S2 Grupo has recently conducted an extensive report on the state of cybersecurity in the realm of smart vehicles, and the findings paint a rather alarming picture. If you believed that these modern marvels of technology were impervious to the machinations of cybercriminals, it’s time to reconsider.
Connected electric vehicles, which are becoming increasingly prevalent, face a multitude of cybersecurity threats, and it’s imperative that specific solutions are developed to monitor and fortify their cybersecurity. What might have seemed like pure fiction when watching Cipher’s exploits in Fast & Furious 8 could be closer to reality than we’d like to admit.
The Cybersecurity Report by S2 Group, aptly titled “Cybersecurity in the Connected Electric Vehicle,” sheds light on the growing concerns surrounding the surge in connectivity and automation within intelligent vehicles. These advancements expose these vehicles to critical cyber threats, and the need for comprehensive cybersecurity measures from the very inception of their design has never been more pressing. Unfortunately, this aspect often goes overlooked during the production phase.
With an ever-increasing number of smart, network-integrated components, automobiles have become a fresh target for cybercriminals. The risks aren’t confined to just the production phase; they extend to loading, and even during regular operation, constituting a genuine menace to both digital and physical security.
José Rosell, the managing partner of S2 Grupo, points out the oversight, stating, “We haven’t been considering the consequences of potential system compromises in these vehicles, and it’s absolutely essential now. Until recently, vehicle safety primarily centered on averting physical hazards. However, with the surging connectivity of vehicles, especially for status monitoring, coupled with the advent of wireless communications, the need for physical access to compromise the system is no longer a prerequisite.”
Cyberattacks in the connected car sector can be aimed directly at the intelligent vehicles themselves or at other interconnected elements such as traffic lights, chargers, signals, or remote servers that these vehicles rely on. The surge in cyber attacks within this sector correlates directly with the heightened connectivity of its components to the outside world. This expanded attack surface provides cybercriminals with various points of entry, making it possible to orchestrate incidents that affect both the connected electric vehicle and its associated elements, such as chargers and signals.
Below is a compilation of some recent attacks in the realm of Vehicle-to-Everything Communication (VEC) and electric vehicle chargers, each of which could have had substantial real-world consequences:
- Attack on Electric Vehicle Chargers in Russia (March 2022): Devices ceased to function and displayed messages on their screens that defended Ukraine against Vladimir Putin.
- Car Theft via CAN Injection Attack (April 2022): Attackers exploited the interconnectivity of vehicle networks and vulnerabilities in the CAN protocol, enabling them to unlock doors and start the car—a novel car theft technique.
- Attack on Vehicles through Bluejacking (June 2022): Attackers targeted vehicles from an American manufacturer using “bluejacking” attacks.
- Car Hijacking (July 2022): Attackers managed to connect to the VEC APIs, granting them the ability to monitor the car’s status and manipulate its locking mechanism via a mobile application.
- Software Incident (February 2023): A software implementation in 365,000 vehicles of a particular brand exhibited operational deficiencies. It failed to correctly identify intersections and adjust speed, posing a significant risk of accidents.
These real-world examples underscore the urgent need for heightened vigilance and robust cybersecurity measures in the smart vehicle industry. The days of viewing vehicles solely as mechanical entities are long gone, replaced by the imperative for comprehensive digital protection in the face of evolving cyber threats.
