Last modified more than a year ago

The cybersecurity blind spots of connected vehicles

The cybersecurity blind spots of connected vehicles

8 September 2020

Connected cars have been becoming more and more usual. It is estimated that connected cars will account for 10% of total automobile purchases worldwide by 2034. With many people relying on connected car technologies for safety, accessibility, and infotainment – each connected car can produce up to 30 terabytes of data each day. So, it is important to keep connected vehicles protected against a range of ever-increasing and ever-progressing cyber threats.

In this regard, Trend Micro, a cybersecurity and defence company has recently published a research paper “Driving Security Into Connected Cars: Threat Model and Recommendations” which explains the cyber security blind spots of connected cars to help developers and manufacturers create secure as well as smart vehicles.

The report highlighted some key findings, where it identified and classified 29 connected car attacks based on the threat model DREAD (damage potential, reproducibility, exploitability, affected users, discoverability). It is classified out of the 29 attacks, 17% are high-risk, about 66% are medium-risk, and another approximate 17% are low-risk.

Some of the identified attacks are:

  1. Installing a malicious app on a connected mobile phone.
  2. Electronically jamming a connected car’s safety systems, such as radar and lidar.
  3. Attacking the camera system’s image processing with specially crafted visuals.
  4. Installing malware or spyware in a connected car.
  5. Identifying and abusing device misconfigurations.
  6. Exploiting vulnerabilities in software, hardware, operating systems, and protocols

The report says in an overall sense, the risk level of attacks on connected cars can be characterised as medium. Some of the recommendations are to identify critical areas in the end-to-end data supply chain that needs to be kept secure. The report also suggests stakeholders in the connected car technology to develop and implement a cyber-security strategy that considers the whole connected car ecosystem to secure the connected cars.

To read the full report: “Driving Security Into Connected Cars: Threat Model and Recommendations”, click here.

Image: Trend Micro