Why antivirus cannot protect your car

In July last year, BMW announced its intention to make heated seats an $18-per-month subscription service.

A week later, a group of hackers called Easy Bimmer Coding claimed they were prepared to help any BMW owner to unlock the subscription-only feature. The majority of today’s cyber-threats are more like the one described above, relatively low-profile offences replicated many times. While being not as eye-catching as taking remote control of a car’s steering and throttle, these mundane instances could be costing the industry an eye-watering sum a year, according to two cyber-security experts. Speaking at an annual mobility conference in Moscow attended by the author, they reflected on current trends in cyber risk for mobility companies.

The average driver’s risk of being attacked is increasing, said Evgeniya Ponomareva, global alliance manager at Kaspersky Lab. In 2022 alone, the number of cyber-attacks have grown by 225% compared to a 134% increase in the number of connected vehicles on roads, according to another report by Upstream Security. By the end of 2023, the global five-year loss from cyber-breaches at automakers, Tier-1 and 2 suppliers and mobility companies may exceed $500Bn, said Vladimir Pedanov, CEO at Autovisor and a member of the UNECE working group on WP.29 standard, referring to a 2019’s forecast by Accenture.

Cyber-crime is scalable

The recent growth of the attacks is partly because of the emergence of new types of malicious actors. The first is what experts call ‘activists’. These are inexperienced felons, often adolescence, who receive detailed instructions in online hacker communities. For example, activists proved to be a major threat in the well-known TikTok Kia Challenge which resulted in four deaths in the US and Australia in 2022.

Yet another category is vehicle owners themselves who want to unlock a car’s paid-for features of their cars, such as the BMW heated seats incident. What these two groups have in common is that most perpetrators lacked the skills to carry out a cyber-breach on their own. Instead, they were instructed by professional hackers. Eventually, less qualifications are needed to launch a successful attack, Pedanov said, which means that cybercrime is becoming scalable.

To read the complete article, visit TU-Automotive.