Who Might Launch Cyberattacks on Connected Cars and Why?

Cyberattacks on connected cars have long been considered a potential threat to the safety of road users and pedestrians. Fortunately, we have not yet seen any reports of major cybersecurity incidents that directly affected safety-critical vehicle systems, mostly because the automotive industry has been preparing for such attacks long before any hackers have had a chance to gain a footstep in the connected car ecosystem, but also because the financial incentives of hacking vehicles have not been appealing enough to make them primary targets.

However, this does not mean that the automotive and mobility industry will not become a primary target in the future. Since 2020, cybercriminals have been frequently crossing the boundaries of IT and stepping into the OT (operational technology) environment, disrupting physical operations at factories, airports, power plants, pipelines, and even hospitals. Likewise, as the connected car ecosystem continues to grow and V2X-based autonomous driving begins to take off, there is an increased possibility that vehicles and C-ITS infrastructure could one day become a primary target of cyberattacks.

Therefore, to keep itself ahead of any potential cybercriminals, it is important for the automotive and mobility industry to analyze and predict who might be the potential perpetrators and why they would want to launch an attack. These predictions can then be used to guide the TARA (Threat Assessment and Remediation Analysis) process, followed by threat modeling and penetration testing.

These are some of the potential threat actors who might be interested in hacking the connected car ecosystem.

Nation States

Along with military strength and economic power, cyber capability has become another hidden force for countries to exert influence on the world stage. Many nation states today target their adversaries with cyber campaigns ranging from espionage and infiltration to DDoS and ransomware attacks. Common targets include government agencies, infrastructure operators, healthcare providers, schools, and businesses. As the connected car ecosystem continues to expand, nation states could target vehicles and roadside infrastructure to gain big data on a country’s road network, including details on the locations of cameras and traffic lights as well as traffic movements. The personally identifiable information (PII) associated with each vehicle owner can also be exploited to launch targeted infiltration and phishing campaigns against high-profile individuals.

In the worst-case scenario of an armed conflict, hostile states could even try to disrupt the C-ITS infrastructure to cause traffic chaos and accidents. Under Vehicle-Infrastructure Cooperated Autonomous Driving (VICAD), vehicles rely on the V2X messages received from roadside cameras and infrastructure for autonomous driving. In such a network, a DDoS attack against any of the crucial infrastructure systems can cause autonomous vehicles to lose cooperative driving capabilities and be forced to switch back to manual and ADAS driving, leading to sudden and unexpected disruptions to traffic on a wide scale.

Hacktivists and Terrorists

Hacktivists are self-organized hackers that target specific governments or organizations to raise public awareness on certain political or social causes. For those who want to target an automotive manufacturer or regional government, launching an attack against the OEM’s connected car fleets or a regional C-ITS infrastructure can be a quick and effective way to make their voices heard. In February 2022, an unknown hacker targeted a supplier of Toyota’s key components, forcing the OEM to shut down operations for 24 hours. In the future, a similar attack might be targeted directly at vehicle fleets.

Whereas hacktivists target organizations, terrorist groups target citizens. Terrorist groups in the future could also launch disruptive attacks against connected cars and road infrastructure to generate fear among the public. In an extreme case, they could even try to take control of an autonomous vehicle remotely and manipulate the vehicle to trigger crashes.

Ransomware Gangs

Ransomware gangs are financially motivated criminals that deploy ransomware on targeted networks to encrypt systems and steal sensitive data. The victims are then forced to pay a ransom if they want their system decrypted or to prevent the stolen data from being released or sold. Just like how these ransomware operators target enterprise networks, it is technically possible for them to infect connected cars with ransomware that locks certain vehicle functions until the victims pay the ransom.

The good news is that the technical difficulty of intruding a connected car system is much higher than that of an enterprise system. Even if the ransomware gets successfully deployed, the ransom payment the attacker can exploit from an individual vehicle owner is very limited. Hence, ransomware attacks against private vehicles remain very unlikely in the foreseeable future. Alternatively, attackers could try to infect the OEM’s servers to disable OTA services and steal the sensitive data of vehicle owners, forcing the OEM to make the payment.

Criminal Groups and Thieves

Criminal groups and thieves can exploit autonomous vehicles and use them as a tool to commit crimes. For instance, they could gain remote control to a parked vehicle and redirect it to a remote area under their control to steal the personal belongings of the owner. They could also control these vehicles for illegal trafficking by hiding cash, weapons, or drugs inside. Nonetheless, despite being a possibility on paper, these tactics are too complex for most criminal groups and are not likely to be exploited anytime soon.


A Well Protected Connected Car Ecosystem

Despite all the possibilities of being targeted by a wide array of perpetrators, connected cars remain the safest tech devices today. Thanks to the advanced planning and early integration of robust cybersecurity measures by the industry, launching any profitable cyberattacks on the connected car ecosystem remains extremely difficult even for the most sophisticated hackers.

AUTOCRYPT has been constantly working with OEMs and suppliers to ensure a safe and smooth transition into the connected car ecosystem. From V2X connections to in-vehicle systems, electric vehicle charging infrastructure to mobility services, AUTOCRYPT protects every endpoint to ensure that cybersecurity risk is kept at a minimum.

To learn more about AUTOCRYPT’s end-to-end solutions, contact global@autocrypt.io.

To stay informed with the latest news on mobility tech and automotive cybersecurity, subscribe to AUTOCRYPT’s monthly newsletter.