The situation is only getting worse and drivers need to be concerned. All of these electronic devices in today's cars provide a variety of infotainment, safety, and performance features, but technology can also be used to hack into electronic devices and steal personal and financial information. It has become a prime target for cybercriminals who steal and profit from it.
In fact, as automakers increasingly rely on service subscriptions as an additional source of revenue, drivers are similarly becoming more vulnerable to theft of personal and financial information by cybercriminals. .
According to a new report from Israel-based Upstream Security, there were 1,468 cybersecurity incidents related to automobiles and smart mobility between 2010 and 2023, but the number rose to 295 in 2023 alone. It was revealed.
Not only are the number of reported incidents increasing, but the attacks are also becoming more sophisticated.
“What has changed in 2023 is the rate of long-range attacks. Longer range essentially means you can carry out an attack from anywhere in the world,” says Upstream's vice president of marketing. President Shira Salid Hausilah spoke at a press conference at the company's offices in Ann Arbor, Michigan. “It doesn't matter if you're one mile away or 10,000 miles away. That percentage has risen from 70% to 85%. The further away you are from the property, the greater the magnitude of the impact you can have.” Become.”
The areas that cybercriminals target are called attack vectors. As seen in the chart below, telematics and cloud data are the primary attack vectors, accounting for 43% of attacks in 2023, compared to 35% a year ago.
To counter these attacks, it is essential to understand these attack vectors, or the primary targets of cybercriminals, explained Giuseppe Serio, vice president of upstream market development.
“When you think about cybersecurity, there are two perspectives: you can either wait for an attack to happen and mitigate it as soon as possible to reduce the risk, or you can try to understand how hackers think and what they are targeting. , so you can minimize risk before an attack happens.'' Where are they going and how are they going to make money? Because we know that the biggest motive is economic,” Serio explained in a media briefing.
EVs are particularly vulnerable to cyber-attacks because they have sophisticated electronics and must be connected to public chargers on a network.
The total potential vulnerabilities for EV fleets reach up to $50 million, including attacks that could result in recalls, updates, or legal action.
To strengthen its cybersecurity arsenal, Upstream turned to the same weapon hackers use to commit crimes: generative artificial intelligence (GenAI). It is a type of AI that can generate various forms of content from data.
As the Massachusetts Institute of Technology report explains, “Generative AI can be thought of as machine learning models that are trained to create new data rather than making predictions about a specific dataset.”
Just as users of AI tools like ChatGPT can ask questions and watch reports and other text appear on screen, cybercriminals can use GenAI to determine the scope and efficiency of their attacks. is increasing.
“This means that 50% of the cases reported last year could affect thousands or even millions of people,” Salid-Hausilah said. “If we add GenAI, that number will change dramatically. We don't know if it will be 60% or 80%. Only time will tell, but once generative AI permeates the ecosystem. The impact will be even greater.”
Upstream's GenAI tool is called Ocean AI. The company says it monitors millions of connected cars and billions of electronic transactions every month, allowing it to remediate cybersecurity risks.
At the new Vehicle Security Operations Center (vSOC) in our Ann Arbor office, Ocean AI is used. paper.
“This allows analysts to ask any question they want in a very effective way without having to write a single SQL (Structured Query Language) or other type of query from an engineering perspective. , you can ask questions of the data, you can query the data,” Salido explained. – Haugler. “So we close the gap. It's time to fix the results. Now it's down to minutes.”
With the rise in Chinese-made cars in mind, Upstream CEO Yoav Levy said he was concerned that the move might reflect concerns that the popular Chinese social media app TikTok collects large amounts of personal data from its users. ing.
“When I look at this, I think this is like TikTok number two on wheels.” Perhaps that's a good question to ask GenAI.
follow me twitter.
