Cars targeted by hackers

Cars targeted by hackers

According to a report by management consultancy McKinsey, a connected vehicle processes up to 25 gigabytes of data per hour. Technological improvements in vehicle automation and connectivity have contributed to the rapid development of new intelligent features in connected cars. Connected cars have become productive data producers: starting with data on geolocation, speed, acceleration, engine performance, fuel efficiency and other operating parameters. Due to the enormous amount of data collected and the fact that they are constantly connected to the Internet and use so many apps and services such as over-the-air software updates, vehicles can now be described as “smartphones on wheels”.

These facts make vehicles an increasingly attractive target for complex cyberattacks. Experts from automotive cybersecurity provider VicOne and its parent company Trend Micro analyzed statements in global underground forums used by criminals. The experts examine the question of what automobile manufacturers and suppliers worldwide should do today to prepare for the inevitable transition from today's manual hacks for vehicle modification to the much more dangerous cyber attacks of tomorrow. Initial reports of such crimes include, for example, a car theft in July 2022 that was made possible by a technology known as CAN injection. Currently, the “attacks” on connected vehicles discussed in underground forums primarily fall under the category of vehicle modification (“car modding”). The perpetrators hack embedded vehicle functions, for example to activate functions that are actually supposed to be chargeable (such as seat heating) or to artificially reduce the mileage. While these manipulations reduce the profits of automotive original equipment manufacturers (OEMs), they do not actually target connected car users, so it is unclear whether modding activities can even be classified as “cyber attacks.”

Connected cars are always online and therefore easy to find. Stolen connected cars have a high recovery rate, such as: B. Tesla with a recovery rate of almost 98%. This means connected car thieves have a hard time finding buyers for a stolen vehicle because law enforcement can quickly locate it. If the criminals manage to take the car offline - which is not easy, but theoretically possible - the chances of resale are also slim as buyers cannot access certain functions. However, cybercriminals can gain partial control over the vehicles by accessing the vehicle owners' user accounts and could, for example, B. the ability to unlock the doors or start the engines remotely. This scenario opens up new opportunities for criminals to abuse, such as buying and selling user accounts, including potentially sensitive data.

Through unauthorized access to a vehicle user account, cybercriminals could also locate a car, open it, steal valuables, find out the owner's home address and find out when the owner is not present. To make the most of this information and expand their illegal businesses, they may collaborate with traditional criminal gangs, as in the infamous Carbanak and Cobalt malware attacks, which targeted more than a hundred establishments worldwide and netted the gang network over a billion euros. When investigating attacks on OEMs, VicOne experts have so far only found cases of compromised automotive networks and the sale of VPN access. Currently, the forum discussions only show typical approaches to monetizing IT resources that are unrelated to the data about connected vehicles collected and stored by OEMs. However, it is expected that connected car data will soon become very valuable as third parties begin to use vehicle data on a large scale. For example, when a bank uses vehicle data to determine loan extension terms or the value of a vehicle, this information takes on new value and the connected vehicle data ecosystem is significantly expanded. It is only a matter of time before criminals discover this lucrative field of activity and begin their illegal activities.