$24 Billion For The Next Five Years, Estimated Damage Due to Car Hacking Incidents

In the December 15, 2018 article we have posted here in Hackercombat.com the story of Toyota developing their own open-source car hacking platform, the Japanese automotive giant has publicly demonstrated their Portable Automotive Security Testbed (PASTA) systems for the Black Hat Europe 2018. This is to entice developers around the world to check out their system and commit their own contribution to improve the platform, in hopes to be a step ahead of hackers in the field of hacking cars.

The first case of a car being taken over by a remote party (but not driven it) was way back in 2002 in Forbes. With the first ever mention of an actual remote 3rd party driving an automobile was published in July 2015 in a Wired article. To the surprise of the owner, he described the experience as “disabled my brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel.”

A total takeover of someone else car is a realization of Science fiction, as Upstream Security Global Automotive Cybersecurity Report 2019 states that an estimated $24 billion for the next five years will be absorbed by the automotive manufacturing industry due to car hacking. Using data analytics against the record of alleged car hacking incidents for the last 8 years, Upstream researchers were able to extrapolate the future in the car hacking scene.

“With every new service or connected entity, a new attack vector is born. These attacks can be triggered from anywhere placing both drivers and passengers at risk. Issues range from safety-critical vehicle systems to data center hacks on back-end servers, to identity theft in car sharing, and even privacy issues. The risk is immense. Just one cyber-hack can cost an automaker $1.1 billion, while we are seeing that the cost for the industry as a whole could reach $24 billion by 2023,” explained Oded Yarkoni, Upstream’s Marketing Head.

Car manufacturers if they so choose to have the upper hand, just like what Toyota demonstrated with their PASTA platform. The transportation groups, suppliers and ride sharing stakeholders are more at risks, as they have no expertise when it comes to securing their fleet of vehicles. It is also a very unfortunate statistics was brought-up by Upstream, as their report indicated that for 2018, the number of active black hat hackers operating against the automotive industry outnumber the hired white hat hackers performing the beneficial penetration testing for the same industry.

The modern car today depends on a lot of electronic and chip-based parts, including actual apps running in the computer embedded in the car to fully operate as expected. Even the usually innocent entertainment system that comes with the car can be taken over with by a remote party without the driver being aware of it. It is important for firms that deal with cars and uses a lot of vehicles in their business to include car audits when they decide to hire for penetration testing professionals. Ethical hackers are self-taught and the possibility of them being ahead of their black hat counterparts is real, especially with vendors like Toyota giving them the tools to do their jobs easier.