Trend Micro is investigating attack routes in connected cars

24 October 2021
| No comments

Share post

New study helps minimize cyber risks beyond the current WP.29 requirements. Trend Micro examines attack paths and scenarios in connected cars in the study: Identifying Cybersecurity Focus Areas in Connected Cars Based on WP.29 UN R155 Attack Vectors and Beyond.

Trend Micro, one of the world's leading providers of cybersecurity solutions, has published a new study on cybersecurity in connected vehicles. This supports manufacturers, suppliers, authorities and service providers in implementing the new UN regulation on the cybersecurity of connected vehicles. It also analyzes cyber risks that are not yet taken into account in the current requirements.

Cyber ​​risks with Connected Cars Based on WP.29

The World Forum for Harmonization of Vehicle Regulations, Working Party / WP.29) of the United Nations Economic Commission for Europe (UNECE) is responsible for the regulation of vehicle safety worldwide. Your current regulation contains seven high-level and 30 sub-descriptions of vulnerabilities and threats. This also includes descriptions of 69 attack vectors. These regulations in conjunction with the new study results from Trend Micro will help the automotive industry to better understand cyber risks in connected vehicles and to prioritize countermeasures.

In order to support manufacturers, suppliers, authorities and service providers in prioritizing the threats and attack vectors described by WP.29, the experts at Trend Micro calculated the urgency levels of the individual attack vectors using the industry-standard DREAD threat model.

Urgency levels of the individual attack vectors

According to the study, protecting the following attack vectors should be given high priority:

  • Back-end servers that can be used for attacks on vehicles or for data extraction.
  • Denial-of-Service (DoS) attacks to disrupt vehicle functions via various communication channels.
  • Third-party hosted software (such as entertainment apps) that can attack vehicle systems.

Connected Cars study: The internal network of a connected car (Image: Trend Micro).

In addition, the researchers recalculated the DREAD threat model to show how the severity of various threats will evolve over the next five to ten years. They also pointed out new vectors that are not yet included in the WP.29 regulation. They also show ways in which current and future risks can be minimized through cybersecurity solutions.

Cybersecurity recommendations and regulations at WP.29

“Cyber ​​risks lurk everywhere - even in cars. Vehicles gain in intelligence, computing power and connectivity, which creates new attack scenarios for cyber criminals, ”explains Udo Schneider, IoT Security Evangelist Europe at Trend Micro. “Understanding the cybersecurity recommendations and regulations described in the WP.29 regulation helps manufacturers to make mobility future-proof. Our latest research report supports you in interpreting and implementing the regulation by prioritizing the various threats to connected vehicles. "

The current study by Trend Micro follows a previous whitepaper on Connected Cars from February 2021. This examined the risks of networked vehicles associated with 5G, cloud and other connectivity technologies.

Further information and the full report Identifying Cybersecurity Focus Areas in Connected Cars Based on WP.29 UN R155 Attack Vectors and Beyond in English can be read online free of charge.

More at TrendMicro.com

 

About Trend Micro

As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.

 

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

Stories
, , , ,