The automotive industry is facing a growing threat from cybercriminals as vehicles become more connected to the internet. While attacks thus far have been relatively unsophisticated, criminal underground message exchanges indicate that more complex, widespread attacks are on the horizon. This poses a significant challenge for original equipment manufacturers (OEMs) and their suppliers, who must consider how to invest their budgets to address these emerging cyberthreats.
As cars become more connected, the attack surface available to cybercriminals expands, giving them greater opportunities to exploit vulnerabilities. The current generation of vehicles with “smart” features, such as internet connectivity and over-the-air software updates, are susceptible to similar attacks as computers and handheld devices. Therefore, automotive companies must anticipate potential future threats and secure their vehicles against the evolving cyberthreat landscape.
The problem is compounded by the long development cycles in the automotive industry. A car that is being planned today may not hit the market for three to five years. If these vehicles are not equipped with the necessary cybersecurity capabilities, it will be challenging to secure them against more sophisticated cyberattacks in the future. Waiting until the attacks become more prevalent is not a practical option.
So, what should the automotive OEMs and suppliers do now to prepare for this inevitable transition? They must start implementing cybersecurity measures in the design stage of vehicle development. By doing so, they can ensure that future cars are equipped with the necessary security features to combat cyberthreats. Waiting until after a breach occurs will be more expensive and less effective in mitigating serious crimes involving money, vehicle theft, and identity theft.
One of the emerging fronts for next-generation attacks is the takeover of car-user accounts. Criminals may seek access to these accounts to gain control over the vehicle. This presents ripe possibilities for user impersonation, account theft, and other malicious activities. Criminal organizations are already recognizing the opportunity to exploit vehicle connectivity and discussions on underground crime forums about leaked data and software tools for attacks are intensifying.
To penetrate and exploit connected cars, cybercriminals have various methods at their disposal. They can introduce malicious apps in the in-vehicle infotainment system, exploit unsecure apps and network connections, or take advantage of unsecure browsers to steal private data. They can also exploit personally identifiable information and vehicle telemetric data stored in smart cockpits to create convincing phishing emails.
The possible crimes enabled by these attacks are wide-ranging. Cybercriminals could steal user identities, open accounts, or trick OEM service teams into approving verification requests, allowing collaborators to steal cars. Furthermore, attackers could infiltrate a vehicle’s central gateway and gain control over critical functions, such as speed and steering.
In light of these threats, OEMs are beginning to prioritize cybersecurity. The risk of brand and financial damage from cyberattacks, as well as emerging international regulatory pressures, have pushed OEMs to invest in cybersecurity. They are now evaluating and implementing capabilities such as IVI privacy and identity security, detection of vulnerabilities in IVI apps, and 24/7 surveillance of personal data.
Investing in cybersecurity during the design stage of vehicle development will prove to be more cost-effective and efficient in preventing or mitigating serious crimes. By proactively addressing the evolving cyberthreat landscape, automotive OEMs and suppliers can ensure the security of future vehicles and protect customers from cyberattacks.