

There are short-range remote hacks, like the Tesla key fob hack, where the hacker needs to be within a few meters of the car to break the fob's weak encryption, and there are long-distance hacks that can be perpetrated from anywhere. The worrying thing about these attacks is that 82% of them occur remotely, meaning that the hacker doesn't need to physically be inside the vehicle to do their dirty work. Vehicle mobile apps represent around 12.71% of the hacks, with OBDII ports and infotainment systems rounding out the top 5. Company servers are a close second at 26.42%. The bulk (29.59%) of these cyberattacks are using the key fob to gain access. If Tesla's fobs were so vulnerable, how many other vehicles are being accessed by keyless entry systems? A lot. Tesla has had good luck with its program, with white hats finding several vulnerabilities with the Model S key fob that allowed it to be hacked in seconds. That's either good or bad, if you take the stance that it had almost 1,400 vulnerabilities in its software, while Toyota only has 349 resolved bug reports. Uber, for example, has 1,345 resolved bug reports and has paid out over $2.3 million. Some bug bounty programs have been more effective than others.

Since Upstream doesn't elaborate on who "other" is, we're going to assume it means lizard people or, like, Hugh Jackman in Swordfish. Black hats (aka the bad guys) are still responsible for 57% of incidents, while 5% are being perpetrated by "other" parties. Nevertheless, only 38% of reported security incidents are being done by bounty-hunting white hat hackers. On the other hand, just a month later, Toyota announced a breach that exposed the data of 3.1 million of its customers.īug bounties are a large part of what vehicle manufacturers and suppliers are doing to help combat hacking. Not good, but not impactful for a majority of people. For example, a breach in February targeted systems in some of the US Army's troop carrier vehicles. Those 150 or so incidents vary a great deal in the number of people they affect, too. Even worse, the industry has experienced 94% year-over-year growth in hacks since 2016. However, that represents a 99% increase in cybersecurity incidents in the automotive space in the last year. So just how bad are we talking? Well, according to Upstream's report, there were only around 150 incidents in 2019, which isn't good, but it's not like we're experiencing the automotive equivalent of the end of the 1995 film Hackers.

What we've lacked has been a more complete picture of just how bad car hacking has gotten, but thanks to a report by Israeli firm to, now we've got one. Now, we've covered vehicle hacks and vulnerabilities before, along with manufacturer "bug bounty" programs that encourage so-called "white hat" hackers to report their findings in exchange for a financial reward rather than exploit them for other personal gains. This problem is increasingly spilling over into our vehicles, which have become increasingly attractive targets to hackers as they've gotten more technologically sophisticated. This has been amazing for convenience, but that convenience has outpaced security, and so we hear about companies being hacked on a near-daily basis. Not in some kind of Second Life- Matrix hellscape, but they conduct business, maintain personal relationships, manage their money, buy stuff and even get their car news (👋) using the internet. For many people around the world, a large portion of their lives is lived online.
