Automotive Cybersecurity in the Age of Connected Cars

As Internet connectivity becomes more commonplace, and there is increasing integration of advanced technologies such as connected cars, autonomous driving, and electric vehicles, an increasing amount of data is being generated by automobiles, putting automakers at a higher risk of cyberattacks.  

In this blog, we look into the current state of cybersecurity in the global automotive industry and explore potential solutions to curb emerging threats, be it policies, guidelines, or processes. 

5 Cyber Threats in Global Automotive Industry 

While Internet connectivity is the basis for the advent of automotive cyber attacks, the use of this connectivity to incorporate advanced technologies into vehicles is putting automakers at a bigger risk of cyberattacks, something they are not yet prepared to deal with. 

In this section, we deep dive into why automakers are facing more cyber threats, and what their response has been so far, to tackle it. 

Increasing amounts of personal data from vehicles 

One of the first and most fundamental reasons for the cyberattacks is the increasing amount of data generated by connected cars, autonomous driving, and electric vehicles. These have made the automotive industry a prime target for cybercriminals. With the advent of connected cars, the amount of data generated by vehicles has increased exponentially. This data includes information about the vehicle’s location, speed, and driving behavior, as well as personal information about the driver and passengers. This data is valuable to cybercriminals, who can use it for a variety of nefarious purposes, including identity theft, fraud, and extortion. 

Security risks through APIs 

The second is APIs, which present significant and fleet-wide attack vectors, resulting in a wide range of cyber attacks. APIs are used to connect different systems and applications, allowing them to share data and functionality. However, they also present a significant security risk, as they can be exploited by cybercriminals to gain unauthorised access to sensitive data. This is particularly true in the automotive industry, where APIs are used to connect various systems within a vehicle, including the infotainment system, the engine control unit, and the telematics system.  

According to reports, in 2022 alone the number of automotive API attacks increased by 380%, accounting for 12% of total incidents, despite OEMs employing advanced IT cybersecurity protections. 

Keyless car theft 

The third being, keyless car theft. This is a growing problem, with criminals using sophisticated hacking tools to gain access to vehicles without the need for a physical key.  

Remote attacks are also a concern, with cybercriminals using the internet to gain access to a vehicle’s systems and take control of the vehicle. In 2015, two security researchers hijacked a vehicle over the internet, turning the steering wheel, briefly disabling the brakes, and shutting off the engine. With many more cars now internet-enabled, the risk of hijacking has exploded. 

How are Automakers Addressing these Threats? 

As vehicles become more connected, the risk of cyber attacks increases. But, many automakers are not adequately addressing this risk, leaving their vehicles vulnerable to attack.  

A Merit expert says, “This is particularly true in the case of mobile connectivity, where many automakers are relying on third-party providers to provide connectivity services, rather than developing their own solutions.” 

On the other hand, in response to these threats, automakers are taking steps to improve their cybersecurity posture. They are investing in cybersecurity training and awareness programs for employees and implementing edge security changes to help mitigate the kind of risks that affect cars, trucks, fleets, and other connected vehicles and their makers. According to the AT&T 2022 Cybersecurity Insights (CSI) Report, 75% of organisations have indicated that they plan to implement edge security changes to help mitigate the kind of risks that affect cars, trucks, fleets, and other connected vehicles and their makers. 

But, is this enough? As the industry continues to adopt connected technologies, it will become increasingly important that organisations take a proactive approach to cybersecurity.  

Here are some steps that automakers can take to improve their cybersecurity posture as the industry continues to adopt connected technologies: 

1. Take a multi-layered approach: Vehicles have several entry points, both wireless and wired, which hackers can potentially use to gain unauthorised access to the vehicle’s systems. Automakers should consider implementing a multi-layered approach to cybersecurity that includes firewalls, intrusion detection systems, and other security measures. 

2. Establish a culture of cybersecurity: From suppliers to manufacturers and dealers, 360° cybersecurity requires everyone to be on the same page. Automakers should establish a culture of cybersecurity by providing regular training and awareness programs for employees. 

3. Conduct regular security posture assessments: Regular security posture assessments can help automakers identify vulnerabilities and take corrective action before they are exploited by attackers. 

4. Implement strong passwords and a password manager: Weak passwords are the easiest way for attackers to gain unauthorised access to systems and steal sensitive data. Encourage employees to use strong passwords that include a combination of upper and lower case letters, numbers, and special characters. Consider implementing a password manager to help employees manage their passwords. 

5. Monitor third-party vendors: Many automakers rely on third-party vendors to provide connectivity services. It is important to monitor these vendors and ensure that they are following best practices for cybersecurity. 

6. Stay up-to-date with the latest cybersecurity trends: Cybersecurity threats are constantly evolving, and it is important for automakers to stay up-to-date with the latest trends and best practices. Consider subscribing to cybersecurity newsletters and attending industry conferences to stay informed. 

7. Conduct regular security posture assessments: Regular security posture assessments can help automakers identify vulnerabilities and take corrective action before they are exploited by attackers. 

In conclusion, the automotive industry stands at the crossroads of technological innovation and cybersecurity challenges. As connected technologies evolve, automakers must prioritise proactive measures, embracing a multi-layered defense, fostering a cybersecurity culture, and staying vigilant to stay ahead of the ever-evolving cyber threats in the modern automotive era. The road to a secure and resilient future requires constant adaptation and collaboration across the industry to ensure the safety and integrity of connected vehicles. 

Merit’s Expertise in Data Aggregation & Harvesting for the Global Automotive Sector 

Merit Data and Technology excels in aggregating and harvesting automotive data using AI, ML, and human expertise. Our capabilities include: 

• Crafting end-to-end data pipelines and scalable data warehouses 
• Designing compliant governance solutions for seamless integration 
• Utilising high-volume, high-velocity data tools for nuanced insights 
• Extracting retail product attributes and audience data 
• Aggregating industry-specific data points for informed decision-making 

Trusted by leading automotive brands, Merit drives innovation and efficiency by delivering refined, actionable insights.

Key Takeaways 

• Escalating Threat Landscape: The automotive industry faces a rising tide of cyber threats, driven by the proliferation of connected cars, autonomous driving, and electric vehicles. The sheer volume of data generated becomes a prime target for cybercriminals. 

• Vulnerabilities through Connectivity: APIs, essential for interconnecting vehicle systems, present a significant security risk. The automotive sector witnessed a substantial 380% increase in API attacks in 2022 alone, emphasising the urgent need for robust cybersecurity measures. 

• Keyless Car Theft on the Rise: The emergence of sophisticated hacking tools allows criminals to exploit vulnerabilities, enabling keyless car theft. Remote attacks through internet-enabled vehicles pose a serious concern, necessitating comprehensive security measures. 

• Automakers’ Response: While some automakers inadequately address cybersecurity risks, others are proactively investing in training, awareness programs, and edge security changes. To bolster defenses, a multi-layered cybersecurity approach, a culture of cybersecurity, regular assessments, and monitoring of third-party vendors are essential steps.