We’ve known for years now that vehicles can be hacked. But when it comes to vehicular cybersecurity, it may no longer make sense to conceive of potential risk exposures on a vehicle-by-vehicle basis, but as an entire interconnected ecosystem.
Each connection in this tangled web could represent a potential vulnerability for bad actors to exploit.
When it comes to vehicular cybersecurity, it may no longer make sense to conceive of potential risk exposures on a vehicle-by-vehicle basis, but as an entire interconnected ecosystem.
Cyber risks in the mobility ecosystem
Packed with semiconductors, software, wireless radios, and Internet connectivity, modern cars and trucks are as much electronic devices as they are mechanical ones.1 This connectivity and electronic sophistication enables a wealth of new features, while introducing numerous potential vulnerabilities.2
In a recent Emerging Issues webinar, Giuseppe Serio, the Vice President of Market Development for the automotive cybersecurity and data management firm Upstream, outlined how this new web of risk surrounding the automotive market could change how we think about vehicle cybersecurity.
For example, in the webinar Serio highlighted various potential threat vectors and their cyber risks, such as:
- Service stations and dealers
- EV charging stations
- Mobile apps
- Remote servers and software updates
What are vehicle hackers doing today?
Vehicle hacking may conjure up hair-raising visions of drivers losing control of their cars to remote operators, but according to Upstream, close to 40 percent of all cyber incidents recorded by the company from 2010-2021 involved privacy and data breaches. The second-most prevalent incident was a cyberattack that led to a vehicle theft or break in, followed by control of car systems and service/business disruption.
An emerging risk for today’s vehicles: tomorrow
Computer and smartphone users may understand this dynamic well: After a few years, old hardware can no longer run new software—at least, not securely. Vehicle hardware and software may follow a similar trajectory, Serio noted, potentially increasing an older vehicle’s vulnerability to cyberattacks.