Las Vegas, USA & Hod Hasharon, Israel, Jan. 10. 2018: This bit of statistics is shocking. An experiment carried out by a security solutions company has just revealed the enormity of hacker attacks on “connected” vehicles. Karamba Security, a provider of end-to-end automotive cybersecurity prevention solutions, today unveiled vulnerability data in the autonomous and connected vehicle industry.
In an interesting exercise, Karamba Security has been attracting Internet attacks on automotive electronic control units (ECUs) through its latest solution Karamba ThreatHive. It found out that in the last three months alone, each of the ECUs that Karamba had exposed to Internet connectivity was subjected to as many as 300,000 attacks per month.
“The fact that each connected ECU gets attacked about 300,000 times every month illustrates just how creative and persistent hackers have become” . – Ami Dotan, Karamba Security’s co-founder and CEO.
The test showed the real magnitude of hacker attacks on connected vehicles. Karamba ThreatHive harnesses real-world hacking attempts to expose and pinpoint ECU vulnerabilities to be fixed before such vulnerabilities are exploited in real cars. A global system of data-generating “honeypots” runs continuously, collecting threat data to identify vehicle security gaps.
According to the data, each of the automotive ECUs exposed by ThreatHive to the internet was attacked about 300,000 times per month by 3,500 different hackers. Attackers were in different forms, and were often bots searching for any ECU vulnerabilities they could expose to gain control of the connected system.
It was also found that over 11 different types of attacks were attempted since Karamba ThreatHive’s inception. Each simulated ECU was targeted by a different mode of attack, aiming to exploit different services in the ECU. Examples include attacks to the Telnet port – similar to the services targeted on the VW Golf white hat attack in April 2018 – to SSH (Subaru 2018) and to HTTP (Tesla 2017). Attacks were prevalent across geographies and service providers.
Incidentally, at the on-going CES 2019, attendees are invited to participate in a real car hacking demo or prevent cyberattacks launched at the car by Karamba Security.