API Security: Frontline Insights from the Vehicle SOC

The following content was delivered as part of a keynote during the recent APISEC CON Automotive, which focused on the impact of API security on the automotive ecosystem and highlighted the importance of ensuring safe and available APIs for the industry. A big thank you to APISEC for the opportunity to share these insights as we build a more secure and resilient future for the automotive and smart mobility ecosystem.

In the rapidly evolving automotive industry, safeguarding connected vehicles and smart mobility applications against API-based threats is paramount. Drawing from our Vehicle Security Operations Center (vSOC), this blog post delves into the critical role of vSOCs in protecting against these threats and provides practical insights into enhancing automotive API security.

The Growing Importance of vSOCs

As the automotive industry expands, so do the threats targeting connected vehicles and mobility IoT devices. Unlike traditional IT infrastructure, vehicles are constantly on the move, interacting with external systems and applications thousands of times per minute. This dynamic environment necessitates a dedicated vSOC to monitor and mitigate these unique threats effectively.

A vSOC focuses on the specific challenges of the automotive sector, protecting products such as vehicles or mobility IoT devices from cyber threats and attacks. It continuously monitors and analyzes the cybersecurity posture of vehicles and related infrastructure, aiming to detect and respond to cybersecurity threats in near real-time. By integrating systems, processes, and professional expertise, a vSOC ensures operational continuity and safety for connected vehicles and smart mobility applications.

Real-World API Threats As Seen in the vSOC

Our vSOC has encountered several API-based threats, demonstrating the need for robust API security measures. Here are some notable examples and the strategies employed to mitigate them:

Credential Stuffing Attacks

Credential stuffing involves attackers using stolen usernames and passwords from one breach to gain unauthorized access to other accounts. Our API security solution detected a spike in authentication requests, revealing an attempt to exploit reused credentials. The vSOC quickly mitigated this by blocking unsecured accounts and invalidating compromised tokens, preventing potential data leaks and unauthorized vehicle commands.

Unauthenticated API Calls

Unauthenticated API calls occur when security measures are insufficient, often due to oversight or rapid development processes. Our vSOC discovered internal APIs with unauthenticated endpoints, exposing sensitive data. Taking a shift-left approach, this risk was mitigated by requiring tokens for access.

Broken Object Level Authorization (BOLA)

BOLA exploits vulnerabilities in authorization, allowing attackers to access unauthorized data. Our vSOC identified a threat actor manipulating IDs to bypass security checks and access vehicle data. By detecting this activity and promptly addressing the vulnerability that allowed access, we prevented potential data breaches and unauthorized vehicle commands.

Enumeration Attacks

Enumeration attacks involve systematically querying a system to discover valid identifiers, like Vehicle Identification Numbers (VINs). Our vSOC detected an attacker inputting sequential VINs in an attempt to uncover user identifiers. By identifying and mitigating this attack, we protected sensitive user information and internal systems.

As the automotive industry continues to innovate, the need for robust cybersecurity measures becomes increasingly critical. By implementing a dedicated vSOC, organizations can effectively monitor and protect their vehicles and infrastructure from evolving cyber threats. Through real-world examples and mitigation strategies, we have highlighted the importance of API security and the comprehensive approach required to safeguard the future of mobility.