Here is the punch line.
Automotive cybersecurity incidents doubled in 2018 and are up 605% since 2016. That doesn’t seem that safe to me.
Here are some statistics from Upstreams 2019 automotive cybersecurity report:
- 330 million vehicles are already connection and top brands in the US say that they will only sell connected vehicles this year. If true, one attack vector might be to design a hack to disable all smart vehicles in a specific area.
- Smart vehicles will benefit from 5G cellular, if and when it becomes widely available in the US because 4G speeds in the US tend to be very variable and often horribly slow.
- Since 2016, the number of annual incidents has increased by 605%
- Incidents more than doubled in 2019 compared to 2018.
- 57% of incidents were criminal in nature – disruption, theft and ransoms. The rest were researchers trying to stay ahead of the bad guys.
- The three most common attacks are keyless entry, backend systems and mobile apps. Remember, if you choose not to install your car maker’s mobile app and register your vehicle, you are leaving your car open to attack if a bad actor registers your car instead.
- One third of all incidents resulted in the theft of a vehicle or a break-in.
- One third of the attacks included taking over some of the car’s function.
- 82% of the attacks in 2019 did not require physical access to the car.
Car makers understand these security issues and are working to improve their security, but the basis of all smart cars is software and we know that software always works perfectly.
Users like the features, so they will continue to ask for them but they might also want to ask their insurance agent if their insurance covers these new types of attacks.
Also recommended is to talk to your legislator to make sure that laws take into consideration that the risks of smart cars. For example, if you are in an accident and you say that you lost the ability to control your vehicle as we saw on 60 Minutes a couple of years ago, will the police believe you? Or hold you responsible? What if someone else is hurt as a result of that? In today’s level of sophistication, it is going to be hard to prove that it wasn’t your fault.
Source: HelpNet Security