Connected vehicles are increasingly targeted by cybercriminals

With 330 million connected vehicles already in use, and top car brands in the US planning to sell only connected vehicles in 2020, a wide-scale cyber-attack could disrupt entire cities and even lead to loss of lives, according to a new forecast.

Smart cars, one of the most promising IoT developments, integrate with everyday gadgets like phones, tablets and wearables. They have autonomous driving and automated parking abilities, and the list could go on. But all this connectivity comes with a degree of risk. If hacked, our smart cars can be turned against us. And according to a report by automotive security firm Upstream Security, the number of automotive cybersecurity incidents has increased by 605% since 2016, and more than doubled in the last year alone.

While 38% of hacks are the result of white hat researchers doing their job, most incidents are carried out by criminals. In 2019, 57% of incidents were perpetrated by black hats eager to disrupt businesses, steal property, and even demand ransom, according to Upstream. A third of all incidents involved keyless entry attacks, and another third resulted in car theft and break-ins. Other top hacks included control over car systems (27%) and data/privacy breaches (23%). 82% of incidents in 2019 involved short- and long-range remote attacks.

Reports of automotive vulnerabilities are increasing, with 66 CVEs (common vulnerabilities and exposures) listed to date. 66 may seem like a drop in the ocean against the 120,000+ CVEs reported in the infosec world since 1999. But when a software bug can make the difference between life and death, every single one weighs heavily.

It is perhaps no surprise then that automotive companies are also turning to bug bounty programs to discover and patch bugs before the bad guys get to them. Equally encouraging is that governments are recognizing the importance of regulations and laws to protect the automotive space, the report notes.

Finally, the industry is said to be adopting a multilayered security approach, involving not only new regulations and standards, but also security by design, in-vehicle and cloud-based automotive cybersecurity solutions, and dedicated Vehicle Security Operations Centers (VSOCs).