Top 5 security risks to connected cars, according to Trend Micro

A new report from Trend Micro analyzes a day in the travels of a connected car to identify the cyberattacks most likely to succeed. “Cybersecurity for Connected Cars: Exploring Risks in 5G, Cloud and Other Connected Technologies” puts the overall risk at medium. Among the millions of endpoints in a connected car’s ecosystem, analysts found 29 potential cybersecurity attack vectors and ranked five as the highest risks.

Connected cars use satellite, cellular, Wi-Fi, Bluetooth, RDS, eSIM-based telematics, and other types of connectivity to send and receive data; this data supports user applications, driving applications, autonomous driving, safety features, and other activities. The authors note that all these network-centric applications create new attack surfaces in connected cars. Another element of the overall security challenge is a connected car’s interactions with other vehicles, cloud services, and road infrastructure.  

SEE: Identity theft protection policy (TechRepublic Premium)

Malware is not the most likely problem right now for connected cars, according to the authors, but the millions of endpoints in the ecosystem creates a large and unpredictable attack surface. For instance, a typical new model car runs over 100 million lines of code. Also, basic cars have at least 30 electronic control units (ECUs), while luxury vehicles have up to 100 ECUs. Some of these ECUs can be accessed remotely, and as the report explains:

“ECUs are all connected across a labyrinth of various digital buses … They operate at different speeds, move different types of data, and enable connections across different parts of the car. ECUs control many critical functions in a car, including the powertrain, the device and system communications body control, power management, the chassis, and vehicular…