Text from UPSTREAM SECURITY GLOBAL AUTOMOTIVE CYBERSECURITY REPORT 2019
www.upstream.auto hello@upstream.auto
AUTOMOTIVE GRADE IS NOT ENTERPRISE GRADE. IT’S MUCH BIGGER
It’s easy to look at graphs, charts, and reported incidents and miss the gravity of data. After all – under 200 incidents in a decade, and 60 in 2018 doesn’t seem like a cause for concern. Doing so would ignore the vast difference between Smart Mobility and any other industry.
The world of IT spends a huge amount of resources on cyber-security, and there are hundreds of thousands of companies seeing an increasing amount of risk each year. This risk can be devastating to their business, damaging public image or reputation, and losing money or customer data. There is no doubt that the world of automotive is dramatically smaller. Instead of hundreds of thousands of corporations, you might see dozens of OEMs, and many thousands of fleets and businesses that sell third-party products of services. The impact, however – is much greater, both in terms of risk, and ripple effect
A single cyber hack can cost an automaker up to $1.1 billion today. The total cost for the industry, assuming current trends continue, could reach $24 billion by 2023, at which time Juniper Research predicts the number of connected vehicles to reach 775 million.
MAJOR AUTOMOTIVE CYBER-INCIDENTS OF 2018:
Jan.
• Researchers uncover mobile malware that spoofed Uber’s Android app and harvested user passwords
• Hacker arrested after fraudulently accessing GoGet car sharing servers, downloading customer identification information and riding for free
Feb.
• More than 100,000 sensitive customers documents are stolen from an unsecured Amazon S3 server owned by FedEx
• Proprietary data belonging to Tesla customers are exposed as hackers break into an unsecured AWS server to ‘mine’ cryptocurrency
• The data of 28,700 Porsche customers is accessed in cyberattacks targeting a contractor’s data servers
Apr.
• 14 million Careem taxi users experience personal data breach as cybercriminals hack into customer app accounts via backend servers
May.
• A vulnerability in CalAmp backend telematics servers is exposed. This could enable the tracking of vehicle location, stealing of user information, and even remotely controlling critical components of multiple vehicles
• Chinese security researchers discover 14 vulnerabilities in the onboard compute units of BMW cars
• 50,000 users of Honda Connect App suffer a data breach after researchers discover two unsecured AWS S3 Buckets
Jun.
• Tesla employee takes vengeance by changing the manufacturing source code and exfiltrating sensitive data to outsiders
Nov.
• Spike in keyless entry attacks in Heaton, the UK as burglars use a relay amplifier and transmitter to pick up a signal from the fobs, allowing them to steal vehicles
For more info contact Anders Johnson, RISE.
