Steering Clear
VicOne 2022 Automotive Cybersecurity Report
November 29, 2022
Download Automotive Cybersecurity in 2022: VicOne ReportEnergy production around the world has evolved quickly over the past couple of years, spurred on by an energy crisis. Likewise, the automotive industry has kept up with this change, with electric vehicles (EVs) becoming more and more prevalent. But this rapid evolution leaves certain security gaps that attackers can use. This report investigates the cyberthreats launched on the automotive industry in 2021 and 2022, identifying the most prominent attacks, highlighting increasingly high-risk areas, and providing security recommendations and predictions for 2023.
Critical cyberattacks on the automotive industry
Many media outlets discussed automotive security, and in 2022 we noticed that keyless issues were often reported. Keyless technology is an intuitive entry point for criminals since this technology can unlock the door to a car or start the engine without physically inserting a key.
We also investigated over 50 significant security events to show the range of cyberattacks on the industry. These attacks affect different levels of the industry from supplier to vendor, and show that cybersecurity issues are present at almost every production stage. Incidents also happened several times each month without exception.
The most affected sector in the automotive industry are the suppliers.
Out of the cybersecurity incidents we investigated,
67.3% cases involved suppliers.
Attacks on suppliers mean that production is suspended or stopped during these incidents.
Recovery time is lengthy because most suppliers don't have a plan for handling such attacks.
What are the major types of incidents?
Cybersecurity incidents affect many different organizations in industries all over the world. Within the automotive industry in the past two years, we see that there are two types of attacks that affect companies. The most common attack is ransomware, followed by data breaches.
Ransomware is a type of malware that prevents or limits users from accessing their systems.
It locks the system's screen or encrypts users' files until a ransom is paid.
32.6% of ransomware incidents we investigated within the automotive industry were connected to the Conti family.
A data breach is an incident in which information is stolen from a system without its owner's knowledge or authorization.
Depending on the type of data and from whom it is stolen, a data breach can have far-reaching consequences.
It can affect the lives of customers and an organization's reputation.
Data-breach incidents in the automotive industry from January 2021 to June 2022
Identified and increasingly high-risk areas
EV charging station
EVs have more sensors and communication protocols between the vehicle and charging station, which leads to multiple security issues.
Cloud APIs
New car models have built-in eSIMs communicating with back-end cloud servers. The cloud APIs used by car manufacturers are specific to their vehicles and might have security gaps.
Remote keyless entry (RKE)
The evolution of remote keys mirrors IIoT protocol evolution. Their increased connectivity with other devices makes them an interesting target.
EV charging stations
There have been many issues surrounding EV charging stations, other pieces of technology that allow for hassle-free charging, and the standards of charging. Charging stations and battery management systems can easily become a hacker's target. In general, EVs usually use a lithium polymer (LiPo) battery, which needs comprehensive intelligent control mechanisms to work well. Compared to traditional cars, EVs have more sensors and communication protocols between the vehicle and charging station, which leads to multiple security issues.
Cloud APIs
Most new car models sold in the market have built-in embedded-SIMs (eSIMs) that are used to communicate with back-end cloud servers, among other functions. They allow for applications that can lock a car and apps that can send current road condition data to the cloud to transmit to other vehicles. A cloud API is the main character of the whole network architecture that provides variable functions, and a developer can leverage its data and functions to achieve different purposes. The cloud APIs used by car manufacturers are specific to their vehicles and might have security gaps that can be exploited. In the traditional IT industry, API security already has its own set of best practices. Since the API domain is mature and related toolsets are ready, car manufacturers can hopefully build on what is already tried and tested.
Remote keyless entry (RKE)
The evolution of remote keys in the automotive industry is somewhat similar to the evolution of protocols in the industrial internet-of-things (IIoT) environment. Industrial radio frequency (RF) remote controllers appear as rugged remotes with multiple buttons and so do vehicle RKE key fobs. RF remote controllers are based on packet radio protocols, which involve modulating a byte-stream as radio waves. Their increased connectivity with other devices (such as Anybus and CAN bus) makes them an interesting target for attackers.
Security recommendations
Many of the threats that we highlighted in the preceding sections are well-known in the cybersecurity industry, and automotive organizations should use existing practices from other industries to create a tailored plan for their specific needs. Here are some security recommendations that those in the automotive industry should know:
Open-source software used to build car software quickly often do not include security. Real progress is about maintaining security while also developing rapidly.
OTA updates are an indispensable part of modern vehicle design as they increase safety and save possible costs.
Modern vehicles are powerful computers on wheels. The existence of a vehicle security operations center (VSOC) has become indispensable for real-time monitoring.
Predictions
The year ahead looks to be exciting for the automotive industry, especially in terms of EVs and new technology elevating user experience. Unfortunately, with change and innovation come security gaps and new issues. The following are some of our predictions for the automotive security landscape of 2023.
Ransomware will continue to affect the automotive supply chain.
Open-source vulnerabilities will affect more within the automotive industry.
Radio signal attacks (replay, relay, jamming, man-in-the-middle, and more) will increase.
Malware will be implanted into in-vehicle infotainment or telematic control unit (TCU) systems.
There will be chip-level vulnerabilities and attacks since the chip-level design is not secure.
Hackers will exploit OTA to compromise the flow or implant malicious code into upgraded software.
Attackers can bypass the digital locks that manufacturers impose on vehicles.
To learn more about these topics, as well as other cybersecurity issues connected to the automotive industry, download Automotive Cybersecurity in 2022: VicOne Report.