Cyber-Hijackers 2

This is the second part of the ‘Cyber-Hijackers’ article series. Here I am describing the Impact of automobile cyber threats and the Future of automobile hacking. To get a better understanding, read part 1 of this article series: https://medium.com/@Shehan_Franciscu/cyber-hijackers-b87420bb862e

What is the impact?

The effect of an attack refers to the outcome of the attack. Many cyber events can have a variety of effects on the target. The following map shows the impacts of automobile cyber attacks between 2010 and 2020 that 30 percent of occurrences have involved infringed data and privacy, while break-ins and theft of cars accounted for 28.14%

• Data and Privacy breaches

“In 2020, the average cost of a data breach was USD 3.86 million”. In this sector, the average time to detect and contain a violation was 9 months. Hackers usually exploit data to sell it for a profit. A shocking case was released in August 2020, in which Departments of Motor Vehicles across the United States sold drivers’ details. According to reports, the California DMV alone made USD 50 million per year from the selling of this data.

In August 2020, a marketplace inside the dark web offered lots of personal data points belonging to French motorists for Euro 10 per identity. The personal details of 3.5 million Zoom car users have been made public.

• Car theft & Break-ins

Car robberies, which accounted for 28 percent of all accidents in 2020, were one of the most significant effects of cyber incidents over the last decade. Car theft is a thriving “market” for criminals, with increasing numbers registered globally. In 2020, car thefts in the United Kingdom increased by 60%. A gang of robbers in India was apprehended in September 2020 for robbing over 100 vehicles using electronic devices. “Two Toyota Tacoma trucks and a Toyota 4Runner truck were stolen from Canadian driveways in January 2020 after hackers allegedly reprogrammed the vehicles’ keyless push-start ignition.” According to a February 2020 survey, car-sharing apps were also used to steal vehicles in 2020, with 75 of the 200 auto thefts reported to authorities in Washington, D.C. using the car-sharing app. Get out there and rent out their personal vehicles to augment their profits.

• Control & Manipulate Car Functions

Researchers discovered 19 security flaws in a Mercedes-Benz connected in February 2020. They were able to obtain access to the car’s back-end servers, allowing them to remotely track the vehicle. A hacker installed a video game on a Mercedes W203’s infotainment device in October 2020 and programmed various controls inside the car to improve his gaming experience. According to experts, other attacks highlighted very severe threats that could have disastrous consequences. The findings were published in the journal Cybersecurity Week.

• Financial Damage

Automotive cyber-attacks can have both direct and indirect financial ramifications, many of which are severe. Direct expenses include recalls, manufacturing shutdowns, ransomware fees, and stolen automobiles or accounts. Due to a ransomware attack on its networks in Europe and Japan, Honda was forced to cease production at some of its operations in June 2020. A ransomware attack reached 1,000 servers of an Australian business in February 2020.

The same company was hit with another ransomware attack in May 2020, prompting it to pack up a range of its IT systems. Hidden expenses include stolen trade secrets, reputation damage, and pirated vehicle updates and services. After copying 14,000 data, including product prototypes, to his laptop, a former Google engineer who worked on the company’s autonomous vehicle division pleaded guilty to stealing trade secrets in August 2020. He started his firm, which was bought out by Uber, prompting Google to sue Uber in 2017 on the basis that Uber had acquired the prior engineer’s company to retrieve the stolen materials. In July 2020, it was announced that Tesla has filed a lawsuit against EV company starter Rivian and four former workers for allegedly obtaining trade secrets via new personnel. Brand image damage has a direct influence on sales, albeit this is often difficult to quantify. According to a 2020 report, 84 percent of Buyers would not order another car from a retailer if a hack had infected their records in the previous year.

❖ Future of the Automobile Hacking

According to a new report by Uswitch, “cyber-attacks on connected cars have risen by 99 percent in 2019”. The “online and telephone comparison and switching service” has established 4 major methods in which cars are often hacked, ranging from app flaws & data theft to keyless auto theft and even remote vehicle control.

Currently, approximately 67 percent of all new vehicles sold are linked in some way, but that figure is projected to increase to 100 percent by 2026, implying that vulnerabilities must be minimized. Automobile cybersecurity has been identified as vital by stakeholders in the automotive industry, including OEMs and external regulatory organizations. As a result, the automotive cybersecurity market is likely to increase significantly, with McKinsey estimating a leap from 4.9 billion USD in 2020 to 9.7 billion USD by 2030.

•Deep web and dark web activities

Deep web material is not publicly available via conventional browsers and search engines index. Links to the dark web involve anonymous forums that require registration (or even personal vouching). In May 2020, a hacker gained access to the entire contents of a GitLab server belonging to corporate email provider Daimler and shared it on various file-sharing sites. The story was first shared on the hacker Telegram channel, but it was widely publicized a day later on prominent tech sites such as ZDNet. The server housed 580 repositories for the component, which included photographs, code, comprehensive documentation, and development environments.

Within the deep and dark web, there are various ways to interact with content and other users. Automotive-related material can be found in forums, marketplaces, chat apps, and paste pages on the deep and dark web.

Many vehicles related cyber threats have been discovered and addressed on the deep and dark web, and they may constitute a significant portion of potential cyber threats to the automobile industry. as well as:

•Infotainment hacking, CAN-bus reverse engineering, chip tuning, and program hacks or unauthorized upgrades

•The sale or release of OEM-related information and credentials obtained via data breaches.

•Discussions and sales of equipment for vehicle theft or alteration, such as key signal grabbers, key-fob programmers, GPS jammers, radar detectors, and other similar products.

•Hacking or theft involving car-sharing or ride-sharing accounts and the sale of bogus driver’s licenses or auto insurance.

Cyber-Hijackers Part 3 will be discussed safeguards and countermeasures for all those risks. Stay tuned for more related articles. Thank you!

Keeping updated with new technology and technology news can be a real help to avoid being attacked by a bad hacker. Any technology gives us lots of benefits, but all of them embed with high — risky vulnerabilities which open the gate to dangerous cyber-space. Always, the Risk is yours !!!

Written by Shehan Fransciscu — Cyber Security undergraduate — SLIIT