Hackers exploit software features of automotives

IntSights Reveals Automotive Software Features – Cybersecurity Points of Exposure in New Research Report

software features

Free-Photos / Pixabay

Global Threat Intelligence Firm Breaks Down Expansive Dark Web Market for Car Hacking Tools

Get Our Activist Investing Case Study!

Get the entire 10-part series on our in-depth study on activist investing in PDF. Save it to your desktop, read it on your tablet, or print it out to read anywhere! Sign up below!

Q3 2019 hedge fund letters, conferences and more

NEW YORK, October 17, 2019 - IntSights, the threat intelligence company focused on enabling enterprises to Defend Forward™, announced today the release of the firm’s new report, Under the Hood: Cybercriminals Exploit Automotive Industry's Software Features. The report identifies the inherent cybersecurity risk and vulnerabilities manufacturers face as the industry matures through a radical transformation towards connectivity.

Car manufacturers offer more software features to consumers than ever before, and increasingly popular autonomous vehicles that require integrated software introduce security vulnerabilities. Widespread cloud connectivity and wireless technologies enhance vehicle functionality, safety, and reliability but expose cars to hacking exploits. In addition, the pressure to deliver products as fast as possible puts a big strain on the security capabilities of cars, manufacturing facilities, and automotive data.

“The automotive manufacturing industry is wrought with issues, stemming from legacy systems that can’t be patched to the proliferation of vehicle connectivity and software as consumers demand more integration with personal devices and remote access,” said Etay Maor, Chief Security Officer, IntSights. “A lack of adequate security controls and knowledge of threat vectors enables attackers to take advantage of easily acquired tools on the dark web to reap financial gain. Automakers need to have a constant pulse on dark web chatter, points of known exposure, and data for sale to mitigate risk.”

Top Vehicle Attack Vectors:

  • Remote Keyless Systems
  • Tire Pressure Monitoring Systems
  • Software and Infotainment Applications
  • GPS Spoofing
  • Cellular Attacks

Automotive software features Industry: Cyber Threat Landscape Report

Introduction

The automotive industry is undergoing a transformation, as manufacturers pivot to focus on connectivity. Car manufacturers offer more software features to consumers than ever before, and increasingly popular autonomous vehicles require the use of integrated software. Cloud connectivity and wireless technologies have become widespread, and users across the world expect everything to work in a safe, reliable, and smart way.

The growing emphasis on software and connectivity in the automotive industry adds a new challenge: Cybersecurity. The pressure to deliver products as fast as possible puts a big strain on the security capabilities of cars, manufacturing facilities, and automotive data.

Hackers began to exploit vulnerabilities in automobile hardware and software around 2010. Industry leaders have since come to understand that cybercrime threats to cars were not as far-fetched as originally thought.

This report will summarize the cyber threats facing manufacturers in the automotive industry, while highlighting some of the methods cybercriminals use to infiltrate automobile infrastructure.

Hacker Motivations for Attack

The two main things that affect hackers’ motivation, regardless of their skills and knowledge are the costeffectiveness of the attack and the value of the information.

Vehicles usually have more complicated attack surfaces to penetrate compared to other options, i.e. attacks against banks or retail shops. That said, the automotive industry still has numerous attack vectors, just as any other industry: Phishing, credential leakages, leaked databases, open ports and services, insider threats, brand security, and more.

Dark Web Forums

In our research, IntSights discovered online shops that sell car hacking tools that appear on the clear web and are easy to find. These online shops sell services that disconnect automobile immobilizers, as well as services that sell code grabbers and forums that give bad actors a complete tutorial on how to steal vehicles.

The most relevant sources IntSights found for car hacking are Omerta.cc and Dublikat. These forums contained offers to buy code grabbers and tutorials for relay attacks. Additional forums that contained relevant information for car hacking are Sindikat and Nulled.to, although to a lesser degree.

Other sources include Russian websites that provide services for car hacking:

  • Carmasters.org, Autoteamsforums.ru, and ffffff.ru provide services to help disconnect immobilizers
  • forum.grabbs.org is an online shop that sells code grabbers
  • Migalki.pw shows how to scam automotive vehicles and teaches hackers how to steal them
  • Chipadla.ru provides a service for different types of firmware jailbreaking and hacking into ECUs

Cyber Threat Landscape


About IntSights:

IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the clear, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world. IntSights has offices in Amsterdam, Boston, Dallas, New York, Singapore, Tel Aviv, and Tokyo. To learn more, visit: intsights.com or connect with us on LinkedIn, Twitter, and Facebook.



About the Author

Jacob Wolinsky
Jacob Wolinsky is the founder of ValueWalk.com, a popular value investing and hedge fund focused investment website. Prior to ValueWalk, Jacob was VP of Business Development at SumZero. Prior to SumZero, Jacob worked as an equity analyst first at a micro-cap focused private equity firm, followed by a stint at a smid cap focused research shop. Jacob lives with his wife and four kids in Passaic NJ. - Email: jacob(at)valuewalk.com - Twitter username: JacobWolinsky - Full Disclosure: I do not purchase any equities anymore to avoid even the appearance of a conflict of interest and because at times I may receive grey areas of insider information. I have a few existing holdings from years ago, but I have sold off most of the equities and now only purchase mutual funds and some ETFs. I also own a few grams of Gold and Silver