What are the cyber security challenges for modern vehicles?
Cybersecurity is the defense against malicious attacks against computers, servers, mobile devices, electronic systems, networks, and data. It is also known as electronic information security or information technology security. Modern cars heavily rely on cyber security due to introducing new concepts like linked and autonomous vehicles. In this article, we will address cybersecurity issues in modern vehicles.
What are the cybersecurity challenges for modern vehicles?
There are four types of typical attacks against automotive systems: ransomware attacks, phishing attacks, brute force attacks, and keyless car theft. Let’s discuss the earlier-mentioned common attacks in this article.
Brute force attacks
Due to the frequency with which these attacks are experienced, brute force attacks are highly common. Criminals break encryption keys, login passwords, and passwords in this attack. The concern now is how the vehicles can be subjected to these attacks. Lately, Bozi Tatarevic has concluded that brute force is the reason behind the current increase in thefts. According to him, burglars use brute force attacks against rolling codes ( rolling codes are used as their unlocking signals )
Silvio Cesare, a security expert created a new strategy named as “Black hat conference” and in this method, Caesar described the method of unlocking an automobile using a “code-breaking attack”. He also states “ I can use this to lock, unlock, open the trunk, It effectively defeats the security of the keyless entry” he continues. Here using minimum requirements such as a laptop and a software-defined radio, the researcher proceeded to open the car doors by using brute force. Instead of brute force, the thieves can use SDR and RF jamming to gather the vehicle code and access the vehicle.
Credential phishing attacks
First, you need to understand the definition of phishing attacks. Normally a phishing attack is known as an attack that regularly employs email as a medium. Phishing attacks attempt to deceive the target into accomplishing the attacker’s intended action such as stealing the personal information or login credentials of the victims.
Now let us examine how phishing attempts may cause issues for automated vehicles.
Two security officers, Talal Haj Bakry and Tommy Mysk, show how the Tesla vehicles can be captured by using the “man in the middle ” phishing attack. The ability to generate and utilize new digital keys to unlock Tesla vehicles and get access to their systems may be made possible by this attack.
The attack starts at a Tesla service center or charging station. The attacker uses an unauthenticated Wi-Fi access point to pretend to be an official-looking Tesla guest network. Owners of Teslas are greeted with a login screen that looks a lot like the company’s official website when they connect to the fake network. However, it is a fake page used to obtain the owner’s login information. the attacker at once sniffs and utilizes the owner’s email address and password to get access to the authentic Tesla service. By creating a fake prompt that looks much like the real one, the hacker gets beyond the multifactor authentication (MFA) security and tricks the victim into entering their one-time passcode.
In this manner, hackers can use the phishing cyber attack technique to obtain the private information of car drivers.
Ransome ware attacks
Ransomware is malicious software that prevents access to data or a computer system or this software threatens to publish the data of the victims. The technique used in ransom software is “encrypting the data”. Ransome increases if the victim declines to pay on time or the data is permanently lost.
Recent data indicates that ransomware attackers have targeted well-known automobile brands like Tesla, Honda, Toyota, Nissan, and Renault. It is said that ransomware attackers are taking advantage of the automobile sector because they have determined that the automotive industry is more prone to attacks than other industries.
According to the recent studies of the “Future of Automotive Security Technology Research (FASTR)”, ransomware creators and hackers may turn their attention to connected cars. According to research in FASTER, when a connected vehicle is connected to the internet the vehicle is fully vulnerable to ransomware attackers. This is because these cars rely on 100 million easily accessed lines of computer code for their functioning. According to Craig Hurst, Executive Director of FASTER, automakers are eager to showcase to their customers the latest innovations powered by processors ignoring the proper security measurements.
To understand more about the ransomware this example can be used. A driver may find that their vehicle won’t start and a message will pop up saying or explaining how to pay a ransom to get the vehicle started again. When an automobile is connected to the internet, the whole thing turns into a potential attack surface, as stated by Craig Hurst, executive director of the Future of Automotive Security Technology Research (FASTR).
Keyless car theft
Keyless entry systems are currently included in a lot of new cars. As long as the key fob is closed the driver can open and start the vehicle without pressing a button or turning a key. To take advantage of this, thieves are hacking into the vehicle’s computer using advanced technology. This allows them to drive away with the vehicle in a matter of minutes without even needing a key fob. This is called keyless car theft.
According to the insurance company LV generally, a lot of keyless car thefts have happened in the year 2023. In the year 2023, the keyless car thefts have increased to 28% when compared with the year 2022. It is also said that the keyless car crime rate also increases under the darker winter nights.
A handful of the cyber security risks that modern cars may face as a result of technological advancements are covered in this article. In a later article, let’s discuss the remedies and what you can do to reduce the cyber security risks to your vehicle.
References and further readings
What is Cybersecurity? Types, Threats and Cyber Safety Tips (2024). https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security.
Institute of Data (2023) ‘The Importance of Automotive Cyber Security: Safeguarding Vehicles in the Digital Age | Institute of Data,’ Institute of Data, 5 December.
Author, S.T. (2024) The importance of automotive cyber security in the connected mobility era. https://www.srmtech.com/knowledge-base/blogs/automotive-cyber-security/.
Zorz, M. (2024) The reality of hacking threats in connected car systems – Help Net Security. https://www.helpnetsecurity.com/2024/01/22/ivan-reedman-ioactive-connected-vehicles-cybersecurity/.
Paganini, P. (2018) Signal amplification and brute-force attack for car thieves? https://securityaffairs.com/37980/cyber-crime/car-thieves-hacking-techniques.html.
How a credential phishing attack could lead to Tesla car theft and how to mitigate it (no date). https://vicone.com/blog/how-a-credential-phishing-attack-could-lead-to-tesla-car-theft-and-how-to-mitigate-it.
What is ransomware? – definition, prevention & more | ProofPoint US (2024). https://www.proofpoint.com/us/threat-reference/ransomware.
Rosamond, C. (2023) ‘UK car thefts hit an all-time high with keyless car tech to blame,’ Auto Express, 4 December. https://www.autoexpress.co.uk/consumer-news/361684/uk-car-thefts-hit-all-time-high-keyless-car-tech-blame.