Disculpa, pero esta entrada está disponible sólo en Inglés, Ruso y Ucraniano.
There are 330 million connected cars in the world, and their number is growing rapidly. According to Upstream Security, from 2016 to 2019, the number of automotive cybersecurity incidents increased by 605%.
Some figures:
- 57% of the attacks were by criminals for disruption, theft or ransom, 38% by researchers as a warning, to test systems security.
- The most common attack vectors were keyless entry systems (30%), followed by backend servers (27%) and mobile apps (10%).
- The most frequently reported crimes were car break-ins and thefts (30%), loss of control over car systems (27%) and data and/or privacy breaches (23%).
- 82% of the attacks were initiated remotely – they could have come from anywhere in the world.
From recent cases
Tesla’s safety has been questioned again. These time researchers targeted the Mobileye camera. It uses machine vision algorithms that help the driver to control and prevent collisions, as well as to follow the road signs in autopilot mode. McAfee employees who have Tesla decided to try it out. They added one small strip of the adhesive tape to the 35-mile speed limit sign and the autopilot considered it to be the number 85. As a result, it automatically increased its speed. The change in the roadside sign was small enough to be noticed by people, especially when passing by. However, it was enough to fool the Mobileye EyeQ 3 system.
How does an artist deceive a GPS?
Another interesting case that proves the vulnerability of transport systems was about Google Maps service. German artist Simon Weckert bought a trolley and 99 previously used smartphones to create a non-existent traffic jam. He succeeded! Turning a green street into a red was easy. And it means that hackers, in theory, can change the route of a smart car.
The system is not perfect and cybercriminals will continue to look for the weakest point in the chain. And it makes sense as with the development and introduction of new technologies new gaps appear. Vulnerable maybe not an individual car connected to the network, or your corporate fleet of smart cars, but the slightest defect at the manufacturer’s level.
