As automakers improve the driving experience with digital technology, they also open up new avenues for attack. The good news is that these avenues are too advanced for the average “script kiddie." They are, however, by no means beyond the abilities of well-funded experts, as many hackers are these days.
In fact, one automaker contracted my firm well before the headline-grabbing Jeep Cherokee hack last summer to conduct an advanced attack on their entire enterprise. Within four weeks, our ten-person team of ethical hackers was able to gain access that would have allowed us to interfere with both corporate and manufacturing networks as well as conduct unauthorized interactions with the vehicles.
This ever-expanding attack surface of connected cars exposes significant risk to drivers’ safety, but it is also a serious threat to private customer and enterprise data. To maintain the public’s confidence, automotive manufacturers must develop proactive solutions that address major issues beyond the vehicle itself.
Understanding The Attack Surface
A connected car’s attack surface is broad and continuously changing. For example:
Corporate networks: Phishing attacks or attacks against insecure Wi-Fi and remote access connections, websites, partner and vendor networks, and the physical perimeter can give a cybercriminal a foothold into the entire corporate network. Attackers could then seek to escalate privileges to obtain broad access to protected resources such as the software development environment or other sensitive information about the car and customer information. Once broad privileges are obtained, hackers can discretely perform unauthorized actions including stealing, deleting, or corrupting data, as they have in high-profile retail, healthcare, manufacturing, and pharma cases over the past several years.
Manufacturing networks: Other industries have experienced attacks by cybercriminals -- including nation states -- targeting industrial control systems to destroy equipment, disrupt operations, and corrupt data. Once a hacker has breached an organization, she/he can use the company’s own software distribution tools to broadly push out malware and other back-door laden software, even to the cars themselves.
Cars: Cellular, Bluetooth, and infrared key fob technologies provide interfaces over which hackers can gain remote control. The information flowing to and from the car has already been the subject of successful hacks.
Aftermarket networks: Devices and applications substantially expand and change the attack surface. Besides reverse engineering applications, hackers can socially engineer a breach by mailing infected dongles disguised as software upgrades, safe driving add-ons, or fleet-management tools packaged like they are from the manufacturer, tricking drivers into inserting the dongle into the car’s On Board Diagnostic port.
Internal and External Threats: Automakers can better understand their risks and prioritize security efforts by understanding the most likely attacker motives. For example, the Jeep hack resulted in a recall of approximately 11 million vehicles, and Chrysler’s stock dropped 6.4% the day after the recall, before rebounding. An enterprising criminal could use that window to short-sell the stock before the hack and make millions. Alternatively, hacktivists could also publicize vulnerabilities as a means of protest, using public fear and the market as a political tool. In a worst-case scenario, terrorists could use remote control to cause injury.
Within the car industry, security executives must take an integrated – not siloed – approach to managing risk because once inside any of the networks below, attackers can pivot into any other. As the connected car market evolves, so too will attacker motives and attack vectors. This will require mature threat assessments and intelligence programs that identify and rank threats by relevance to sector-specific data, company-specific data (including a company’s history with certain attack or protest groups), geo-political trends, and the security posture of the company’s vehicles. It is only in the context of such a program that companies can align their security efforts with the most likely threats and budget accordingly.
A Holistic Approach to Governance
Modern cyber governance requires a top-down approach and dedicated investment. Automakers must assess the organizational structures that underlie their risk mitigation efforts and the processes they use to identify risks. Security officers will need to:
- Eliminate silos by pursuing a holistic approach to securing interconnected corporate, manufacturing, vehicle management, supply chain, and aftermarket networks. This will include exercises that force groups to work collaboratively and strong leadership from a central executive function, such as the CISO, responsible for risk across all components and departments.
- Instill a security culture that values routinely exposing vulnerabilities in order to create a robust cybersecurity posture by running ethical hacking exercises and studying potential criminal behavior. Look to professionals for this – people who know exactly how real hackers exploit technology and human weaknesses to achieve their goals, and have no intra-corporate political constraints on what code or processes they are willing to break or challenge.
- Create a continuous cycle of improvement by identifying, exploiting, and remediating vulnerabilities. Then repeat. Hackers always seek new exploits. To stay ahead, so should automakers.
Such a resilience-building model that unifies the security ecosystem and continuously seeks to identify possible new exploits is the best way for automakers to keep their customers safe and mitigate their own enterprise risk. Automakers must, in essence, hack themselves.