IntSights Reveals Automotive Software Features – Cybersecurity Points of Exposure in New Research Report
Global Threat Intelligence Firm Breaks Down Expansive Dark Web Market for Car Hacking Tools
NEW YORK, October 17, 2019 - IntSights, the threat intelligence company focused on enabling enterprises to Defend Forward™, announced today the release of the firm’s new report, Under the Hood: Cybercriminals Exploit Automotive Industry's Software Features. The report identifies the inherent cybersecurity risk and vulnerabilities manufacturers face as the industry matures through a radical transformation towards connectivity.
Car manufacturers offer more software features to consumers than ever before, and increasingly popular autonomous vehicles that require integrated software introduce security vulnerabilities. Widespread cloud connectivity and wireless technologies enhance vehicle functionality, safety, and reliability but expose cars to hacking exploits. In addition, the pressure to deliver products as fast as possible puts a big strain on the security capabilities of cars, manufacturing facilities, and automotive data.
“The automotive manufacturing industry is wrought with issues, stemming from legacy systems that can’t be patched to the proliferation of vehicle connectivity and software as consumers demand more integration with personal devices and remote access,” said Etay Maor, Chief Security Officer, IntSights. “A lack of adequate security controls and knowledge of threat vectors enables attackers to take advantage of easily acquired tools on the dark web to reap financial gain. Automakers need to have a constant pulse on dark web chatter, points of known exposure, and data for sale to mitigate risk.”
Top Vehicle Attack Vectors:
- Remote Keyless Systems
- Tire Pressure Monitoring Systems
- Software and Infotainment Applications
- GPS Spoofing
- Cellular Attacks
Automotive software features Industry: Cyber Threat Landscape Report
The automotive industry is undergoing a transformation, as manufacturers pivot to focus on connectivity. Car manufacturers offer more software features to consumers than ever before, and increasingly popular autonomous vehicles require the use of integrated software. Cloud connectivity and wireless technologies have become widespread, and users across the world expect everything to work in a safe, reliable, and smart way.
The growing emphasis on software and connectivity in the automotive industry adds a new challenge: Cybersecurity. The pressure to deliver products as fast as possible puts a big strain on the security capabilities of cars, manufacturing facilities, and automotive data.
Hackers began to exploit vulnerabilities in automobile hardware and software around 2010. Industry leaders have since come to understand that cybercrime threats to cars were not as far-fetched as originally thought.
This report will summarize the cyber threats facing manufacturers in the automotive industry, while highlighting some of the methods cybercriminals use to infiltrate automobile infrastructure.
Hacker Motivations for Attack
The two main things that affect hackers’ motivation, regardless of their skills and knowledge are the costeffectiveness of the attack and the value of the information.
Vehicles usually have more complicated attack surfaces to penetrate compared to other options, i.e. attacks against banks or retail shops. That said, the automotive industry still has numerous attack vectors, just as any other industry: Phishing, credential leakages, leaked databases, open ports and services, insider threats, brand security, and more.
Dark Web Forums
In our research, IntSights discovered online shops that sell car hacking tools that appear on the clear web and are easy to find. These online shops sell services that disconnect automobile immobilizers, as well as services that sell code grabbers and forums that give bad actors a complete tutorial on how to steal vehicles.
The most relevant sources IntSights found for car hacking are Omerta.cc and Dublikat. These forums contained offers to buy code grabbers and tutorials for relay attacks. Additional forums that contained relevant information for car hacking are Sindikat and Nulled.to, although to a lesser degree.
Other sources include Russian websites that provide services for car hacking:
- Carmasters.org, Autoteamsforums.ru, and ffffff.ru provide services to help disconnect immobilizers
- forum.grabbs.org is an online shop that sells code grabbers
- Migalki.pw shows how to scam automotive vehicles and teaches hackers how to steal them
- Chipadla.ru provides a service for different types of firmware jailbreaking and hacking into ECUs
IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the clear, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world. IntSights has offices in Amsterdam, Boston, Dallas, New York, Singapore, Tel Aviv, and Tokyo. To learn more, visit: intsights.com or connect with us on LinkedIn, Twitter, and Facebook.