According to a study by the industry association Bitkom, cyber attacks by organized crime and foreign countries have increased significantly in Germany. The theft of data, the damage or destruction of IT equipment as well as industrial espionage and sabotage caused damage of around 206 billion euros to the German economy.
Since the German automotive industry is, on the one hand, a mainstay of the domestic economy and, on the other hand, internationally networked and dependent on the global sales market, it is particularly threatened by this development. As a result, the problem of ransomware attacks has manifested itself on a large scale in the automotive sector and is expected to continue to do so to an increasing extent. VicOne, provider of cybersecurity solutions for the automotive industry, explains current risks and opportunities, takes a look at future challenges for the automotive industry and shows solutions for greater cybersecurity.
Automotive industry in the focus of cyber criminals
Climate change and the energy crisis are continuing to drive technical change in the auto industry. The automotive industry has kept pace with these changes, particularly when it comes to electric vehicles (EV) and EV technology. However, this rapid development also leaves certain security gaps that attackers can use to make car manufacturers, their suppliers and car owners victims. This makes the industry more and more interesting for hackers.
According to a recent cybersecurity study by VicOne, more and more automotive companies are suffering from ransomware attacks along the production and supply chain. These attacks affect various levels of the industry, from suppliers to retailers, and show that cybersecurity issues occur at almost every stage of production. For example, in January 2024, a security breach occurred at Hyundai Motor Europe, based in Germany. The company discovered suspicious activity on its network that was attributed to an intrusion. According to IT website BleepingComputer, BlackBasta cybercriminals carried out the attack in early January and claimed to have stolen 3 terabytes of data. BlackBasta is suspected to be an offshoot of the infamous Conti ransomware group, which has been involved in numerous high-profile cyberattacks and poses a high level of threat to organizations worldwide.
But automotive suppliers are among the most frequently attacked targets, with a share of almost 90 percent. These cyber attacks are always successful, and the hackers often steal extensive data, which they then offer on the dark web. Cybercriminal attackers often find it difficult to penetrate well-protected companies, so they instead target less vigilant companies. However, the OEMs are still affected due to the disruption to their supply chain.
“Just in time” becomes “Rien ne va plus”
Attacks on suppliers mean that production is suspended or stopped during these incidents. How important suppliers and their products are for automotive companies in times of “just-in-time” and lack of inventory is repeatedly demonstrated by practical examples. In 2023, for example, VW had to switch its production in Wolfsburg at least partially to short-time work because parts from a supplier from Slovenia were not available due to the flood-related production losses there. In the Portuguese VW factories, car production was to be completely stopped for more than a month due to missing parts.
In this case, severe weather was responsible for the delays and cancellations. But a successful cyberattack can have consequences at least as serious, if not worse, because it often cannot be contained locally as a flood or storm. The costs of such a loss of production are often considerable. To stick with the terminology of the automotive industry: Even if just one small cog in the gearbox fails, the entire engine often no longer works properly or no longer works at all.
It often affects the little ones
Compared to the big players in the automotive industry, smaller suppliers and service providers in particular are often less protected from cyber attacks because they often neither have the necessary specialist knowledge, personnel nor the financial resources to adequately protect themselves. In addition, they usually take longer to recover from successful cyber attacks. These attacks often lead not only to production delays and even failures, but also to a loss of image and trust among customers and partners.
An example of this is the cyber attack on the technology supplier Kendrion. At one of its locations in Malente (Ostholstein district), the company produces, among other things, noise simulators to make otherwise almost silent electric cars easier to hear. The hackers threatened to publish company data if Kendrion did not pay a ransom. The company itself does not rule out the possibility that unauthorized persons have actually stolen data. After the attack, Kendrion contacted the police, shut down all systems and asked leading cyber security experts for help. The company dealt openly with the hacker attack on its website, in contrast to a number of other companies that do not want to expose themselves to customers and partners. According to its own statements, the technology supplier worked in emergency mode for a while and had to send a large part of its 300 employees home for the time being because other locations in Lower Saxony and Baden-Württemberg were also affected by the cyber attack. Small security gaps can have big effects.
Cyber vulnerabilities in the automotive industry
The following technology areas in the automotive and supplier industries are particularly vulnerable to cyber attacks:
- Charging stations for electric cars: Charging stations and battery management systems are often easy targets for hackers because electric cars typically use lithium-polymer batteries and require complex, intelligent control mechanisms to function properly. In addition, an electric vehicle has more sensors and uses more communication protocols than a conventional combustion car. Security gaps can arise, particularly when exchanging data with the charging station.
- Cloud APIs (Application Programming Interfaces): Most connected cars today have built-in SIMs, called eSIMS, that allow them to communicate with a backend cloud server. This enables, for example, applications to lock and unlock the vehicle remotely or to exchange trip data with other road users. An important component of this network architecture is the cloud API, which must therefore be particularly well secured. However, the automotive industry often uses vehicle-specific cloud APIs that can have vulnerabilities. It is important to find a remedy here.
- Keyless entry systems (Remote Keyless Entry, RKE): RKE systems make it possible to unlock a car and start the engine without having to insert a physical key into the lock. This usually works using a radio frequency (RF) signal. However, there are numerous vulnerabilities in such RKE systems that attackers can easily exploit to illegally open a vehicle, steal items from it or even steal the entire car. Although these vulnerabilities have been known for a long time, they have not yet been fully addressed.
Lessons from the past
The foreseeable future will be about finding a balance between introducing technological advances and ensuring cybersecurity in the automotive industry. A main problem is the lack of awareness among drivers of the danger that already exists. This hinders their ability to control their data and puts their privacy at risk. Making matters worse, current laws and regulations do not adequately address the use and collection of vehicle data. To improve the cybersecurity of vehicle data, measures such as:
- Implement robust data protection measures: The more advanced vehicles become, the more important it is to have reliable data backup.
- Inform user: OEMs and other market participants should inform users about data collection practices, possible risks and how to protect their data.
- Secure vehicle APIs: APIs are a common entry point for cybercriminals. Therefore, securing vehicle APIs should be a priority.
- Regulation of data collection and use: There is a need for clear regulations regarding the collection, storage and use of vehicle data.
- Developing secure middleware APIs: APIs should be designed with security in mind, including strong authentication and encryption to prevent unauthorized access.
About VicOne
With a vision to secure the vehicles of tomorrow, VicOne offers a broad portfolio of cybersecurity software and services for the automotive industry. VicOne's solutions are specifically designed to meet the stringent requirements of automotive manufacturers and suppliers and are designed to meet the specific needs of modern vehicles.
Matching articles on the topic