"The New Technology That Is Making Cars Easier for Criminals to Steal, or Crash"
The automotive industry is abuzz with the "Internet of Vehicles" (IoV) discussion. This describes a network of cars and other vehicles that can exchange data over the Internet to make transportation more autonomous, safe, and efficient. The IoV could help vehicles identify obstructions, traffic congestion, and pedestrians. It could help with a vehicle's positioning on the road, enable driverless vehicles, and facilitate defect diagnosis. A more advanced IoV will require the installation of even more sensors, software, and other technologies. There are currently more electronic systems than ever before in cars, including cameras, mobile phone connections, and infotainment systems. However, some of these systems may also make vehicles vulnerable to theft and malicious attacks as criminals discover and exploit vulnerabilities in this new technology. Threat actors are increasingly using a more sophisticated method of attacking vehicles. A Controller Area Network (CAN) injection attack establishes a direct connection to the CAN bus, the vehicle's internal communication system. Since the main route to the CAN bus is underneath the vehicle, criminals try to gain access to it through the headlights. The bumper must be removed so a CAN injector can be inserted into the engine system. Criminals can then send fake messages, tricking the vehicle into believing they are from the smart key and disabling the immobilizer. After gaining access to the vehicle, they can start the engine and steal it. This article continues to discuss potential security attacks against today's cars and the suggested zero trust approach to such attacks.