Trend
Micro
has
a
long
and
successful
track
record
of
predicting
where
the
next
threats
to
our
digital
connected
world
will
be
targeted.
In
fact,
its
expertise
in
doing
so
has
led
to
the
creation
of
several
standalone
subsidiaries
in
recent
years,
such
as
VicOne,
which
is
dedicated
to
connected
vehicle
cybersecurity.
Because
we’re
ahead
of
the
game,
many
industry
organizations
haven’t
given
this
topic
serious
thought.
But
rest
assured,
the
bad
guys
are.
We
expect
connected
car
cyber
risk
to
evolve
considerably
in
the
coming
3-5
years.
Why
connected
cars?
Automobiles
are
increasingly
more
akin
to
powerful
computers
on
wheels
than
they
are
traditional
vehicles.
They’re
estimated
to
contain
over
100
million
lines
of
code.
Compare
that
to
an
average
passenger
plane,
which
has
just
15
million.
Yet
just
as
this
smart
functionality
can
enhance
the
driving
experience
and
even
improve
car
safety,
it
also
opens
the
door
to
hackers.
So
where
are
these
cyber
threats
most
pronounced?
We
believe
a
key
area
of
risk
for
manufacturers
and
drivers
is
the
vehicle
user
account.
By
hijacking
or
stealing
such
an
account
via
phishing
for
credentials
or
installing
malware,
a
cyber-criminal
could
locate
the
car,
break
into
it
and
potentially
sell
it
on
for
parts
or
follow-on
crimes.
They
might
even
be
able
to
locate
the
owner’s
home
address
and
target
it
for
burglary
when
they’re
not
in.
It’s
a
crossover
between
cyber
and
physical
crime
which
we’ve
seen
before
with
ATM
break-ins.
To
recap,
access
to
a
vehicle
user
account
could
enable
criminals
to:
-
Remotely
unlock/start
the
car -
Open
the
car
and
loot
it
for
valuables -
Commit
one-off
crimes
such
as
ram-raiding
or
drug
trafficking -
Drive
the
car
away
and
sell
it
for
parts -
Locate
the
car
to
pinpoint
the
owner’s
home -
Locate
the
car
to
know
when
the
owner
is
not
home
Only
a
matter
of
time
Here
at
VicOne,
we’re
already
thinking
about
the
worst-case
scenarios.
The
good
news
is
that
we’ve
not
thus
far
found
any
evidence
of
attacks
like
those
listed
on
cybercrime
forums.
The
current
focus
for
cyber-criminals
seems
to
be
network
access
for
theft
of
regular
data,
rather
than
car
user
accounts.
However,
it
won’t
take
them
long
to
catch
up
and
realize
the
importance
of
vehicle
user
accounts.
One
way
to
think
about
this
is
the
triangle
of
criminality.
For
a
crime
to
take
place,
there
must
exist
three
aspects:
target,
desire,
and
opportunity.
The
target
(connected
cars)
is
not
ubiquitous
at
present,
but
it
soon
will
be.
The
opportunity
is
clear:
hijacking
user
accounts
using
tried-and-true
techniques
like
phishing,
info-stealers
and
keyloggers.
As
for
desire,
criminals
haven’t
yet
found
a
way
to
monetize
user
accounts,
but
that
light
bulb
moment
is
not
far
away.
The
biggest
cyber
risk
today
lies
within
car
data,
not
the
vehicles
themselves.
However,
we
expect
that
to
change
within
five
years
as
criminals
better
understand
the
connected
vehicle
ecosystem.
The
industry
should
start
planning
accordingly.
To
learn
more,
please
visit:
https://vicone.com/blog/what-lies-in-store-for-connected-cars-in-the-cybercriminal-underground