Cars are always stronger "MINTvernetzt". And always more vulnerable to Cyber attacks.
Hacker attacks on cars are currently hardly a risk. So far there are only a few highly networked cars, hackers need in-depth specialist knowledge and the criminal business models are missing. But all of that should change soon.
Easy to manipulate
Digital attacks on cars are currently more astonishing than horror. For example, when researchers manage to bring a Tesla to a standstill by remote control or to confuse the camera system of a robo-car prototype with manipulated street signs so that the vehicle completely loses its orientation. It has long been clear that modern cars, with their complex electronic architectures and increasingly autonomous computer systems, are easy prey for hacker attacks from outside the hacking community as well.
The number of criminal use cases is currently still relatively small. Most notorious is so-called jamming, in which the radio signals from car keys are intercepted in order to be able to open and steal the vehicle without authorization. The necessary technology is simple, instructions are available on the Darknet, the parts in every hardware store. In the case of trucks, manipulating the digital telematics services is also popular in order to find the vehicles and empty them overnight. In addition, however, digital attacks on cars are difficult. Mainly because the attack would have to take place physically via the USB and OBD ports in the cockpit. But breaking into a vehicle is risky and costly - and as a criminal business model, it doesn't scale.
Hacker attacks are getting easier
The hacker attacks from a distance, if possible on several vehicles at the same time, are more interesting. And that will be easier in the future: Because more and more new cars have networking technology - they communicate constantly via WiFi or mobile communications with the manufacturer's cloud, with other vehicles and soon also with traffic lights or traffic signs. The point of attack therefore shifts from the vehicle itself to the level of communication. Experts estimate that around 125 million connected cars will be sold worldwide between 2018 and 2022. So more than enough goals.
At the same time, the technology used by criminals is evolving. Where there is still often a need for personal specialist knowledge today, a simple technical understanding will be sufficient in the future, because the software and hardware for attacks can increasingly easily be ordered on the Darknet. At the same place you can also find information on typical security gaps in various vehicles. Trend Micro's security experts are already observing this trend. "The discovery of security gaps and vulnerabilities has become easier because many of the attacks have been transferred from theory to practice and then used as weapons and offered for sale," says the current white paper Connected Cars.
Steering and decommissioning are not a problem
When it comes to potential victims and tools, criminals can draw on unlimited resources. And when it comes to organizing criminal activities, only creativity sets the limit. The spectrum ranges from consciously turning a car into a dark alley to shutting down the traffic systems of entire city centers. In the first case, the wallet and watch could become prey, in the second, a ransom extorted from the city treasury makes the hack attractive. You could get money in a similar way if you got access to the manufacturer's servers and stole customer data. Smaller frauds are also possible: Those who manage to disguise the true electronic identity of their vehicle can, for example, trick the automated payment systems of petrol stations, charging stations or parking garages.
The United Nations has already responded to the new threats. A regulation of the World Forum for Harmonization lists seven higher-level and 30 subordinate descriptions of vulnerabilities and threats from cyber attacks, which automakers can use to take countermeasures. Trend Micro experts also have recommendations. In particular, the back-end servers of the car manufacturers, which could otherwise be used for attacks on vehicles or for data extraction, have to be secured.
In addition, cars would have to be protected against so-called DoS attacks, in which they are bombarded with so many inquiries and information via their communication channels that the computing power collapses - an attack that is also known from the traditional Internet. Last but not least, in the eyes of the experts, protection against attacks via third-party software is necessary. This is, for example, via apps for the infotainment system.
