Elon Musk recently voiced the darkest fears of automotive original equipment manufacturers (OEMs) and fleet managers, when he said that “one of the biggest concerns for autonomous vehicles is somebody achieving a fleet-wide hack.”
The vulnerabilities of vehicle fleets lie in its architecture, which includes:
Each part of this architecture can be used as an attack vector for a fleet-wide hack. And there is already evidence of these threats materializing into attacks on each level.
Large-scale theft: In 2016, a pair of hackers in Houston, Texas, stole more than 30 Jeeps over a six-month period. It is a matter of time until hackers can cause even more damage and attempt to unlock a fleet of cars in one shot. As Kaspersky researchers showed, the black market is already showing an interest in connected car app credentials, including usernames and passwords, as well as PIN numbers and Vehicle Identification Numbers (VINs) for different makes and models of car. The going rate is hundreds of dollars per account.
Servers can be targeted and hacked into too, as was the case this past May when Renault-Nissan fell victim to the WannaCry ransomware attack, causing five of their plants to completely shut down operations for the duration of the attack.
Earlier this year, researchers from Kaspersky Labs were able to conduct a man-in-the-middle attack and hack into different connected-car Android apps to exploit security vulnerabilities that enabled them to locate a car, unlock it, and in some cases, even start its ignition. And although iOS is generally considered harder to hack, security researcher Samy Kamkar already showed how he could use a small piece of hardware hidden in a car to wirelessly intercept credentials from iOS apps like GM’s OnStar, Chrysler’s UConnect, Mercedes-Benz mbrace, and BMW’s Remote.
An attack on any of these levels in the fleet architecture can have devastating effects:
An effective security solution for car fleets needs to go beyond focusing only on the car to analyze the complete picture of the fleet. It needs to be able to capture and understand the data from all the levels of the fleet architecture – car, driver, app and server – as well as get the context of the events to detect anomalies in the fleet-level behavior.
Upstream is the first cloud-based solution for securing connected and autonomous fleets – both OEMs and after-market fleets. Upstream’s solution encompasses cyber security protection, fraud detection and vehicle and driver insights analytics. The 100% non-intrusive solution enables seamless integration.
Click here learn more about Upstream’s solution.
CEO and Co-founder