How Hackers Are Exploiting Automotive Cybersecurity Weaknesses

Advanced technology allows us to enjoy conveniences never before offered, but new tech also brings about concerns over automotive cybersecurity.

Vehicles increasingly integrate various forms of technology and connectivity, which means they could be much more useful and connected to our lives through smart technology. That said, hackers are finding vulnerabilities in new programming. Every time additional tech is added to a vehicle, it requires advanced programming, and being fully reliant on this tech means vehicles become more vulnerable to being hacked electronically. This has led to increasing concerns over automotive cybersecurity.

Starlink is hackable

Subaru uses a system called Starlink, which could be vulnerable to attacks and hacks. Recently, a major vulnerability was discovered in the system, which would allow hackers to take control of a vehicle and access sensitive customer data. Hackers don’t need much information to hack into this system, which makes it frightening. In fact, all that’s required is the license plate information and some basic details like the owner’s last name or email address. This allows the vehicle to be remotely started, stopped, locked, and unlocked. Hackers can also extract personal information and the vehicle’s real-time location.

The personal information that can be gained through this access is much more problematic than simply taking over control of a vehicle. Hackers could access the personally identifiable information (PII), which includes emergency contacts, billing details, and the vehicle’s PIN. It could be very easy for hackers to target the driver and profile the victim’s movements.

Where did this weakness come from?

The automotive cybersecurity concerns that stem from Subaru’s Starlink system come from weaknesses in the admin portal. This could be as simple as an insecure password reset and insufficient protection against two-factor authentication bypass.

Subaru patched the flaw within 24 hours of its discovery, but this is only one example of the challenges facing programmers regarding connectivity and security.

Subaru isn’t alone with these concerns

Many automakers have faced vulnerabilities and flaws in their software programming. The Starlink flaw isn’t isolated, which is why security is such a major concern. Kia’s dealer portal allowed hackers to locate and seal vehicles using their license plates. This revealed systematic issues in the design and deployment of connected car systems.

According to Forbes, some of these issues are:

• Weak authentication makes it easier for attackers to break into sensitive systems
• Centralized systems store large amounts of sensitive user and vehicle data, making breaches more likely
• Many connected car platforms do not encrypt data properly, leaving it vulnerable during transmission
• Poor integration with third-party apps and portals creates security gaps
• Automakers often take too long to find and fix vulnerabilities, leaving vehicles exposed for longer than necessary

 

Examples of automotive cybersecurity threats

The increasingly connected automotive world brings about more threats and vulnerabilities, especially with more systems requiring programming to function. Here are a few cybersecurity threats facing the industry.

Keyless car theft

Key fobs require minimal programming to function properly. This can be a major concern for automakers because key fobs can easily be duplicated, thereby giving thieves access to vehicles. Vehicles with keyless starting and entry are prone to more attacks because these vehicles can be driven away, instead of only the doors being opened.

EV charging station exploitation

Through the use of malware, fraud, remote manipulation, and the disabling of charging stations, automotive cybersecurity is an issue. When charging an EV at a charging station, data is transferred between the car, the charging station, and the company that owns the device. This data becomes vulnerable to hacking and manipulation during the charging time.

Infotainment system attacks

Modern vehicles utilize millions of lines of code to operate, and most of that code is used for the vehicle’s firmware and software that allows several systems to operate, including the navigation, USB, CarPlay, SOS, and more. The infotainment can become an open door for criminals to get into your world. These systems are generally connected to driver’s smartphone, which makes them extremely vulnerable to hacking.

Brute force network attack

Brute force attacks are one of the greatest automotive cybersecurity threats. These attacks target a network to break credentials and take down an entire segment of the industry. The attacks can have far-reaching impacts and can cause manufacturers, dealers, and owners to become victims. When credentials are compromised, entire systems can easily become the target of attacks.

Automotive cybersecurity is one of the greatest concerns of drivers and a huge barrier between our current driving landscape and the future, which could include autonomous vehicles.