With attacks rising, Upstream is launching an auto-cyber-threat service
12/18/2019
We are bombarded by cyber attacks on our computers, phones, city and hospital networks, and, as time goes on, in our cars. While cars have largely been ignored until now, criminals have started to catch on and are getting set to rob people and car companies alike.
According to Upstream, of Herzliya, Israel, nearly half of the vehicle hacks recorded since 2010 occurred in the last 12 months. As more connected vehicles (an estimated 775 million by 2023) come into play, the problem is likely to worsen.
Upstream Security’s 2020 Automotive Cybersecurity Report, released today, shows insights and statistics from analyzing 367 publicly reported automotive cyber incidents, including vulnerabilities identified during 2019.
The company also announced the general availability of AutoThreat Intelligence, an automotive threat intelligence subscription service which will let analysts leverage the feed within Upstream’s C4 platform; it covers both automotive manufacturers and smart mobility and connected vehicle service providers. AutoThreat™ Intelligence can be enabled with any Upstream Security deployment or as a standalone service.
The report notes that 330 million vehicles are already connected, and many brand are only selling connected vehicles from 2020 onwards. A wide-scale attack could potentially disrupt an entire city and lead to loss of lives. Since 2016, the number of incidents per year has increased by a factor of six. Most (57%) in 2019 were carried out by criminals, including a number demanding ransoms, just as they do when infecting cities, schools, and hospitals. 38% were done by researchers to warn people and companies of problems.
Nearly a third of all incidents involved keyless entry attacks, followed by backend servers (27%) and mobile apps (13%). Around a third of incidents involved thefts and break-ins, with over one fifth involving data or privacy breaches. 82% were remote attacks, not requiring physical access to the car.
The service currently lists 66 CVEs (common vulnerabilities and exposures).
Industry’s approach so far has included bounties for vulnerabilities found by “white hat” researchers, requests for new regulations and laws, and a multilayered security approach with security by design, further cybersecurity solutions, and expanding VSOCs (Vehicle Security Operations Centers) for early detection and rapid remediation.
Clark Westfield grew up fixing up and driving past-their-prime American cars, including various GM and Mopar V8s. He has ghostwritten auto news for the last few years, and lives in Farmingdale, New York.