Why hackers target cars

For a hacker looking for ways to compromise computer systems, the immediate future is a bit of a smorgasbord offering myriad connected IoT gadgets and electric vehicles feeding into the power grid. 

“Electrification broadens the possible threats. We’re talking about all vehicles being connected in what is known as vehicle to grid, or V2G for short, which is to help society with its energy supply. This means communication has to take place when the vehicle is connected,” explains Tomas Bodeklint, a research and business developer at RISE. 

Connected cars are just like any other devices 

Bodeklint compares the modern connected car to any other mobile device. Connected to the cloud not only via wireless interfaces such as 4G and 5G, but also via Bluetooth and Wi-Fi. 

“What electrification adds to these systems is another attack vector. We can compare it to connecting a network cable to the vehicle when charging its battery.” 

Moreover, there are many public charging points where the user is unlikely to have a good grasp of possible cyber threats. 

“This could be at restaurants or shopping centres, but even at home. People connect their vehicles to their smart homes to easily transfer maps or Spotify playlists. This enlarges the attack surface. It offers more connectivity options for accessing vehicles and making inroads via various apps.” 

Different types of attackers carry out cyber attacks 

What types of attackers are there? Bodeklint says that the entire spectrum is represented but can be roughly divided into three different groups. 

1. State-sponsored actors. This type has been particularly visible during the war in Ukraine, which has seen increased cyber attacks. The focus is on disrupting society, such as by attacking payment or booking systems for public transport. In a future with, say, automated ports or logistics centres with autonomous vehicle fleets, a cyber attack could prove far more effective than a conventional attack. 
2. Ransomware attacks. Hackers who want to make money by locking data — and maybe even vehicles — and demanding a ransom. Or by stealing information to then sell. What value would we assign a database containing all of a manufacturer’s vehicles and their owners’ personal data? 
3. “Ordinary” thieves. Thieves who simply want to steal a car or the valuables inside a car. Or people who simply enjoy the challenge of hacking a vehicle. 

New global regulation to detect cyber attacks 

Vehicle manufacturers are facing the introduction of a new global regulation on cyber security that will apply to all newly produced vehicles as of 1 July 2024. This will require, for example, a CSMS* and systems to automatically detect and defend against cyber attacks. 

“Here at RISE, in our cyber security research work we look at things such as how systems can handle threats automatically,” says Bodeklint. 

This requires systems that use AI technologies like machine learning to monitor data sets and detect suspected attacks. 

“So, how can you handle something like this automatically and enter a safe mode? Understandably, a vehicle manufacturer can’t handle such attacks manually, there needs to be an automated system that helps to flag such incidents.” 

Cyber security needs to encompass all operations 

Bodeklint says that today’s software-based vehicles make it especially important for cyber security to be something that encompasses the entire operations of a vehicle manufacturer. 

“It’s not just security personnel who should know about this, but rather the entire organisation needs to keep it in mind when designing vehicles. Everyone who writes software for vehicle functions. Everyone needs to be aware of how cyber security works and how it affects their software. It needs to be incorporated right from the start, it can’t be added as an afterthought.”