Connected Cars Technology Vulnerable to Cyber Attacks
February 16, 2021 | PRNewswireEstimated reading time: 2 minutes
Trend Micro Incorporated, a global leader in cybersecurity, has announced a major new study into connected car security that describes multiple scenarios in which drivers could encounter attacks that threaten the safety of themselves and others.
The report reveals the scope of the cybersecurity risks examined. Researchers evaluated 29 real-world attack scenarios according to the DREAD1 threat model for qualitative risk analysis. These attacks could be launched remotely against and/or from victim vehicles. Examples and highlights include:
- DDoS attacks on Intelligent Transportation Systems (ITS) could overwhelm connected car communications and represent a high risk.
- Exposed and vulnerable connected car systems are easily discovered, making them at higher risk of abuse.
- Over 17% of all attack vectors examined were high risk. These require only a limited understanding of connected car technology and could be accomplished by a low-skilled attacker.
"Our research shows that there are ample opportunities for attackers looking to abuse connected car technology," said Rainer Vosseler, threat research manager for Trend Micro. "Fortunately, there are currently limited opportunities for attacks, and criminals have not found reliable ways to monetize such attacks. With the U.N.'s recent regulations requiring all connected cars to include cybersecurity, as well as a new ISO standard underway, now is the time for stakeholders across the industry to better identify and address cyber risk as we accelerate towards a connected and autonomous vehicle future."
More than 125 million passenger cars with embedded connectivity are forecast to ship worldwide between 2018 and 2022, and progress continues to advance towards fully autonomous vehicles. This advancement will create a complex ecosystem comprising cloud, IoT, 5G and other key technologies. It also features an enormous attack surface comprising potentially millions of endpoints and end users.
As the industry develops, there will be multiple opportunities for monetization and sabotage for cybercriminals, hacktivists, terrorists, nation states, insiders and even unscrupulous operators, the report warns. Of all 29 attack vectors studied, the overall risk of successful cyber attacks was assessed as Medium. However, as SaaS applications become embedded in the Electrical/Electronics (E/E) architecture of vehicles and cybercriminals create new monetization strategies, an evolution in attacks will lead to higher risk threats.
To mitigate the risks outlined in the study, connected car security must be designed with an integrated view of all critical areas to secure the end-to-end data supply chain. Trend Micro has the following high-level guidance for protecting connected cars:
- Assume compromise and have effective alert, containment, and mitigation processes.
- Protect the end-to-end data supply chain across the car's E/E network, the network infrastructure, backend servers, and VSOC (Vehicle Security Operations Center).
- Apply lessons learned to further strengthen defenses and prevent repeat incidents.
- Relevant security technologies include firewall, encryption, device control, app security, vulnerability scanner, code signing, IDS for CAN, AV for head unit, and much more.
Suggested Items
Walmart Acquires Vizio, Set to Overtake Samsung as the Largest TV Brand in the US
02/22/2024 | TrendForceUS retail giant Walmart announced on February 20, that it has acquired smart TV brand Vizio for US$2.3 billion, aiming to accelerate the growth of its advertising business: Walmart Connect. Since its launch in 2021, Walmart Connect has seen double-digit annual growth in both its online and offline retail media advertising ventures. Vizio has been expanding its device ecosystem and its SmartCast TV OS, boasting over 18 million active users, according to TrendForce.
Fiber Optic Cables Effective Way to Detect Tsunamis
02/16/2024 | University of MichiganFiber optic cables that line ocean floors could provide a less expensive, more comprehensive alternative to the current buoys that act as early warning systems for tsunamis, says a University of Michigan researcher.
EIPC Winter Conference 2024, Day 2: A Closer Look at Global Trends
02/14/2024 | Pete Starkey, I-Connect007The opening session of the second day’s conference proceedings focused on global PCB trends and was introduced and moderated by Dr. Michele Stampanoni, vice president of strategic sales and business development at Cicor Group in Switzerland. He opened the session with Dr. Hayao Nakahara’s knowledgeable and enlightening video presentation on the IC substrates industry.
IDTechEx Discusses Whether Fuel Cell Vehicles Will Succeed and What It Would Take
02/12/2024 | PRNewswireThe sales of hydrogen fuel cell cars have largely stalled from 2021 onwards, but does this mean there is no market for fuel cell electric vehicles (FCEVs) in the future, and what is required to make them a success? IDTechEx's report, "
Electronics Industry Mourns Loss of Colleague and Visionary Michael Ford
01/31/2024 | I-Connect007Sadly, longtime I-Connect007 columnist, industry visionary, and friend Michael Ford passed away Jan. 27. “In this time of sorrow, we can take solace in the knowledge that Michael leaves a great legacy of contribution to the electronics industry,” according to a statement from Aegis Software. Michael was senior director of emerging industry strategy at Aegis. He was a prolific writer and speaker whose work and ideas put him at the forefront of electronics manufacturing. Working for Aegis gave him the opportunity to apply his software for electronics manufacturing experience to further drive technology solution innovation.