A study by Trend Micro analyzes cyber attacks in traffic and how they can be averted. […]
Trend Micro publishes a new study on the safety of connected cars. This describes various attack scenarios and cyber risks that endanger the safety of the driver and others.
The study lists the following examples:
- DDoS attacks on Intelligent Transportation Systems (ITS) can influence the communication of the connected vehicle and represent a high risk.
- Exposed and vulnerable connected car systems are easy to detect, which puts them at a higher risk of attack.
- Over 17 percent of all attack vectors examined represent a high risk. The se only require a simple understanding of connected car technology and can also be carried out by less qualified attackers.
“Our research shows that there are numerous possibilities for attackers to abuse connected car technology,” says Rainer Vosseler, threat research manager at Trend Micro. “Fortunately, the real opportunities for attack are now limited, and criminals have not yet found a reliable way to monetize such attacks. With the latest regulation of the United Nations, which stipulates that cybersecurity must be integrated in all connected vehicles, as well as a new ISO standard that is currently being developed, it is time for the automotive industry to identify and address cyber risks earlier. This is the only way we can safely look to a future of connected and autonomous driving. ”
It is forecast that between 2018 and 2022 more than 125 million cars with integrated connectivity will be delivered worldwide. Fully autonomous driving is also constantly developing. This progress creates a complex ecosystem that includes cloud, IoT, 5G and other key technologies and thus offers a broad attack surface with millions of possible endpoints and users.
As the industry evolves, there are numerous opportunities for monetization and sabotage for cybercriminals, hacktivists, terrorists, nation states, insiders, and even unscrupulous drivers, the study warns. Of all 29 attack vectors examined, the overall risk of successful cyber attacks was rated as medium. However, as SaaS applications are increasingly embedded in the electric / electronic (E / E) architecture of vehicles and cybercriminals develop new strategies in order to derive a profitable use, the risk of attack increases.
In order to counteract the attack scenarios outlined in the study, all critical areas must be integrated into the security architecture of connected cars. In this way, the end-to-end data supply chain is also secured. Trend Micro recommends the following general guidelines for protecting connected vehicles:
- Assume the possibility of a successful attack and prepare for it with effective warning, containment and mitigation processes.
- Protect the end-to-end data supply chain across the vehicle’s E / E network, network infrastructure, backend servers and the VSOC (Vehicle Security Operations Center).
- Use the knowledge gained to further strengthen defenses and prevent recurring incidents.
- Relevant security technologies are firewall, encryption, device control, app security, vulnerability scanners, code signing, IDS for CAN, antivirus for the head unit and other solutions.
The full report “Cyber Security Risks of Connected Cars” can be downloaded here.