CVs vulnerable to ‘low skill’ cyberattacks: report

17% of potential attack scenarios on connected vehicles identified as high-risk, finds Trend Micro 
By Ben Spencer February 23, 2021 Read time: 2 mins
Trend Micro says 66% of attacks are medium-risk while 17% are low-risk (© Melpomenem | Dreamstime.com)

A report published by Trend Micro has revealed high-risk cyberattacks against a connected vehicle (CV) can be carried out by a 'low-skill' attacker. 

The cybersecurity firm says attacks such as a distributed denial of service (DDoS) could overwhelm connected vehicle communications. 

DDoS renders a machine or network resource unavailable to the user by disrupting services of a host connected to the internet. 

Launching a DDoS assault on an exposed ITS infrastructure could have devastating consequences - especially if connected vehicles rely on it for driving decisions, the company adds. 

This is just one of 29 real-world scenarios flagged up in Cybersecurity for Connected Cars Exploring Risks in 5G, Cloud and other Connected Technologies.

Trend Micro identifies 17% as high-risk, 66% as medium-risk and 17% as low-risk. 

The firm says other dangerous attacks include electronically jamming connected vehicle safety systems or wireless transmissions to disrupt operations.

Medium-risk attacks can include sending incorrect or improper commands to back-end ITS.

Remotely transmitting and installing malicious firmware and/or apps fall into the low-risk category. 

Rainer Vosseler, threat research manager for Trend Micro, says the research shows there are “ample opportunities” for attackers looking to abuse connected vehicle technology. 

“Fortunately, there are currently limited opportunities for attacks, and criminals have not found reliable ways to monetise such attacks,” Vosseler continues.

“With the UN's recent regulations requiring all connected cars to include cybersecurity, as well as a new ISO standard underway, now is the time for stakeholders across the industry to better identify and address cyber risk as we accelerate towards a connected and autonomous vehicle future."

Trend Micro has issued guidance for protecting CVs, which includes establishing effective alert, containment and mitigation processes.

The firm also recommends protecting the end-to-end data supply chain across the car's E/E network, the network infrastructure, back-end servers and vehicle security operations centre.

It also emphasises the importance of applying lessons learned to prevent repeat incidents, using security technologies such as firewall, device control, app security, vulnerability scanner and code signalling. 


 

Detection, Monitoring & Machine Vision Classification & Data Collection

Related Content

  • October 19, 2015
    Tighten up on cyber security before hackers infiltrate ITS infrastructure
    This year’s ITS World Congress in Bordeaux will have three sessions dedicated to cyber security and the issue will also be addressed under connected and automated vehicles categories. Jon Masters finds out why. American security researchers Charlie Miller and Chris Valasek attracted international press coverage recently when they demonstrated how they could hack into and take control of a vehicle from a remote laptop. While the implications are clearly serious for vehicle manufacturers, highway and transpor
    Read More
  • August 18, 2017
    Trend Micro discovers 'indefensible' car security/CAN standard flaw
    Trend Micro claims to have discovered a hack is found that is not only successful in being able to drastically affect the performance and function of the car, but is also stealthy and vendor neutral. Discovered by researchers at Politecnico di Milano, Linklayer Labs and Trend Micro’s Forward-looking Threat Research (FTR) team, the hack is said to be currently indefensible by modern car security technology and to completely resolve it would require broad, sweeping changes in standards and the ways in-vehi
    Read More
  • August 10, 2016
    Technologies to protect connected cars ‘not being utilised’
    A three-year study by IOActive’s Cybersecurity Division has found half of vehicle vulnerabilities could allow cyber attackers to take control of a vehicle - and 71 per cent are ‘easy to exploit’. The research, detailed in a whitepaper, Commonalities in Vehicle Vulnerabilities, is based on real-world security assessments. Technologies which could be exploited include cellular radio, Bluetooth, wi-fi, companion apps, vehicle to vehicle (V2V) radio, onboard diagnostic equipment, infotainment media and Zigbe
    Read More
  • May 14, 2018
    The rise of V2X: it’s time for ITS to put up the shields in cyberspace
    Traffic management has largely been shielded from the sort of malicious hacking that is commonplace in other industries – but with billions of connected devices in the world it won’t stay that way, warn internet experts Keith Golden and Brandon Johnson. Traditionally isolated from networks and the internet over most of its history, the traffic management industry has largely been shielded from malicious hacking and system intrusion that have become commonplace in other industries. However, as the rate of
    Read More

Highlighted Content