With demand for automotive cybersecurity solutions growing, publicly disclosed security flaws from the Common Vulnerabilities and Exposures (CVEs) database shows an increase in related risks.
Last year, the automotive-related cybersecurity vulnerabilities increased a record 321% to 139 from 2020’s figure of 33, according to a new report published by Upstream, a cybersecurity and data management platform for connected vehicles.
In 2019, the reported vulnerabilities stood at 24, with the report noting that incidents were segmented in both physical access and remote access. For physical attackers, malicious actors required physical access to hit the target, while remote access needed the hackers to attack from a short or long distance.
Servers the most common attack vector
The report acknowledges that 2021 recorded a surge in sophisticated attacks with hackers exploiting various avenues.
Servers emerged as the most common attack vector at 40.1%, followed by crucial fob at 26.3%. Other attack vectors include mobile apps (7.3%), Wifi (2.9%), and in-vehicle networks (2.7%).
The attacks also impacted some government infrastructure like New York City’s subway and bus transit system that was targeted in a ransomware attack. Although the attack did not involve financial demands, it highlighted the sophisticated attacks facing major U.S. infrastructure.
In general, automotive security concerns are still emerging with the increased incorporation of wireless technologies in vehicles. Consequently, it has resulted in severe security concerns.
According to Upstream, solutions that offer the most convenience to consumers are the ones easily exploited by hackers.
Electric vehicles most susceptible
The study noted that electric vehicles are the most vulnerable to attacks, considering the growing market. For EVs, they are also facing risks posed within the electric vehicles charging station. Interestingly, the shortcomings can potentially affect different EVCS components.
The report comes after a new expose showed that Tesla, a leading EV manufacturer had its vehicles remotely accessed due to security bugs found in an open-source logging tool.
Although no high-profile hacks have been reported, it raises questions on the technologies being used by the vehicles and how secure consumers are.
The report recommends that cybersecurity firms address all vulnerabilities, even those with low and medium scores.