Experts Say Car Hackers Would Prefer To Take Your Money
Financial gain is the primary motivation for automotive cyberattacksby Jonathan Lopez, on
As new cars become more and more interconnected, the opportunities to exploit vulnerabilities increases. However, according to a recent report from Automotive News, most hackers aren’t really interested in attacking your car just for the lulz. Rather, the primary target will be your money.
“Hacking into a car and controlling it without visuals would be a psychotic thing to do; few people would want to do that. The ones that would invest a lot of time and energy are usually after data,” says Craig Smith, security research director at the cybersecurity firm Rapid7.
That data could include credit card numbers, bank information, or your social security number – anything to help the hacker make a few bucks.
According to Di Ma, a professor at the University of Michigan Transportation Research Institute, it’s not easy to predict the nature of future real-world automotive cyberattacks, given the majority of such intrusions have thus far been performed by researchers.
However, based on the current state of criminal hacking, money seems to be the primary goal.
“Attackers will try to find exploits that provide financial incentive, and it seems that safety-critical attacks don’t provide any obvious monetary return,” stated Andre Weimerskirch, VP of cybersecurity at Lear Corp.
Continue reading for the full story.
Why It Matters
While automotive cybersecurity is still an evolving field of study, Automotive News did manage to list a few examples of possible attacks, including remotely unlocking a vehicle in order to steal it, taking control of a car and demanding a ransom from the driver, downloading personal information off a smartphone connected via USB, and pinpointing when someone is out in order to break into their home. Another possible threat would be activating cabin microphones to listen in on private conversations.
The issue of automotive cybersecurity gained nationwide attention over the summer last year when Charlie Miller, security engineer at Twitter, and Chris Valasek, director of vehicle safety research at IOActive, demonstrated how they could remotely assume control of a 2014 Jeep Cherokee by hacking into its UConnect infotainment system.
The pair managed to operate the climate control, entertainment system, windshield wipers, transmission, engine, and brakes, all with just a handful of keystrokes. Apparently, the exploit was present on a huge number of Fiat Chrysler models.
In the ensuing media frenzy, FCA issued a recall of 1.4 million vehicles, condemning Miller and Valasek for sharing information on how they performed the hack at the Black Hat security conference in Las Vegas. The pair countered that their work required peer review, and consumers needed to be informed of the dangers.
More recently, FCA made an about face and offered cash rewards to hackers who could identify potential security risks, but automotive cybersecurity is still a major issue in the car world, one that’ll only increase in importance as cars become more interconnected and autonomous.
It would appear as though most makes are woefully unprepared. Citing a survey from McKinsey & Co., Automotive News reports that only 40 percent of automakers have a dedicated cybersecurity unit, despite the recent proliferation of connected features.
And while experts in the field suggest most hackers are only after your money, there’s still the potential for terrorists to wreak havoc using a car software exploit.
Automakers need to recognize the importance of cybersecurity in new models and double down on efforts to find and patch vulnerabilities – before the products hit the streets.
Source: Automotive News