CASE EVs may open up a ton of possibilities – but they open a ton of cybersecurity risks for hackers to exploit, too!
“CASE” stands for “connected, autonomous, shared, and electric,” and it doesn’t take a ton of imagination to realize how dangerous an autonomous vehicle could be if bad actors took control of it – and that goes above and beyond just “hacking” a new key.
With cybersecurity incidents involving CASE vehicles increasing, a Deloitte Canada report has outlined the risks we may face and offers a proactive strategy for industry stakeholders that can help them ensure a safer mobility ecosystem.
The report, titled “Connecting Canada: Securing the vehicles of the future,” warns that automotive cybersecurity technology needs to stay ahead of threat actors all along the supply chain. The report details how safety measures should be developed and applied as transportation tech becomes more complex — and becomes more able to put drivers’ private information, control, and access to their own vehicles in danger.
Cybersecurity risks for Canadian drivers and fleet operators that were highlighted in the Deloitte report include low-risk threats like altering vehicle diagnostic data and illegal access to back-end systems, all the way to more serious breaches like GPS monitoring and stalking, as well as manipulation of acceleration and/or braking.
As technology in the automotive sector continues to advance, the Deloitte report says “physical proximity is no longer needed for attacks to occur.” According to the report, in 2021, 84% of cyberattacks on vehicles were conducted remotely, with more than 50% of cybersecurity-related automotive incidents ever reported happening in the past two years.
“It’s important to remember that there are a lot more cyberattacks that go on that are not reported,” said Mitra Mirhassani, an automotive cybersecurity expert who is co-director at SHIELD Automotive Cybersecurity Centre of Excellence and associate professor at the University of Windsor. “And it’s good, we shouldn’t advertise that we are under attack…[but] attack numbers are going to grow much, much higher.”
Responsibility for these attacks can fall under the purview of multiple stakeholders across the automotive supply chain, like government bodies, Tier 1, 2, and 3 suppliers, auto manufacturers, communication service providers (CSPs), cloud provision companies, and smart transport business consumers. Getting these stakeholders to embrace their responsibility here and ensure their due diligence may be a challenge, says Mirhassani.
“As a scientist or engineers, we are not at the level that we can demand these safeguards or these protocols to be inserted into manufacturing,” she said. “We need a closer connection to policymakers and regulators with finance and insurance institutions to provide our expertise, and then they have to take this expertise and extend it into something tangible.”
The Deloitte report recommends that everyone in that supply chain should prioritize “security by design” to ensure that the automotive sector can adapt to new technology without impeding the widespread adoption of CASE tech.
While you consider that, watch this video of a Tesla hacker using their iPhone to generate a fake Tesla key in about 3 minutes, then let us know what you think of these cybersecurity threats in the comments section at the bottom of the page.
Gone in Under 130 Seconds
SOURCE | IMAGES: ELECTRIC AUTONOMY CANADA.