Top 5 security risks to connected cars, according to Trend Micro

Analysts from Trend Micro rate DDoS attacks and electronic jamming as some of the highest cybersecurity risks for connected cars.

Computer system protection, database security, safe internet. Lock symbol on abstract computer data background programming binary code, data protection technology. Vector illustration

Image: Getty Images/iStockphoto

More about cybersecurity

A new report from Trend Micro analyzes a day in the travels of a connected car to identify the cyberattacks most likely to succeed. “Cybersecurity for Connected Cars: Exploring Risks in 5G, Cloud and Other Connected Technologies” puts the overall risk at medium. Among the millions of endpoints in a connected car’s ecosystem, analysts found 29 potential cybersecurity attack vectors and ranked five as the highest risks.

Connected cars use satellite, cellular, Wi-Fi, Bluetooth, RDS, eSIM-based telematics, and other types of connectivity to send and receive data; this data supports user applications, driving applications, autonomous driving, safety features, and other activities. The authors note that all these network-centric applications create new attack surfaces in connected cars. Another element of the overall security challenge is a connected car’s interactions with other vehicles, cloud services, and road infrastructure.  

SEE: Identity theft protection policy (TechRepublic Premium)

Malware is not the most likely problem right now for connected cars, according to the authors, but the millions of endpoints in the ecosystem creates a large and unpredictable attack surface. For instance, a typical new model car runs over 100 million lines of code. Also, basic cars have at least 30 electronic control units (ECUs), while luxury vehicles have up to 100 ECUs. Some of these ECUs can be accessed remotely, and as the report explains:

“ECUs are all connected across a labyrinth of various digital buses … They operate at different speeds, move different types of data, and enable connections across different parts of the car. ECUs control many critical functions in a car, including the powertrain, the device and system communications body control, power management, the chassis, and vehicular safety.”

Rainer Vosseler, manager of threat research at Trend Micro, said that existing best practices from cybersecurity also apply to connected cars, such as code signing, device control, firewall, encryption, or threat intelligence, just to name a few.  

SEE: Future of 5G: Projections, rollouts, use cases, and more (free PDF) (TechRepublic)

Vosseler also said that automakers and other industry groups are working together via the Auto-Information Sharing and Analysis Center to share and analyze intelligence about emerging cybersecurity risks.

Ranking and assessing cybersecurity threats in connected cars

The analysts applied DREAD threat modeling to connected cars and its ecosystem to identify the most serious and most likely security threats.

The DREAD threat model includes these questions to support a qualitative risk analysis:

  • Damage potential: How great is the damage to the assets?

  • Reproducibility: How easy is it to reproduce the attack?

  • Exploitability: How easy is it to launch an attack?

  • Affected users: As a rough percentage, how many users are affected?

  • Discoverability: How easy is it to find an exploitable weakness?

Each risk gets rated as high, medium, or low with an associated score of 3, 2, or 1, respectively. The risk rating for a particular threat is calculated by adding up the values for an overall score. The overall risk is rated as:

  • High if the score is between 12 and 15.

  • Medium if the score is between 8 and 11.

  • Low if the score is between 5 and 7.

The analysts identified 29 connected car attack vectors and rated each one–there were five high-risk attacks vectors, 19 medium-risk attack vectors, and five low-risk attack vectors. The high-risk attack vectors were:

  • Electronically jamming a connected car’s safety systems, such as radar and lidar.

  • Electronically jamming wireless transmissions to disrupt operations.

  • Discovering and abusing vulnerable remote systems using Shodan, a search engine for internet-connected devices.

  • Launching distributed denial of service attacks (DDoS) using a compromised intelligent transportation systems (ITS) infrastructure.

  • Launching DDoS attacks on an ITS infrastructure so that it fails to respond to requests.

The authors said that the high-risk attacks require only a “limited understanding of the inner workings of a connected car and can be pulled off by a low-skilled attacker.”

The report’s authors rated high-profile attacks such as installing malicious firmware over the air, remotely hijacking vehicle controls, and sending incorrect commands to the ITS back end as medium or low risk. These attacks are difficult to do because the “devices and the systems are not readily accessible for attacking and expert skills and knowledge are required to successfully compromise connected car platforms.”

The authors note that these threat assessments will change when “middleware that obfuscates the internal E/E car architecture is made available to third-party vendors to provide software-as-a-service,” which will make it easier for attackers to develop new tactics, techniques, and procedures (TTPs). Also, as monetization methods for these attacks develop, that will change the threat landscape. The analysts see ransom, data theft, information warfare, system gaming and theft, and revenge and terrorism as the most likely profiteering models for attacks on the connected car ecosystem.

To understand the types of cybersecurity attacks for connected cars, the report’s authors reviewed four remote car hacking case studies: Jeep Hack 2015, Tesla Hack 2016 and 2017, and BMW Hack 2018. Based on this analysis, the authors identified an emerging attack pattern in all four attacks and see wireless attacks as the main attack vector. Attackers compromise the connected cards by sending malicious control area network (CAN) messages to an ECU.

Also see