. Within the automotive industry in the past two years, we see that there are two types of attacks that affect companies. The most common attack is ransomware, followed by data breaches.
Ransomware is a type of malware that prevents or limits users from accessing their systems.
It locks the system's screen or encrypts users' files until a ransom is paid.
32.6% of ransomware incidents we investigated within the automotive industry were connected to the Conti family.
A data breach is an incident in which information is stolen from a system without its owner's knowledge or authorization.
Depending on the type of data and from whom it is stolen, a data breach can have far-reaching consequences.
It can affect the lives of customers and an organization's reputation.
Identified and increasingly
EV charging stations
There have been many issues surrounding EV charging stations, other pieces of technology that allow for hassle-free charging, and the standards of charging. Charging stations and battery management systems can easily become a hacker’s target. In general, EVs usually use a lithium polymer (LiPo) battery, which needs comprehensive intelligent control mechanisms to work well. Compared to traditional cars, EVs have more sensors and communication protocols between the vehicle and charging station, which leads to multiple security issues.
Most new car models sold in the market have built-in embedded-SIMs (eSIMs) that are used to communicate with back-end cloud servers, among other functions. They allow for applications that can lock a car and apps that can send current road condition data to the cloud to transmit to other vehicles. A cloud API is the main character of the whole network architecture that provides variables functions, and a developer can leverage its data and functions to archive different purposes. The cloud APIs used by car manufacturers are specific to their vehicles and might have security gaps that can be exploited. In the traditional IT industry, API security already has its own set of best practices. Since the API domain is mature and related toolsets are ready, car manufacturers can hopefully build on what is already tied and tested.
Remote keyless entry (RKE)
The evolution of remote keys in the automotive industry is somewhat similar to the evolution of protocols in the industrial internet-of-things (IIoT) environment. Industrial radio frequency (RF) remote controllers appear as rugged remotes with multiple buttons and so do vehicle RKE key fobs. RF remote controllers are based on packet radio protocols, which involve modulating a byte-stream as radio waves. Their increased connectivity with other devices (such as Anybus and CAN bus) makes them an interesting target for attackers.
Many of the threats that we highlighted in the preceding sections are well-known in the cybersecurity industry, and automotive organizations should use existing practices from other industries to create a tailored plan for their specific needs. Here are some security recommendations that those in the automotive industry should know:
Although there are various kinds of open-source software that can be used to build car software quickly, these often do not include security. Real progress is about maintaining security while also developing rapidly.
Over-the-air (OTA) updates are an indispensable part of modern vehicle design as they increase safety and save possible costs in the future.
Modern vehicles have plenty of electronic equipment and are actually powerful computers on wheels. Taking this into consideration, there should be real-time reporting of the vehicle’s situation. This helps identify possible problems and prevent future issues. The existence of vehicle security operations center (VSOC) has also become indispensable.
The year ahead looks to be exciting for the automotive industry, especially in terms of EVs and new technology elevating user experience. Unfortunately, with change and innovation come security gaps and new issues. The following are some of our predictions for the automotive security landscape of 2023.
Ransomware will continue to affect the automotive supply chain.
Open-source vulnerabilities will affect more within the automotive industry.
Radio signal attacks (replay, relay, jamming, man-in-the-middle, and more) will increase.
Malware will be implanted into in-vehicle infotainment or telematic control unit (TCU) systems.
There will be chip-level vulnerabilities and attacks since the chip-level design is not secure.
Hackers will exploit OTA to compromise the flow or implant malicious code into upgraded software.
Attackers can bypass the digital locks that manufacturers impose on vehicles.
To learn more about these topics, as well as other cybersecurity issues connected to the automotive industry, download “Automotive Cybersecurity in 2022: VicOne Report.”