Just like any connected device, the IoT components embedded into vehicles pose the risk of unauthorized access by cybercriminals. Security breaches can result in leaked personal data, threats to a vehicle’s essential security and safety mechanisms, and, in extreme cases, full remote control of the car.

Dellfer for Auto IoT

Dellfer takes a unique approach to protecting IoT devices used in auto components, such as electronics, actuators, and sensors that are used to gather information and inform decisions and actions. Conceptually, it is simple. Dellfer essentially takes a fingerprint of the software used to run an IoT device, then sets up detection mechanisms that trigger defenses if any changes appear. For instance, if malware is injected into the software, Dellfer detects it and quarantines it. Or, if the software is altered to behave differently, Dellfer identifies the source of the issue and neutralizes it.  

Highest Safety Certification

Dellfer Developer Toolkit is qualified to be used in safety-related software development according to ISO 26262 for any ASIL.

Connected Cars

According to Deloitte:

“The Internet of Things enables transformational change, and there is no question that the automotive sector is changing extremely rapidly. IoT-related technologies will draw the map for the industry to follow, and the connected car will play a major role on the roads and in the economy of the future.” 

IoT Brings New Attack Surfaces

According to Trend Micro Research:

“A modern car has an incredible number of connected technologies such as satellite, cellular, Wi-Fi, Bluetooth, RDS, eSIM-based telematics, and others. The car uses these connected technologies for sending and receiving data that support user applications, driving applications, autonomous driving, safety features, and many more. All these network-centric applications have created brand new attack surfaces in connected cars.”

Connected Cars by the Numbers

  • High-end cars can uplink up to 25GB of data per hour.
  • As of 2021, it is estimated that 237 million connected vehicles are in operation, and the number is projected to increase to over 400 million by 2025.
  • Very basic cars have at least 30 electronic control units (ECU), which are microprocessor-controlled devices, while luxury vehicles can have up to 100 ECUs.

Electronic Systems

Cars already contain up to 100 electronic control units (ECUs) supported by millions of lines of code, and advanced AI algorithms are being developed for autonomous driving. Estimates of lines of code in a new car are 100 to 150 million. Automobiles have more lines of code than an F-35 fighter or a Boeing 787. Tech is a major reason why the average cost of a new vehicle in the U.S. in late 2020 exceeded $40,000. That’s just the average. Because cars are now rolling computers, 40% of the cost is in electronic systems.

Electronic systems as % of total car cost
Dellfer Automotive Industry

What is the cost of not having automotive cybersecurity?

FCA (Fiat Chrysler) recalled about 1.4 million Jeeps in 2015 due to a cybersecurity vulnerability leading to remote exploitation. It’s estimated to have cost them around $600 million (fines, lawsuits, insurance, fixing/recall costs). This would put the cost of NOT having security at around $400 per vehicle.

Automaker Brand at Risk

If your car was hacked, how would that change your brand perception of that particular automaker? In a report by KPMG’s Consumer Loss Barometer, car buyers are highly concerned with automotive cybersecurity. Some buyers stated rejecting future purchases of a compromised brand. 

Cyber is not an IT issue – it’s a business issue. Every OEM needs to consider cyber as part of their value proposition and brand experience.

How does a hack affect an automotive's brand perception?
How much are threat actors paying for zero-day exploits?
Adobe Reader
< $2.5M
Microsoft Word
< $100K
< $1M
< $500K
< $1M
Connected Vehicle

Deeper, Disturbing Trend in the Marketplace

Marketplaces for selling exploits are growing quickly. Demand, supply, and expected high ROI is fueling the Zero-Day vulnerability marketplace. Nation-state actors and criminal organizations are actively seeking, purchasing, and exploiting Zero-Day vulnerabilities. Researchers sell exploits to either fix or disclose vulnerabilities, which means that fixing exploits becoming ever more expensive.

Cyber Attacks and Cyber Crimes

The rogue authoritarian regime, North Korea, has used cybercrimes to mitigate the effect of sanctions. Cyberattacks accounted for an estimated 2.77% of the country’s GDP in 2019. The regime raised $2,000,000,000 from cyberattacks for 2016 and 2019, according to a United Nations Security Council Sanctions Committee report.

Global cybercrimes are estimated to reach $6,000,000,000,000 ($6T) by the end of 2021, which is more than the global illicit drug crime market. Cybercrime is expected to continue to grow 15% annually, reaching $10,000,000,000,000 ($10T) by 2025. In fact, a cybercriminal can earn $2 Million per year. Contrast that with an average NFL player—who works with the specter of serious head injury—who earns $860,000, and the appeal of cybercrime is clear.

Dellfer Hacker

Enter Your Information to Access This White Paper

Enter Your Information to Access This White Paper

Enter Your Information to Access This White Paper

Enter Your Information to Access This White Paper

Enter Your Information to Access This Datasheet

Enter Your Information to Access This Datasheet