Despite thieves regularly finding ways to boost cars by exploiting vulnerabilities in modern keyless locking systems and researchers demonstrating how attackers could fiddle with car settings, the infotainment system, the break system, the steering system, and so on, we’re yet to witness actual safety attacks that resulted in hackers disabling brakes or turning the steering wheel.

One of the reasons must surely be that cybercriminals are generally after money and not that interested in harming people for the fun of it, but perhaps another is that it’s currently very difficult to prove that attacks like these happened.

“If an incident happens there is currently no entity that will investigate such a possibility. Even more so, in most cars there are no measures monitoring for such incidents. So if you try and succeed, no one will even know, not to mention launch an investigation,” notes Nathaniel Meron, Chief Product and Marketing Officer at C2A Security, a provider of automotive cybersecurity solutions.

And, though the IT networks of original equipment manufacturers (OEMs) have already been breached by ransomware gangs, vehicle owners are lucky that those criminals have not yet switched to in-vehicle networks attacks to “brick” cars and demand money.

If and when that happens and depending on the scale of the attacks, Meron recons that they could even bankrupt an OEM.

But while it’s difficult to say when this “grace period” might end, OEMs should accept as fact that one day it surely will, and they should use this time to work on defenses.

Securing vehicles from potential cybersecurity threats