Drive using smartphone. Automotive technology concept. Infotainment, navigation communication device
It’s getting worse and drivers need to be worried. While all those electronics packed into today’s vehicles provide an array of infotainment, safety and performance capabilities, they’ve increasingly become prime targets of cybercriminals using technology to invade those electronics to steal personal and financial information, and profit from it.
Indeed, as automakers increasingly rely on service subscriptions as an additional revenue stream, motorists are likewise more vulnerable to theft of their personal or financial information from cybercriminals.
A new report by Israel-based Upstream Security reveals in 2010 and 2023 there were 1,468 automotive and smart mobility cybersecurity incidents but there were 295 in just 2023.
Graphic from Upstream Security 2024 Global Automotive Security Report showing rise in automotive ... [+]
Not only is the number of reported incidents growing, so is the sophistication of the attacks.
Shira Sarid-Hausirer, vice president of marketing at Upstream Securities making a presentation to ... [+]
“What changed in 2023 is the percentage of long-range attacks. Long range essentially means that it doesn't matter where you are in the world and you can execute the attack,” said Shira Sarid-Hausirer, vice president of marketing at Upstream during a media briefing at the company’s Ann Arbor, Mich. office. “You can be a mile away and you can be 10,000 miles away, it has no meaning and that has gone up from 70% to 85%. The more you can be distant from the asset the wider the scale of impact that you can make.”
The areas cybercriminals target are called attack vectors. As seen in the graphic below, telematics and cloud data are the prime attack vectors, accounting for 43% of the attacks in 2023 compared with 35% a year earlier.
Graphics from Upstream Security 2024 Global Automotive Cybersecurity Report showing key targets of ... [+]
To fight these attacks it’s imperative to understand those attack vectors—cybercriminals’ key targets, explained Giueseppe Serio, Upstream vice president market development.
“So if you think about cybersecurity there's two perspectives—waiting for an attack to happen and then mitigate as quick as you can to reduce the risk or you can minimize the risk before it happens by understanding how these hackers think, what they're targeting, where are they heading, how are they planning to make money, right? Because we know that the biggest motivation is financial,” explained Serio during the media briefing.
Graphic from Upstream Security 2024 Global Automotive Cybersecurity Report showing financial impact ... [+]
With their advanced electronics and need to connect at times with public chargers that are on a network EVs are especially vulnerable to cyberattacks.
The potential total vulnerability of the EV fleet is up to $50 million including attacks that could spark recalls, updates or legal actions.
To beef up its cybersecurity arsenal Upstream has turned to the same weapon hackers are using to commit their crimes—generative artificial intelligence, or GenAI. It’s a form of AI that can generate various forms of content from data.
“Generative AI can be thought of as a machine-learning model that is trained to create new data, rather than making a prediction about a specific dataset,” explained a report by the Massachusetts Institute of Technology.
Just as users of AI tools like ChatGPT can ask a question and watch as a report or other text appears on the screen, cybercriminals are using GenAI to increase the scope and efficiency of their attacks.
“So the 50% of incidents that were reported last year had the potential to impact thousands or even millions,” said Sarid-Hausirer. “If we add GenAI into the mix, this number will change dramatically. It's hard to say whether it's going to be 60% or 80%. Only time will tell but the more generative AI penetrates the ecosystem the more it will see the impact.”
Upstream’s GenAI tool is called Ocean AI. It gives the company the ability to provide cybersecurity risk remediation as it monitors millions of connected vehicles and billions of electronic transactions each month, according to the company.
Upstream Security vehicle security operations center-vSOC, at its Ann Arbor, Mich. offices where ... [+]
At the new vehicle security operations center, or vSOC, at its Ann Arbor offices, Ocean AI is put into use to attempt to thwart the onslaught of cyberattacks on a level playing field in a way similar to a student asking AI to spit out a research paper.
“It enables the analysts to ask any question they want, question the data, query the data in a very effective way without having to write a single SQL (structured query language) or any type of other query in an engineering perspective,” explained Sarid-Hausirer. “So that's where we bridge the gap. Now the result is time to remediation. Now we're down to minutes.”
Yoav Levy, Upstream co-founder and CEO speaking with reporters during media briefing at company ... [+]
Upstream’s CEO Yoav Levy has the growing number of Chinese-made vehicles on his mind, wondering if they’ll mirror concerns that popular Chinese social media app TikTok harvests massive amounts of personal data from its users.
“When I look at it, I'm thinking… is this like TikTok number two on wheels?” Perhaps that’s a good question to ask GenAI.
