Data theft, uncontrollable attack … The cyber risks of the new generation of cars

Who is aware of the danger of putting their car keys on the hall closet? However, this unfortunate reflex is the joy of the new generation of thieves, specialized software that allows them to copy the signal from contactless keys. “They just need to stay near the pavilions with their equipment for a moment to record this signal, and then forward it to the car to open it,” explains Nicolas Arpagian, Director of Cyber ​​Security Strategy at Trend Micro. Simple and discreet, this type of hacking is emulated. “In France, thousands of vehicles have been stolen in this way, and this number is rising,” said Colonel Nicolas Duvinage on the occasion of the International Cybersecurity Forum (FIC), a high-level event that brings together the best specialists for three days each year. L’Express is a partner of.

But it’s just a foretaste of the cyber threats that cars now face. Increasingly connected, these have become veritable “computers on wheels”, which inevitably exposes them to hacking. Does that mean we have to fear the disaster scenario with a car that a hacker has taken control of to send it into the background? The reality is (thankfully) more prosaic. “Generally, criminals only seek to break into the vehicle and then flee with it,” reassures Nicolas Arpagian.

The problem is that new vulnerabilities are discovered every month. “Between 2020 and 2021, we have identified more than 100 in the automotive sector,” said Ivan Fontarensky, technical director of cyber defense and threat intelligence at Thales. Last January, a 19-year-old hacker, David Colombo, managed to gain access to certain commands for 25 Tesla (doorway, geolocation, etc.) thanks to a vulnerability in the TeslaMate, a tool that is independent of the manufacturer but used by many buyers . Elon Musk has also had to deal with hackers unlocking your paid options. The Canadian website Ingenext, for example, offers its customers the option to unlock the Boost option for acceleration of Model 3 Dual Motors for $ 1,000 … twice less than the price Tesla shows.

Limited offer. 2 months for 1 € without binding

Recent scenarios of concern to experts: Theft of personal data (travel, etc.) or an uncontrollable cyber attack. In 2017, NotPetya ransomware was first targeted at Ukraine and then spread, thanks to its performance, to the company’s devices around the world. Faced with these threats, manufacturers are sharpening their weapons. “Independent cybersecurity experts and the scientific community help us train our teams on an ongoing basis,” says Volkswagen. New rules will soon force the sector to control these risks. “It is possible that in the near future the models will be subjected to cyber-collision testing,” illustrates Colonel Nicolas Duvinage, head of the Center for the Fight against Digital Crime.

To avoid unpleasant surprises, the golden rule is to anticipate risks from the design stage. “We need to track exploitable vulnerabilities and partition applications so they can not be contaminated,” explains Thomas Cardon, Commercial Director of BlackBerry QNX. The shortcomings identified subsequently are really a nightmare for the manufacturers. In 2015, Fiat Chrysler had to recall 1.4 million cars after researchers discovered a fault that controls the brakes and engine on one of its models. It is for this reason that Stellantis sends its future products to intrusion simulations “internally and by specialized firms”, entrusts Olivier Doit, its head of information system security.

The Express app

To track analytics and decryption wherever you are

Download the app

Download the app

Autoproffer also fine-tunes their systems for detecting abnormal behavior and considers options for “switch contact“, to make stolen cars useless. Since Apple integrated one of them into its smartphones, iPhone thefts have seen their numbers drop drastically. Vehicle maintenance must therefore be completely rethought. to effectively fix their products externally (via so-called” Over “-the-Air” or OTA updates) will stand out from the rest. “It will also be crucial to train mechanics in cybersecurity,” points out Ivan Fontarensky. It remains to be seen how quickly these protections will be built. Cyber ​​security is a real one incognito land for automakers, and “some are reluctant to get started,” an expert laments. The risk of hacking contactless keys has been known for years. Out of 501 models tested by the Adac Association in 2022, the percentage of those sold with vulnerable keys unfortunately still rose to an overwhelming 95%.


opinions

Gerald Bronners chronicle

A montage showing actress Amber Heard on April 13, 2022 and star Johnny Depp on April 11, 2022 at the courthouse gate in Fairfax near WashingtonBy Gerald Bronner

Christophe Donners chronicle

By repeating its call for by Christophe Donner

Robin Rivaton’s Chronicle

Since the start of 2017, Uber has lost $ 25 billion.Robin Rivaton

Stefan Barensky’s chronicle

View of the moon from Mandalay in Burma, June 10, 2019Stefan Barensky

Leave a Comment