A woman races downhill and wants to brake, but the car accelerates, the brake is out of action. Elsewhere, drops of sweat are beading on a man’s forehead as he presses the accelerator pedal all the way down and still stops in the fast lane of a motorway. “Cyber Hacks 2020” could be the title of a video game with the horror scenarios described above. But in fact, there is a real danger behind it. The UNECE initiative, which recently issued binding new regulations on the Cyber Security of motor vehicles and software updates for the automotive industry, shows how real it is. We have already reported on the new UNECE WP.29 regulations in our magility blog.
The Fear of Hackers Takes Hold
While thriller criminals à la Hitchcock still had to crawl under the car in person to cut the brake and fuel hoses, nowadays a perfidious hacker software and a comfortable office chair somewhere in the world are enough to turn an autonomous vehicle into a remote-controlled one. In 2015 the two security researchers Charlie Miller and Chris Valasek proved that they could hack into the software of vehicles, and since then fear is widespread among manufacturers and users.
Infotainment Ban Become a Trap in the Future
Infotainment in a networked car is currently regarded as the biggest gateway for a possible hacker attack. According to the ADAC, SD card readers, USB interfaces, diagnostic interfaces (OBD), Bluetooth modules, keyless key systems or even the wirelessly operated tyre pressure monitoring system offer welcome opportunities for hackers and other cyber criminals to attack. But also the cloud technology shows more and more gaps in the security system.
Company Fleets and Company Cars Targeted by Cybercriminals
If you own a luxury class vehicle that is to be “kidnapped” and sold, you as a private person can also become the victim of a hacker attack. However, cyber criminals tend to target entire company fleets and company cars, because they appear to hackers to be a self-service paradise: Motion profiles can be created via GPS and sensitive company data can be accessed via WLAN. And phone calls are practically public anyway. For example, unprotected Bluetooth connections offer about as much privacy protection as a postcard.
Smart Cities Endangered by Connected Cars
But the infrastructure of cities can also be blocked. Incorrect traffic light circuits could lead to traffic jams, accidents and disruptions. Every interface offers a safety and security risk. Since 2018, every newly registered vehicle in Europe has had at least one of these, as manufacturers have been obliged to install the automatic emergency call system E-Call ever since.
Blackmail as a Business Model on the Internet of Things
And what’s the point? To make demands. Networking makes you vulnerable to blackmail. According to the Kaspersky DdoS Report, the total number of all DdoS attacks in the first quarter of 2020 has doubled compared to the previous year. According to the report, educational institutions and local authorities are mainly affected. This is also shown by a warning from the German Association of Cities and Towns to its members. A report in the Handelsblatt also shows that the hacker profession is flourishing as a service enterprise. According to the report, the German Cyber Security Council estimates the damage caused by cyber attacks up to 50 billion euros annually.
Real Cyber Hacks 2020 – A Selection
- In May, Fresenius Medical Care, the world’s leading provider of products and services for individuals with kidney disease, confirmed a hacker attack followed by the illegal publication of patient data in Serbia.
- Presumably commissioned by China, the German chemical company Lanxess was spied on.
- The car companies BMW and Hyundai were probably spied on by cyber hackers on behalf of the Vietnamese state.
- A security hole in the locking system made Tesla vulnerable.
Best Protection: Be one Step Ahead even of Artificial Intelligence
Cyber criminals depend on keeping up with new developments, so it is to be expected that they will as well use artificial intelligence (AI) for their attacks in the future. Hence the race between manufacturers, users and hackers to uncover vulnerabilities is gaining momentum once again. The winner is the one who is one step ahead. A quick change of security updates and a short “lifetime” of software keys are barriers that are difficult for hackers to overcome. Magility’s security specialists help identify weak points before they can become a problem.
Cyber Security Management Systems (CSMS) – Holistic Cyber Security
Together with our partner network, which includes technology companies such as Argus Cyber Security and the certification service provider DEKRA, we act as a System Integrator for Cyber Security Management Systems (CSMS) in the European market. Now that the new UNECE regulations have been published, an integrated CSMS will be mandatory for all OEM’s. In future, there will be no type approval for a vehicle without a certified CSMS. Years ago, we developed a CSMS for the automotive industry which is continuously updated and therefore includes all UNECE WP.29 regulations and is also based on the upcoming ISO/SAE 21434 and ISO/AWI 24089. We would be pleased to advise you on this topic and support you in implementing a CSMS in your company across all process stages along the supply chain and throughout the entire life cycle of the vehicle. For more information please contact our magility Cyber Security experts.