API Security: Frontline Insights from the Vehicle SOC

SHAKED EDRI

Data Analyst Team Leader

August 1, 2024

The following content was delivered as part of a keynote during the recent APISEC CON Automotive, which focused on the impact of API security on the automotive ecosystem and highlighted the importance of ensuring safe and available APIs for the industry. A big thank you to APISEC for the opportunity to share these insights as we build a more secure and resilient future for the automotive and smart mobility ecosystem.

In the rapidly evolving automotive industry, safeguarding connected vehicles and smart mobility applications against API-based threats is paramount. Drawing from our Vehicle Security Operations Center (vSOC), this blog post delves into the critical role of vSOCs in protecting against these threats and provides practical insights into enhancing automotive API security.

The Growing Importance of vSOCs

As the automotive industry expands, so do the threats targeting connected vehicles and mobility IoT devices. Unlike traditional IT infrastructure, vehicles are constantly on the move, interacting with external systems and applications thousands of times per minute. This dynamic environment necessitates a dedicated vSOC to monitor and mitigate these unique threats effectively.

A vSOC focuses on the specific challenges of the automotive sector, protecting products such as vehicles or mobility IoT devices from cyber threats and attacks. It continuously monitors and analyzes the cybersecurity posture of vehicles and related infrastructure, aiming to detect and respond to cybersecurity threats in near real-time. By integrating systems, processes, and professional expertise, a vSOC ensures operational continuity and safety for connected vehicles and smart mobility applications.

Real-World API Threats As Seen in the vSOC

Our vSOC has encountered several API-based threats, demonstrating the need for robust API security measures. Here are some notable examples and the strategies employed to mitigate them:

Credential Stuffing Attacks

Credential stuffing involves attackers using stolen usernames and passwords from one breach to gain unauthorized access to other accounts. Our API security solution detected a spike in authentication requests, revealing an attempt to exploit reused credentials. The vSOC quickly mitigated this by blocking unsecured accounts and invalidating compromised tokens, preventing potential data leaks and unauthorized vehicle commands.

Unauthenticated API Calls

Unauthenticated API calls occur when security measures are insufficient, often due to oversight or rapid development processes. Our vSOC discovered internal APIs with unauthenticated endpoints, exposing sensitive data. Taking a shift-left approach, this risk was mitigated by requiring tokens for access.

Broken Object Level Authorization (BOLA)

BOLA exploits vulnerabilities in authorization, allowing attackers to access unauthorized data. Our vSOC identified a threat actor manipulating IDs to bypass security checks and access vehicle data. By detecting this activity and promptly addressing the vulnerability that allowed access, we prevented potential data breaches and unauthorized vehicle commands.

Enumeration Attacks

Enumeration attacks involve systematically querying a system to discover valid identifiers, like Vehicle Identification Numbers (VINs). Our vSOC detected an attacker inputting sequential VINs in an attempt to uncover user identifiers. By identifying and mitigating this attack, we protected sensitive user information and internal systems.

As the automotive industry continues to innovate, the need for robust cybersecurity measures becomes increasingly critical. By implementing a dedicated vSOC, organizations can effectively monitor and protect their vehicles and infrastructure from evolving cyber threats. Through real-world examples and mitigation strategies, we have highlighted the importance of API security and the comprehensive approach required to safeguard the future of mobility.

Newsletter Icon

The 2024 Global Automotive Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

From Cost Center to Value Center: Monetizing Connected Vehicle & Mobility Data in the AI Era (Part 3)

In Part 1 and Part 2 of this series, we discussed the transformative journey of the automotive industry as OEMs evolve from traditional car manufacturers…

Read more

EV CPO Under Siege: A New Attack Exposed the Cybersecurity and Privacy Risks of EV Charging Networks

As the EV revolution accelerates, the spotlight often falls on sustainability, innovation, and range anxiety. However, an underexplored yet critical concern is the cybersecurity of…

Read more

Connecting the Dots: Integrating Auto-ISAC’s ATM with Deep & Dark Web Intelligence for Proactive Automotive Cybersecurity

In March 2024, Auto-ISAC released a significant resource for the automotive industry’s cybersecurity: the Automotive Threat Matrix (ATM). This is an important milestone for Auto-ISAC…

Read more

Breaking the (Supply) Chain: The Macroeconomic Stakes of Cybersecurity in Fleet Telematics

In an era where smart mobility and connected technologies are revolutionizing the automotive industry, reliance on telematics and IoT devices to manage fleet operations has…

Read more
Skip to content