Connected Cars Face Cybersecurity Threats

By Staff Writer February 17, 2021

Trend Micro Incorporated, a global cybersecurity firm, announced a major new study into connected car security that describes multiple scenarios in which drivers could encounter attacks that threaten the safety of themselves and others.

The report evaluated 29 real-world attack scenarios according to the DREAD threat model for qualitative risk analysis. These attacks could be launched remotely against and/or from victim vehicles. Examples and highlights include:

  • DDoS attacks on Intelligent Transportation Systems (ITS) could overwhelm connected car communications and represent a high risk.
  • Exposed and vulnerable connected car systems are easily discovered, making them at higher risk of abuse.
  • Over 17 percent of all attack vectors examined were high risk. These require only a limited understanding of connected car technology and could be accomplished by a low-skilled attacker.

More than 125 million passenger cars with embedded connectivity are forecast to ship worldwide between 2018 and 2022, and progress continues to advance toward fully autonomous vehicles. This advancement will create a complex ecosystem comprising cloud, IoT, 5G and other key technologies. It also features an enormous attack surface comprising potentially millions of endpoints and end users.

Of all 29 attack vectors studied, the overall risk of successful cyber-attacks was assessed as “Medium.” However, as SaaS applications become embedded in the Electrical/Electronics (E/E) architecture of vehicles and cybercriminals create new monetization strategies, an evolution in attacks will lead to higher risk threats.

To mitigate the risks outlined in the study, connected car security must be designed with an integrated view of all critical areas to secure the end-to-end data supply chain. Trend Micro has the following high-level guidance for protecting connected cars:

  • Assume compromise and have effective alert, containment, and mitigation processes.
  • Protect the end-to-end data supply chain across the car’s E/E network, the network infrastructure, backend servers, and VSOC (Vehicle Security Operations Center).
  • Apply lessons learned to further strengthen defenses and prevent repeat incidents.
  • Relevant security technologies include firewall, encryption, device control, app security, vulnerability scanner, code signing, IDS for CAN, AV for head unit, and much more.
Rate this item
(0 votes)
Last modified on Thursday, 18 February 2021 14:40