Connected cars produce a lot of data. Starting with data on geolocation, speed, acceleration, engine power, fuel efficiency and other operating parameters. This makes them an attractive target for cybercriminals.
Connected cars have become productive data producers: According to a report by management consultancy McKinsey, a connected vehicle processes up to 25 gigabytes of data per hour. Due to the enormous amount of data collected and the fact that they are constantly connected to the Internet and use so many apps and services such as over-the-air software updates, vehicles can now be described as “smartphones on wheels”.
Insights from underground cybercriminal forums
These facts make vehicles an increasingly attractive target for complex cyberattacks. In this article, experts from automotive cybersecurity provider VicOne and its parent company Trend Micro look at statements in global underground forums used by criminals. They analyze what they say about current cybercrime against connected vehicles as well as potential future threats. The experts examine the question of what automobile manufacturers and suppliers worldwide should do today to prepare for the inevitable transition from today's manual hacks for vehicle modification to the much more dangerous cyber attacks of tomorrow.
Current and future attacks on connected vehicles
Security researchers have been working on creative attacks on or proof-of-concept exploits for connected vehicles in forums for some time now, and there are initial reports of such crimes, such as: B. a car theft in July 2022 that was made possible by a technique known as CAN injection. But the only “attacks” on connected vehicles discussed in underground forums appear to fall under the category of vehicle modification (“car modding”). The perpetrators hack embedded vehicle functions, for example to activate functions that are actually supposed to be chargeable (such as seat heating) or to artificially reduce the mileage. While these manipulations reduce the profits of automotive original equipment manufacturers (OEMs), they do not actually target connected car users, so it is unclear whether modding activities can even be classified as “cyber attacks.”
Currently, if a traditional (non-connected) car is stolen, criminals have the following options:
- Resale of the car in the country itself. However, this rarely happens in industrialized countries because the vehicles can be easily traced and the perpetrators risk being arrested.
- Exporting the car to another country.
- Dismantling the car and selling spare parts.
- Using the vehicle for crimes, e.g. B. as an escape or ram vehicle during robberies or for drug transport.
If a connected car is stolen, the options are completely different:
- Connected cars are always online, which means they are easy to find. Stolen connected cars have a high recovery rate, such as: B. Tesla with a recovery rate of almost 98%. This means connected car thieves have a hard time finding buyers for a stolen vehicle because law enforcement can quickly locate it. If the criminals manage to take the car offline - which is not easy, but theoretically possible - the chances of resale are also slim as buyers cannot access certain functions.
- Connected cars require the creation of individual user accounts to manage their online features. By accessing these user accounts, attackers could gain partial control of the vehicles and, for example, B. the ability to unlock the doors or start the engines remotely. This scenario opens up new opportunities for criminals to abuse, such as appropriating user identities and buying and selling user accounts, including possible sensitive data.
Through unauthorized access to a vehicle user account, cybercriminals could also locate a car, open it, steal valuables, find out the owner's home address and find out when the owner is not present. To make the most of this information and expand their illegal businesses, they may collaborate with traditional criminal gangs, as in the infamous Carbanak and Cobalt malware attacks, which targeted more than a hundred establishments worldwide and netted the gang network over a billion euros .
The cybercriminal underground market for connected car data
As part of their research, experts from VicOne and its parent company Trend Micro examined underground cybercriminal forums with a view to attacks on OEMs. So far they have only found cases of compromised automotive networks and the sale of VPN access. Currently, the forum discussions only show typical approaches to monetizing IT resources that are unrelated to the data about connected vehicles collected and stored by OEMs. This suggests that cybercriminals have not yet recognized the value of connected vehicle data or a discernible market demand for such data.
However, it is expected that this phase will not last long and that connected car data will become very valuable as third parties begin to use vehicle data on a large scale. For example, when a bank uses vehicle data to determine loan extension conditions or the value of a vehicle, this information takes on new value and the connected vehicle data ecosystem is significantly expanded. Cybercriminals should be able to notice this very quickly and likely quickly attempt to capitalize on this material. All the pieces of the puzzle and the technologies to use them are already on the way. It is only a matter of time before criminals discover this lucrative field of activity and begin their illegal activities.
Data protection for connected car users
When investigating crimes, criminologists often rely on the so-called “crime triangle,” which states that there must usually be a motive, a justification, and an opportunity for a crime. Currently, connected car users are not yet the target of cybercriminals because they do not yet make up the majority of the entire car market. But their numbers are constantly growing, and the opportunities to exploit connected cars already exist. Cyber criminals already know how to skillfully and successfully use methods such as phishing, information theft and keylogging in other areas. Cybercrime against connected cars will increase as cybercriminals figure out how to exploit existing vulnerabilities.
Ensure security now
Currently, the biggest security risk lies in protecting the data of connected vehicle users, rather than protecting the vehicles themselves. However, this could change in the next three to five years as the connected vehicle ecosystem inevitably expands.
For OEMs and cybersecurity experts, this means that securing connected vehicle data, even at this early stage, is paramount, especially given that typical industry development cycles are three to five years or more. One way to do this is to implement multi-factor authentication on connected vehicle user accounts to provide an additional layer of protection.
As already mentioned, cybercriminals have many ways to gain access to vehicle users' data. This includes using malicious In-Vehicle Infotainment (IVI) apps and exploiting insecure IVI apps and network connections. OEMs can use intelligent cockpit protection solutions to detect and block malicious apps in a timely manner. Attackers can also use unsecured browsers to steal private data. As a protective measure, connected car users can opt for intelligent cockpit protection solutions that regularly scan for vulnerabilities in web browsers and warn users in a timely manner so that they do not access malicious websites.
Conclusion
OEMs and their suppliers, weighing how to invest their budgets given the many competing priorities in the automotive industry, may be inclined to slow down their investments in combating cyber threats, which have so far been relatively simple and not particularly damaging. However, an analysis of criminal message exchanges in underground forums shows that the conditions are in place for complex, widespread attacks in the coming years. For the automotive industry, with its typical development cycles of three to five years or more, this means that now is the time to proactively establish cybersecurity capabilities, says Rainer Vosseler, Manager, Threat Research at VicOne.
More at VicOne.com
About VicOne
With a vision to secure the vehicles of tomorrow, VicOne offers a broad portfolio of cybersecurity software and services for the automotive industry. VicOne's solutions are specifically designed to meet the stringent requirements of automotive manufacturers and are designed to meet the specific needs of modern vehicles. As a subsidiary of Trend Micro, VicOne has a solid foundation in cybersecurity that comes from Trend Micro's over 30 years of experience in the industry.