Q1 2019 Sees a Rapid Growth of Automotive Cyber Incidents


May 5, 2019

The cyber threats targeting the automotive landscape have been opening eyes for the past few years – and for a good reason. Unlike cyber threats in general, which are perceived to be harmful but are limited to the “online” domain, cyber threats against cars have a direct, physical impact on us as individuals.

At Upstream, we’ve been examining this topic from the very beginning. Our goal is to demystify this rapidly growing sector of cybersecurity. The research team here at Upstream has been busy answering the challenges of classifying and analyzing multi-year data and summarizing the facts and figures into a first-of-its-kind report. The report covered the entire “attack continuum”, the core vectors ripe for attack, and the impact upon various stakeholders.

With Q1 of 2019 behind us, our team is committed to examining the latest findings, discerning the trends that emerge from the data, and witnessing whether we were correct in our predictions.

Finding #1: The total number of incidents is on a sharp rise

Our research has identified 51 incidents in Q1 2019, compared to 15 incidents occurring in the same period last year, representing an increase of more than 300% in reported incidents. This growth is similar to another prominent phenomena in cybersecurity – ransomware, which was growing at a 350 percent annual rate (as cited in a recent study by Cisco). Ransomware attacks have also targeted the automotive sector in several high profile incidents, which goes to show that this sector now suffers from the same setbacks as the rest of the industry.

Finding #2: Black Hat (malicious) hackers are tipping the scales, and now account for nearly three quarters of all incidents

Incidents involving Black Hat (malicious) hackers have risen to 72% in Q1. Last year, the percentage of Black Hat and White Hat were nearly identical, at 55/45 percent, respectively. This is a clear indication that perpetrators are now well aware of the potential gains in automotive hacking via a variety of methods.

Finding #3: Popular Attack Vectors: Remote Keyless Entry systems are now the favored attack vector, accounting for nearly half or reported attacks (47%)

Automotive security has made lots of inroads since automotive crime peaked in the latter part of the 20th century. However, all these security layers amount to nothing, when you see how today, systems are being circumvented by hackers utilizing widely available digital devices.

Keyless Entry systems add to the already crowded space of automotive security concerns.

The popular news site, SUN, dispatched a team to steal cars (with permission of course) using a cheap electronic gadget. Keyless vehicles were discovered to be a breeze to steal. Using this inexpensive device (which is legal to own), cars were compromised within seconds.

Servers – The backend of mobility is also vulnerable

Attacks against servers are the second most common attack vector in Q1, and now account for about 17% of reported incidents. Servers are the “Backend” of the mobility revolution and the potential consequences of a hacked server are far more sweeping than hacking a single vehicle.

One significant example is a major vulnerability in two popular smart alarm systems, that allowed potential hackers to track the vehicles, unlock their doors and, in some cases, cut off the engine. A security research team uncovered authentication issues in the alarm systems made by Viper and Pandora Car Alarm System, two of the largest smart car alarm makers in the world. The two brands have as many as 3 million customers between them. The researchers showed that both applications’ API didn’t properly authenticate for update requests, including requests to change the password or email address. This means that cyber criminals could potentially have unrestricted access to vehicles through the vehicle’s onboard telematics component.

All the researchers needed to do was send the request to a specific host URL and they were able to change an account’s password and email address without notifying the victim that anything had happened. Once they had gained access to the account, the researchers had full control over the smart car alarm. This allowed them to learn where a car was and unlock it, but more crucially, to take control over its motor functions.

However, attacks against servers are not always targeting vehicles. For instance, a large parking garage in Canada was a target for Ransomware that decrypted the accessed files on the server and demanded ransom. This had resulted in disabling the attendant system, meaning that all drivers in the 1,000-space lot did not require ID and therefore they could park for free.

Mobility-related apps are ever so popular, but many leak information or cause mishaps.

Incidents involving mobility related apps are now the third most frequent, and account for 6% of the total number of incidents. Mobile apps, generally speaking, are not considered to have robust security. Numerous apps have been found to leak information or enable 3rd parties to access sensitive data.

Apps (or more accurately, the vulnerability in apps) have been used to break into parked vehicles. In rare security camera footage from Tulsa, Oklahoma, a man is shown to be standing next to a parked car, fiddling around with an app on his mobile phone until he is able to open the car door.

Finding #4: The potential negative impact of cyber activities upon vehicles is becoming evident

Car theft

40% of cyber activities against vehicles resulted in car theft, which makes it the category with the greatest impact on mobility.

Service/Business disruption

17% of incidents caused service or business disruptions, signaling that the rapid adoption of mobility without proper security could have catastrophic consequences.

Control car systems

14% of incidents involved manipulation of control car systems, such as a demonstration by researchers from Tencent that showed how they could manipulate a Tesla Model S’ Autopilot system. They showed that they could control the steering system via the Tesla Autopilot system using a wireless gamepad, even when the Autopilot system wasn’t driver-activated.

1 in 10 mobility-related cyber incidents are data breach related

In the last few weeks of Q1’ 2019, details of over 3 million Toyota and Lexus car owners were breached. The company would not divulge what type of information was compromised. However, the investigation is ongoing to see if any of the data was exfiltrated.

Why steal the vehicle when you can simply use it for fraudulent means?

5% of incidents are related to fraudulent, illegal activities. Ride sharing services like Uber and Lyft serve millions of people and conduct numerous transactions, and as such, could be utilized for the purpose of money laundering.


As we learn from the data, there is an undeniable increase in both the quantity and severity of incidents. We witness more incidents involving Black Hat hackers, that are focusing their efforts on stealing not only the cars, but their data or manipulating and disturbing the mobility service providers via other means.

All the incidents are available online and are regularly updated on Upstream’s website. Please subscribe to our mailing list to receive updates on the most updated incidents.

Newsletter Icon

Upstream’s 2024 Global Automotive Cybersecurity Report

Newsletter Icon

to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Mike Lexa Joins Upstream Security Advisory Board to Accelerate Cybersecurity Resilience in the Automotive & Mobility IoT Sector

The mobility ecosystem is experiencing a profound digital transformation. The increasing reliance on mobility services and Internet of Things (IoT) devices is not just reshaping…

Read more

7 Key Financial Implications of Automotive Cybersecurity Risks

In June 2023, a leading Taiwan-based semiconductor manufacturer disclosed a cybersecurity incident involving a ransomware group and one of its IT hardware suppliers, which led…

Read more

Newly Discovered IoT Vulnerabilities in ELDs Raise Risk for Fleet-Wide Attacks

In late March 2024, The Register published a unique coverage, describing multiple new vulnerabilities and elaborating on the cyber risks in ELDs (electronic logging devices)…

Read more

Navigating the Evolving Automotive Cybersecurity Regulatory Landscape

The automotive industry’s digital transformation has ushered in an era of unprecedented connectivity and technological advancement. Yet, it is also exposing mobility assets to a…

Read more