Add vehicle owners to the growing list of potentials cyber security threats against automakers in 2023.
Early adopters of automakers’ new digitized offerings will find ways to circumvent premium features by fraudulently tampering with their vehicles’ systems, according to executives at Israeli cybersecurity firm Upstream.
Speaking at a cybersecurity webinar on Tuesday, the Upstream team said consumers could push back as automakers roll out subscription-based services and features in new vehicles.
Automakers — from BMW and You’re here at Volkswagens, Toyota and General Engines – have offered monthly subscriptions for services such as heated seats, global positioning systems, music streaming and remote keyless start features with varying degrees of success.
Cybersecurity is a growing concern for the automotive industry, and as vehicles become digital platforms, a group of so-called white hat hackers – researchers who uncover vulnerabilities and notify automakers and suppliers – are finding problems. Last year, security engineer Sam Curry hacked Reviver, a digital license plate company that counts fleets as customers. Curry was granted full “super administrative access” to manage all of Reviver’s user accounts and vehicles. His team found ways to penetrate customer and employee information from BMW, Rolls-Royce, Jaguar-Land Rover, Mercedes-Benz, Porsche, Ferrari and Ford.
Upstream expects black hat hackers – those who use vulnerabilities for nefarious reasons – to focus on car fleets this year. In 2022, hackers focused most of their attention on breaching automakers’ telematics and application servers, which accounts for 35% of automotive cybersecurity breaches, according to Upstream.
In 2022, Upstream counted 268 publicly reported automotive cyberattacks, compared to 245 publicly reported incidents in 2021.
The number of attacks continues to grow. Upstream cited 230 incidents in 2020, 196 in 2019 and 79 in 2018.
From 2010 to 2022, the company recorded 1,173 publicly reported automotive-related cybersecurity attacks.