Security by Sector: Cyber-Criminals Seek to Exploit Automotive Manufacturing

Written by

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?

A new report from global intelligence firm IntSights, Under the Hood: Cybercriminals Exploit Automotive Industry's Software Features, has highlighted the cyber-threats facing manufacturers in the automotive industry, shining a light on how and why hackers are looking to infiltrate automobile infrastructure.

“The automotive industry is undergoing a transformation, as manufacturers pivot to focus on connectivity,” the report’s introduction read. “The growing emphasis on software and connectivity in the automotive industry adds a new challenge: cybersecurity. The pressure to deliver products as fast as possible puts a big strain on the security capabilities of cars, manufacturing facilities, and automotive data.”

Cyber-attacks targeting the automotive industry have only been an issue since 2010, IntSights pointed out in its report, but while vehicles typically have more complicated attack surfaces to penetrate compared to other options such banks or retail shops, “the automotive industry still has numerous attack vectors,” that are currently being exploited by cyber-criminals.

These include:

●          Remote keyless systems

●          Tire pressure monitoring systems

●          Software and infotainment applications

●          GPS spoofing

●          Cellular attacks

In fact, IntSights discovered online shops selling car hacking tools that disconnect automobile immobilizers, as well as services that sell code grabbers and forums that give bad actors a complete tutorial on how to steal vehicles.

“The automotive manufacturing industry is wrought with issues, stemming from legacy systems that can’t be patched to the proliferation of vehicle connectivity and software as consumers demand more integration with personal devices and remote access,” said Etay Maor, chief security officer, IntSights.

Speaking to Infosecurity, Maor explained that cyber-attacks against the automotive industry have the potential cause more than just digital harm. “As opposed to other industries like financial or healthcare – the actual target in this case is visible, physically approachable and very common. In addition, the cars include multiple components that can be compromised providing for a greater attack surface.

“The automotive industry is already undergoing a great transformation in terms of cybersecurity – car manufacturers are hiring security researchers to test out new components that they add to their cars, and security teams with a focus on IT and OT are deployed more and more. When it comes to the cars themselves – it all starts with architecture and design with security in mind. The industry must have threat intelligence on what their adversary is doing in order for them to understand and prepare for the types of attacks the cyber-criminals are carrying out.”

What’s hot on Infosecurity Magazine?