Tag Archives: Shira Sarid-Hausler

The Growing Cyber Risk

Posted on by
Reply

By Gary S. Vasilash

“This is not Charlie Miller anymore. We’re in a different era.”

That’s Shira Sarid-Hausirer, vp marketing, for Israeli automotive cybersecurity firm Upstream Security.

Sarid-Hausler is referring to the man who, with Chris Valasek, remotely hacked a 2014 Jeep Cherokee. As Andy Greenberg wrote in Wired of his adventures being behind the wheel of a Jeep that the two hacked from a distance:

“Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting. . . .Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. . . . Then the windshield wipers turned on, and wiper fluid blurred the glass.”

Nothing he did could allow him to regain control of these systems. On the one hand, those things would be annoying. On the other, it would be highly disturbing that the knobs, buttons, or screen interface didn’t work.

Greenberg, driving on I-64:

“my accelerator stopped working.”

Yes, on an interstate with the traffic one would expect. With unhappy motorists behind him.

He couldn’t get the accelerator to start working. Miller and Valasek, sitting in a house several miles away here in charge.

Welcome to cybersecurity issues.

Sarid-Hausirer reports, based on finding from the 6th annual report that Upstream has conducted on cybersecurity, that things are going beyond hacks like that, that in terms of attacks on automotive companies we’re at “an inflection point.”

Swell.

A couple of data points that substantiate that inflection point:

  1. Based on its analysis of publicly reported cyber incidents, as well as those that Upscale personnel have found on the Deep and Dark Web, they’ve calculated that between 2010 and 2023 there were 1,468 incidents—and of that number, 295 occurred in 2023—that’s 20% of the entire number.
  2. While there are researchers and other helpful hackers, so-called “White Hats,” they accounted for 36% of the incidents, with the Black Hats accounting for the rest. And whereas for the past few years the number of attacks that would affect thousands or millions of “mobility assets”—which range from vehicles to EV charging stations were under 23%, in 2023 the number was 49%.

And as we more frequently hear of the wonders of “the Cloud” doing all manner of compute and control and communicate functions for us, turns out that of all attack vectors, telematics and the Cloud are far and away the biggest target: 43% of the attacks are focused there.

Infotainment, the other thing that OEMs are always pointing out their newest vehicles have to the utmost and then some, is the second-highest attack vector, at 15%.

And speaking of talked about tech, Upstream has discovered that AI is going to amp up the cyberattacks on mobility assets. (The good news on this front is that AI can also be used to counteract it.)

While some might think that there are state actors behind much of this activity, Sarid-Hausirer says that for the most part those doing the hacking are groups and individuals that are interested in money more than political activities.

Somehow all of this makes that 1978 Chevy Impala with an AM/FM radio seem all the more appealing.

You can get a copy of the 138-page report that is likely to make you wonder about all of that tech being offered in new vehicles here.