CVs vulnerable to ‘low skill’ cyberattacks: report

17% of potential attack scenarios on connected vehicles identified as high-risk, finds Trend Micro 
By Ben Spencer February 23, 2021 Read time: 2 mins
Trend Micro says 66% of attacks are medium-risk while 17% are low-risk (© Melpomenem | Dreamstime.com)

A report published by Trend Micro has revealed high-risk cyberattacks against a connected vehicle (CV) can be carried out by a 'low-skill' attacker. 

The cybersecurity firm says attacks such as a distributed denial of service (DDoS) could overwhelm connected vehicle communications. 

DDoS renders a machine or network resource unavailable to the user by disrupting services of a host connected to the internet. 

Launching a DDoS assault on an exposed ITS infrastructure could have devastating consequences - especially if connected vehicles rely on it for driving decisions, the company adds. 

This is just one of 29 real-world scenarios flagged up in Cybersecurity for Connected Cars Exploring Risks in 5G, Cloud and other Connected Technologies.

Trend Micro identifies 17% as high-risk, 66% as medium-risk and 17% as low-risk. 

The firm says other dangerous attacks include electronically jamming connected vehicle safety systems or wireless transmissions to disrupt operations.

Medium-risk attacks can include sending incorrect or improper commands to back-end ITS.

Remotely transmitting and installing malicious firmware and/or apps fall into the low-risk category. 

Rainer Vosseler, threat research manager for Trend Micro, says the research shows there are “ample opportunities” for attackers looking to abuse connected vehicle technology. 

“Fortunately, there are currently limited opportunities for attacks, and criminals have not found reliable ways to monetise such attacks,” Vosseler continues.

“With the UN's recent regulations requiring all connected cars to include cybersecurity, as well as a new ISO standard underway, now is the time for stakeholders across the industry to better identify and address cyber risk as we accelerate towards a connected and autonomous vehicle future."

Trend Micro has issued guidance for protecting CVs, which includes establishing effective alert, containment and mitigation processes.

The firm also recommends protecting the end-to-end data supply chain across the car's E/E network, the network infrastructure, back-end servers and vehicle security operations centre.

It also emphasises the importance of applying lessons learned to prevent repeat incidents, using security technologies such as firewall, device control, app security, vulnerability scanner and code signalling. 


 

Detection, Monitoring & Machine Vision Classification & Data Collection

Related Content

  • May 6, 2020
    Don’t forget security threat, says Econolite
    A new level of communication is helping deliver on the promise of Vision Zero and a more sustainable future. But amid the promise, Econolite’s Sunny Chakravarty suggests we need to be mindful of the potential downsides in an age of mass connectivity
    Read More
  • November 10, 2017
    Making connections without compromising security
    We listen in as global experts discuss connected vehicles and cybersecurity. By 2019 there will be almost 44 million connected cars globally and by 2022 that figure will be nearer 70 million; some 40% will be electric powered, according to market analyst Frost & Sullivan. But its report said the issue of end-to-end security for the new technology is still under debate, as vehicle OEMs engage with vendors to test specific security application areas for both over-the-air and vehicle-to-exterior services.
    Read More
  • April 18, 2012
    EV charging will require increased investment in cyber security systems
    The technology architecture associated with electric vehicle (EV) charging is continuing to evolve as utilities and other key players in the industry ecosystem identify business requirements and risks associated with adding significant new demands on the electrical grid. One of the most pressing challenges is related to securing financial transactions and end-to-end communications throughout the EV charging infrastructure, and a recent report from Pike Research indicates that these areas will be the focus o
    Read More
  • September 30, 2016
    Connected-car security market expected to reach US$759 million in seven years
    With nearly 112 million vehicles now connected around the world, the global market for automotive cybersecurity is expected to grow exponentially – to US$759 million in 2023, according to a new report, Automotive Cyber-security and Connected Car, from IHS Automotive, part of business information provider IHS Markit. Connected cars are defined as those that have a connection to the internet, through telematics, an onboard modem or a paired device in the vehicle, such as a mobile phone or other device. One
    Read More

Highlighted Content