Automotive Cybersecurity: A New Frontier

With the launch of autonomous vehicles comes the comfort of accessing and driving a car with just a click. However, as the automotive industry continues to upgrade digitally, so does the risk of cybersecurity threats and attacks around it. At this stage, automotive cybersecurity plays a crucial role in protecting vehicles on the road, providing end-to-end security solutions, and preventing them from unauthorized access, malicious attacks and manipulation by hackers.

Currently, there are over 5.6 million electric cars worldwide, with a prediction of over 125 million electric vehicles by 2030. However, any automated vehicle can be hacked if not secured with advanced and updated automotive cybersecurity systems, leaving the user vulnerable to attacks.

Increasing Cyberattacks

According to a recent report by Israel21C, cyberattacks on cars increased 225% from 2018 to 2021, with over 85% of the attacks carried out remotely.

On analyzing the data of 900 publicly reported cyberattacks on vehicles in the last decade, cybersecurity and data management platform Upstream noted a rise in attacks by black hat actors from 49.3% in 2020 to 54.1% in 2021 with data/privacy breaches (38%), car theft/break-ins (27%), and control systems (20%) being the top attack categories.

The platform also projected a loss of $505 billion by 2024 in the automotive industry due to cyberattacks, clearly indicating the need to curb the rising attacks on the automotive industry.

When It All Began

Cyberattacks on the automotive industry are not a new thing. The first reported automotive cyberattacks on vehicles can be dated back to the late 1990s post the introduction of the OnBoard Diagnostics port (ODB) that gave direct access to the engine management systems.

Hacking vehicles in those days needed elaborate hardware and direct physical contact limiting the hacker’s access to a specific car and not exposing other sub-electrical systems.

However, with advancements in technology and vehicles becoming more refined, hackers have upgraded the methods of attack. The most significant disadvantage in the current technological environment is that the hacker does not have to be physically present or near the vehicle or system to gain access.

What Are the Types of Cyber Attacks  

With the increase in attacks, automotive manufacturers and business owners need to understand the various frameworks malicious actors use and the types of cyberattacks that can gravely impact and compromise the automotive industry.

Brute force attack

According to a report by CPO Magazine, the FBI warned of “Brute force” attacks terming them as the most common cyberattacks against the US automotive industry. In these attacks, cybercriminals attempt to hack into a computer’s network to infiltrate an extensive database of usernames and passwords. Using the same information, they then try to hack into the network of an automobile.

Phishing attacks via emails

Phishing attacks are carried out through emails with the intent to trick a person into revealing sensitive information. In the context of the automotive industry, emails with malicious attachments or links are sent to employees of large automotive companies, which, if clicked, compromise the network giving access to the hacker. These attacks also let cybercriminals scan sensitive company information without detection, leaving the security networks vulnerable to more attacks.

Ransomware

Once rare, ransomware attacks have become more common after cybercriminals have learned new ways to exploit system vulnerabilities. These attacks gravely compromise user data, as cybercriminals invade networks and deny access until a ransom is paid.

How can cars be hacked?

With the evolution of connected, autonomous, and self-driving cars, vehicles are now more dependent on the internet. They now contain various computerized equipment such as electronic control unit (ECU), a controller area network (CAN), Bluetooth connections, key fob entry, and more.

While this enhances user experience, it also gives hackers various loopholes to exploit and compromise auto industry computer systems.

Remote Keyless Hacking

Hackers can compromise the keyless entry system. Malicious actors use  superior signal boosters to amplify the key fob’s signal and gain vehicle access even if the owner is not next to it.

In a recent report by Tech Crunch, security researchers unveiled a vulnerability in Honda’s keyless entry system that gave access to hackers, letting them unlock and start all Honda vehicles currently on the market.

Breaching centralized system

The Controller Area Network (CAN bus), the system made for vehicle communication, is the heart of a modern car and, if hacked, can compromise the complete central server. From user information, sales data to details regarding every vehicle attached, if malicious actors can bypass the CAN bus, disrupt the system with the user losing complete control of the car.

CAN bus hacking is considered a grave threat. According to a report by Wired, 1.4 million units of Chrysler Jeep were recalled after a group of hackers demonstrated how they could gain access to the car’s central system while it was being driven.

Mobile App Hacks

Hackers can easily gain access to vehicles by hacking into the mobile phones connected to them. The increased upgradation and dependency on smart mobile phones make vehicles more vulnerable than ever. Hackers can access vital information such as credit card details, passwords and financial data once they have breached the security system.

However, it is not only the loss of sensitive data but also access to connected devices that make the situation worse. According to a report by Vice, a hacker found that he could remotely kill car engines after breaking into GPS Tracking Apps.

Growing Automotive Cybersecurity

The success of cyberattacks on vehicles and the automotive industry compelled manufacturers and business owners to take automotive cybersecurity seriously. The interest gave an instant boost, assisting the existing cybersecurity market in growing multi-fold. The automotive cybersecurity global market size is expected to grow to $4.16 billion in 2026 at a CAGR of 19.5%, as reported by The Business Research Company. The growth is directly linked to the significant increase in the number of cyberattacks in the automotive industry.

Why is automotive cybersecurity important?

Modern vehicles exhibit various automotive IoT devices that, if breached, can critically compromise the car and put the user at risk. Automotive cybersecurity plays a crucial role and helps in detecting and preventing cyberattacks, keeping the vehicle and user data secure.

The National Highway Traffic Safety Administration (NHTSA) defined automotive cybersecurity as “the protection of automotive electronic systems, communication networks, control algorithms, software, users, and underlying data from malicious attacks, damage, unauthorized access, or manipulation.”

Who are the key market players?

Argus Cyber Security, Arilou Technologies, Continental AG, ESCRYPT GmbH, GuardKnox, Harman International, Trillium, Saferide Technologies Ltd, Lear Corporation., Karamba Security, Intel Corporation, Infineon Technologies AG, Cisco Systems, Delphi Automotive PLC, Vector Informatik GmbH, and Symantec Corporation are among the major players in the global automotive cybersecurity market.