Hacker at the Wheel: The Consequences of a Cyber Attack on the Automotive Industry
The Automotive Sector in Poland is currently the second-largest branch of production. Along with its collaborating industries, it contributes to approximately 3.4% of the national GDP (according to the EMIS report 'Poland Automotive Sector Report 2022-2023'). It is also a sector where technology plays a significant role. Modern vehicles are filled with electronics, increasingly automated, and connected to networks. It's no wonder that the automotive industry has to contend with numerous cybersecurity threats – both during production and after the product is in the hands of users. What happens when a hacker takes control of the steering wheel of a smart car? What could be the consequences of a cyber attack on the automotive industry? Find out in the article.
A Cyber Attack and the Security of Vehicle Users
According to analysts at KPMG, luxury cars are constructed with approximately 150 million lines of various types of digital software code, which is 12 times more than in a Boeing 787 passenger plane or an F-35 fighter jet! Consequently, a hacker has numerous potential entry points.
Particularly vulnerable are alarm systems, navigation, and internal communication systems. A cybercriminal who gains access to one of these systems and starts manipulating it to their liking – for instance, taking control of brakes or the steering system – poses a serious threat on the road, risking the health and lives of the driver, passengers, and individuals in nearby vehicles.
An example worth mentioning is Tesla, where Chinese hackers took control. They successfully deceived the vehicle in a straightforward manner by placing three small stickers at an intersection, convincing the autopilot that it was surface damage. They successfully redirected the car into the wrong lane, which could have resulted in a tragedy.
The security of sensitive data of car owners is also at risk. A hacker who infiltrates a vehicle's systems gains access to various detailed information about the driver, such as their name, credit card details, address, and phone number. Such information enables identity theft or financial abuse.
Owners' Vehicle Issues Reflect the Challenges of the Entire Automotive Industry
The problems faced by car owners due to a cyberattack have a negative impact on the entire automotive industry. A manufacturer that did not ensure a sufficiently high level of cybersecurity in its cars (or maintained very stringent security standards, but hackers still found a way) must deal with a reputational crisis and loss of trust from customers and business partners, especially if the matter becomes publicized. This translates into a decrease in sales and difficulties in maintaining industry relationships.
Furthermore, the manufacturer must reckon with compensation costs arising from potential damages and accidents caused by a cyberattack on the car. In addition, there may be penalties for inadequate system security. Of course, there is also the risk of receiving GDPR penalties if valuable user data is leaked.
The manufacturer is also obligated to bear the costs of fixing and updating security vulnerabilities. Losses resulting from the necessity to replace faulty, attack-prone components can be enormous. For example, Fiat Chrysler recalled 1.4 million vehicles when hackers employed by the manufacturer breached the car during a test drive.
The increasing interest of cybercriminals in the automotive industry and the growing risk of cyberattacks also mean the introduction of increasingly stringent regulations and laws regarding cybersecurity. For instance, in 2024, Regulation R155/R156, prepared by the European Economic Commission, comes into effect. While such standards are crucial for ensuring the high-quality security of manufactured vehicles, they entail additional costs and administrative burdens for automotive companies."
Hackers target the automotive industry at every stage of product development
The automotive industry needs to be vigilant against hackers at every stage, from the preparation of plans to the release of the finished product. A single human error, such as a phishing attack, is enough for a criminal to gain access to corporate systems. There, a wealth of information awaits them, including details related to prototype construction technology. If an unauthorized person acquires data from mathematical models, applied software, or records of conducted tests, they can prematurely end a multimillion-dollar project that has been worked on by an extensive team of specialists for a long time. This is a significant loss of time and financial resources. Moreover, it happens that the stolen product is purchased and implemented by the competition.
An automotive enterprise can also fall victim to a ransomware attack, losing critical data necessary for business continuity. Honda, for example, faced such a situation in 2017 when its production facilities were shut down for an extended period due to the WannaCry ransomware. Production stoppage translates into severe financial losses for the company. As estimated by experts from Capgemini, a four-hour downtime can cost up to 2 million dollars. In addition, there are potential costs associated with paying a ransom if the affected entity decides to take that step.
How to ensure data security in the automotive industry?
We have covered the topic of ensuring cybersecurity for companies in the automotive industry on our blog. Read the article if you want to learn a range of useful tips that are worth implementing in an automotive company.
Enhancing data security in an automotive enterprise can also be achieved through a complimentary cybersecurity audit with Telescope. This audit will identify potential security gaps and assess compliance with adopted regulations.
Until next time!