Connected Vehicle Days of Doom – Articles of the Month 03/20

The CASE megatrends (Connectivity, Autonomy, Sharing, Electrification) have been the hot potato within the automotive industry for some time now. With connectivity come cybersecurity problems with which we work daily. But what are the worst case scenarios for automotive cybersecurity? Here are my favourite examples.

The four largest vehicle manufacturers (Ford, GM, Honda, Toyota) each make up 10 % of the vehicles in New York. If one of them becomes compromised and their vehicles stall, there is a 40 % probability for city-wide disruption. With two manufacturers becoming compromised, the probability rises to over 95 %. Among other things, the implication is that first responders will be unable to drive within the city. To learn more, read the excellent study Cyber-physical risks of hacked Internet-connected vehicles by Vivek, Yanni, Yunker & Silverberg (2019).

Mandatory, vulnerable, Internet-connected devices connected to every truck’s control system sounds like a bad idea, right? Well, that is exactly what Electronic Logging Devices, ELDs, have turned out to be. They are used to monitor, among other things, that truck drivers take their mandatory breaks. They can also be exploited to remotely disable the trucks, which can potentially lead to disruptions in goods supply or traffic like described in the previous article. To learn more about the problem and a potential solution, read up on the CAN Data Security Diode project by Jeremy Daily here.

As if that wasn’t enough, there are plenty of other creative attacks and doomsday scenarios going around. For a full update, read the Global Automotive Cybersecurity Report by Upstream.