The Sheer Volume of Attacks on Connected Vehicles: What You Need to Know
If you have a connected vehicle, then by the time you finish reading this post it may be targeted by more than three dozen attack attempts.
For the past several months, Karamba Security’s engineers have implanted automobile electronic control units (ECUs) on ThreatHive platforms in four different countries – Japan, the United States, Germany, and Israel, to reveal how many attacks target these systems.
At CES 2019 in Las Vegas in January, Karamba revealed for the first time that the experiment had found that each ECU was targeted by more than 300,000 attacks each month. The attacks were from more than 3,500 hackers, and included more than 11 different types of attacks, including FTP, Citrix, HTTP, and SMB.
The ThreatHive experiment has continued throughout the rest of the first quarter of 2019, with the numbers only climbing. In March alone, the testing found that vehicles in Japan and Israel were targeted by nearly 350,000 attacks each month, and in the United States and Germany, around 300,000 attacks were recorded.
Karamba’s testing has also proven ThreatHive’s ability to find a security flaw in one of the most popular Android file manager apps and a Linux operating system, which constantly open unsecured ports in the ECUs.
ThreatHive serves as a sort of “cyber honey pot” to attract, block, and then track cyberattacks. The platform also provides deep forensic information regarding the attacks, so that tier-1s and OEMs can find the best methods for reinforcing their system security.