European Cybersecurity Agency Publishes Report on Smart Car Security

Written by

The European Union Agency for Cybersecurity (ENISA) yesterday published a report on the cybersecurity of smart cars. 

The report aims to promote cybersecurity for connected and (semi-)automated cars by identifying emerging threats and issuing guidance on potential security measures that can help to mitigate them. 

"Smart cars already available today provide connected, added-value features in order to enhance car users’ experience or improve car safety. With this increased connectivity (that the emergence of 5G is expected to further promote) novel cybersecurity risks and threats arise and need to be managed," the report states. 

The new report presents a more in-depth analysis of the conclusions reached in ENISA’s 2017 study, "The ENISA Cybersecurity and Resilience of Smart Cars—Good Practices and Recommendations."

In their latest report, ENISA researchers note that Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) interfaces, needed for the deployment of intelligent transport systems and autonomous cars, have expanded the potential attack surface and attack vectors. They predict that as smart cars are increasingly affected by the growth of advanced machine learning and artificial intelligence, the number of risks posed by cyber-threats will rise. 

Cyber-attacks on smart cars could cause damage that goes far beyond the loss of sensitive personal information.

"Attacks targeting smart cars may lead to vehicle immobilization, road accidents, financial losses, disclosure of sensitive and/or personal data, and even endanger road users’ safety," warns the report. 

In 2015, researchers used a proof-of-concept remote attack to take control of a smart vehicle and send it off-the-road, leading to the recall of over a million cars. More recently, researchers demonstrated that it was possible to locally or remotely take control of smart cars' infotainment systems by exploiting diagnostic services to manipulate the vehicles' functions.

Smart cars have also been hijacked via their smart alarm and made to perform illegitimate actions, including cutting the engine and enabling or disabling the immobilizer. 

Interest in autonomous cars, from both end users and manufacturers, is big. A survey of 5,500 global city dwellers from all around the world found 58% of global respondents are willing to take a ride in a driverless vehicle. If optimistic predictions on the topic prove to be correct, the world may see the widespread deployment of fully automated vehicles as early as 2030.

What’s hot on Infosecurity Magazine?