New study helps minimize cyber risks beyond the current WP.29 requirements. Trend Micro examines attack paths and scenarios in connected cars in the study: Identifying Cybersecurity Focus Areas in Connected Cars Based on WP.29 UN R155 Attack Vectors and Beyond.
Trend Micro, one of the world's leading providers of cybersecurity solutions, has published a new study on cybersecurity in connected vehicles. This supports manufacturers, suppliers, authorities and service providers in implementing the new UN regulation on the cybersecurity of connected vehicles. It also analyzes cyber risks that are not yet taken into account in the current requirements.
Cyber risks with Connected Cars Based on WP.29
The World Forum for Harmonization of Vehicle Regulations, Working Party / WP.29) of the United Nations Economic Commission for Europe (UNECE) is responsible for the regulation of vehicle safety worldwide. Your current regulation contains seven high-level and 30 sub-descriptions of vulnerabilities and threats. This also includes descriptions of 69 attack vectors. These regulations in conjunction with the new study results from Trend Micro will help the automotive industry to better understand cyber risks in connected vehicles and to prioritize countermeasures.
In order to support manufacturers, suppliers, authorities and service providers in prioritizing the threats and attack vectors described by WP.29, the experts at Trend Micro calculated the urgency levels of the individual attack vectors using the industry-standard DREAD threat model.
Urgency levels of the individual attack vectors
According to the study, protecting the following attack vectors should be given high priority:
- Back-end servers that can be used for attacks on vehicles or for data extraction.
- Denial-of-Service (DoS) attacks to disrupt vehicle functions via various communication channels.
- Third-party hosted software (such as entertainment apps) that can attack vehicle systems.
In addition, the researchers recalculated the DREAD threat model to show how the severity of various threats will evolve over the next five to ten years. They also pointed out new vectors that are not yet included in the WP.29 regulation. They also show ways in which current and future risks can be minimized through cybersecurity solutions.
Cybersecurity recommendations and regulations at WP.29
“Cyber risks lurk everywhere - even in cars. Vehicles gain in intelligence, computing power and connectivity, which creates new attack scenarios for cyber criminals, ”explains Udo Schneider, IoT Security Evangelist Europe at Trend Micro. “Understanding the cybersecurity recommendations and regulations described in the WP.29 regulation helps manufacturers to make mobility future-proof. Our latest research report supports you in interpreting and implementing the regulation by prioritizing the various threats to connected vehicles. "
The current study by Trend Micro follows a previous whitepaper on Connected Cars from February 2021. This examined the risks of networked vehicles associated with 5G, cloud and other connectivity technologies.
Further information and the full report Identifying Cybersecurity Focus Areas in Connected Cars Based on WP.29 UN R155 Attack Vectors and Beyond in English can be read online free of charge.
More at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.