Many businesses now have company-owned vehicles, especially ones that didn’t originally have a need for them. As medicine, education, and banking have spread beyond the boundaries of corporate cubicles, more and more enterprises find themselves owning and maintaining vehicles. That’s not a job for a managed service provider (MSP), but for maintenance, right? The answer isn’t that simple.
Up until the last few years, criminals hacking into your car and taking control seemed like the stuff of Hollywood movies. Not so today, as vehicles become increasingly connected. Global sales of connected cars are expected to surge to 115 million in 2025, from around 30 million sold in 2020, according to ABI Research.
Vehicles are computers on wheels
“If you are an MSP, congratulations, you’re now also in the business of servicing cars,” says Daniel Webster, a cybersecurity consultant in Detroit.
Webster advises that there are several security measures that should be implemented by MSPs. “The measures that apply to office technology also applies to cars and autonomous vehicles. As such, you must now think of vehicles as computers on wheels,” he adds, recommending that MSPs with clients that have connected company-owned vehicles should do the following:
- Keep software up to date. Software updates often include security patches that can help to protect against known vulnerabilities. MSPs can help to ensure that their clients’ software is up to date by automatically deploying updates or by providing clients with the tools and resources they need to do so themselves.
- Use strong passwords and multi-factor authentication (MFA). These tools can help to protect against unauthorized access to automotive systems. MSPs can help their clients create strong passwords and to implement multi-factor authentication by providing them with training and resources.
- Monitor systems for suspicious activity. MSPs can monitor their clients’ systems for suspicious activity, such as unauthorized access or unusual traffic patterns. This can help to identify and mitigate potential threats before they cause harm.
- Educate clients about cybersecurity risks. MSPs can educate their clients about the cybersecurity risks that they face and the steps they can take to protect themselves. This education can help to raise awareness of the issue and to encourage clients to take action to protect their vehicles.
By implementing these security measures, MSPs can help protect their clients’ vehicles from automotive hacking. In addition to the above, Webster says MSPs can also do the following:
- Advise clients on the best security practices for their vehicles. This includes things like using strong passwords, keeping software up to date, and being careful about what apps they install.
- Monitor client vehicles for signs of hacking. This can be done by looking for unusual activity, such as changes in the car’s performance or behavior.
- Report any suspected hacking incidents to the appropriate authorities. This is important to help prevent future attacks.
Automotive hacking is cause for concern
By taking these steps, MSPs can help to keep their clients’ vehicles safe from hacking. But how common is automotive hacking? Insurance Business Magazine says it is rare but should be a cause for “concern.” The statistics showing an increase in vehicle hacking is quite concerning.
- The frequency of cyberattacks on cars increased 225 percent from 2018 to 2021.
- Nearly 85 percent of attacks in 2021 were carried out remotely, outnumbering physical attacks four to one.
- 40 percent of attacks targeted back-end servers.
- Keyless entry and key fob attacks account for 50 percent of all vehicle thefts. Thieves only need to be close to the key fob for a Black Hat hacker to pick up and reproduce its signal.
All told, Upstream estimates that the automotive industry is projected to lose $505 billion by 2024 to cyberattacks. Webster says that many parts of today’s cars are connected, from entertainment systems to key fobs. All can be compromised and provide varying levels of access.
According to Webster, there are other common ways hackers breach automobiles including:
- Through the car’s CAN bus. The CAN bus is a network that connects the car’s various electronic systems, such as the engine, brakes, and airbags. Hackers can exploit vulnerabilities in the CAN bus to send malicious messages to these systems, causing them to malfunction.
- Through the car’s cellular connection. Some cars are equipped with cellular connections that allow them to access the internet and receive over-the-air updates. Hackers can exploit vulnerabilities in these connections to gain access to the car’s computer system.
Once hackers have gained access to a car’s computer system, they can do a variety of things, such as:
- Take control of the car’s systems. This could include disabling the brakes, steering, or engine.
- Steer the car off course. This could be done by sending malicious messages to the car’s steering system.
- Access the car’s data. This could include personal information, such as the driver’s name and address, or the car’s location.
- Install malware. This could be used to steal data, track the car’s location, or even take control of the car’s systems.
“The real threat is that MSPs and CISO’s overlook vehicles in their security packages but as long as vehicles are incorporated into an MSP’s regular workflow and are treated the same way an office server is, then risk decreases dramatically,” Webster notes, adding that manufacturers are going to have to step of the security game on their end.
“If all else fails, you’ll see the government step in to impose more stringent cybersecurity measures. Unfortunately, though, it often takes something bad to happen for that to occur,” Webster concludes.
Photo: McLittle Stock / Shutterstock