Automotive cyber incidents doubled in 2019, reaching 188 vulnerabilities: Study


According to Atlas VPN investigation, automotive hacking incidents more than doubled in 2019 compared to the data of 2018.

Automotive cyberattacks are possible since many vehicles are connected to the internet. Not only that, but new technologies also mean that there are more points of attack for cybercriminals.

Keyless go, remote start, remote shut down, car mobile applications, all of these technologies can become attack vectors. Automotive cyber attacks can be seen as more dangerous than attacks on computer devices since they can physically endanger the victim.

Our data reveals that from 2016 to 2019, the number of automotive hacking incidents increased more than 7 times. Last year alone, the number of cyber incidents jumped by nearly 138%.

Year-To-Date, as of July 6, 2020, there have been 88 hacking cases in the automotive industry. It has to be noted that sometimes it takes months for the hacking incident to become publicly disclosed.

In addition, companies might choose to keep a hacker intrusion private as it hurts their reputation. Either way, we can expect hacking incidents to continue to increase in the upcoming years.

The reason being, connected vehicles are becoming a standard in the industry. In the US, almost half of the automotive industry market share is occupied by General Motors, Ford, and Toyota. These manufacturers state that they will only sell connected vehicles by the end of 2020.

Meaning, at least half of the vehicles in the US are a possible target for cybercriminals. Other manufacturers are sure to catch up and sell mostly connected vehicles in the upcoming years as well.

One of the examples of how dangerous an automotive cyber attack can be was demonstrated in April 2019, when a hacker accessed internal systems of iTrack and ProTrack. By accessing these systems, the hacker could monitor thousands of vehicle locations and even kill the car engines while the cars were moving.

Connected vehicles have many attack vectors, but some are more common than others. Since monetary gain is the main goal for most criminals, they aim to access the vehicles. The chart below displays the impact of automotive cyber incidents over the past 10 years.

Almost one-third of hacking incidents in this period involved criminals stealing the car or breaking into the car and stealing equipment from inside the vehicle.

The fact that keyless entry is a huge vulnerability for most manufacturers was proven by a research carried out by German General Automobile Club (ADAC) in January 2019.

Their findings showed that 99% of brands using keyless systems were prone to get hacked. They tested 237 keyless entry car models and found that 230 of them could be hacked within a few minutes.

A close second attack vector is control over car systems, with over 27.22% of all successful attack volume. When a hacker gains control over a server, it allows the criminal to access certain functionality within the connected vehicle.

Cybercriminals can unlock the car and start or kill the engine after gaining access to the car’s systems. Simultaneously, if the system is advanced enough, hackers could disable the brakes while the vehicle is in motion. Due to these reasons, this hacking method is the most dangerous to the victims.

Around 12.72% of automotive cyber incidents happen due to vulnerabilities in the vehicle’s mobile application. Many new cars can be unlocked and even started via the mobile application.


Please enter your comment!
Please enter your name here