A Study on Vulnerabilities in Connected Cars

Abstract: This report researches the state of cyber security in connected cars. Specifically, common vulnerabilities and trends related to security issues in connected passenger cars are identified. The study is conducted through a systematic review of publicly reported vulnerabilities and incidents related to computer systems in connected cars. Some of the largest manufacturers in the automotive industry are researched along with common automotive suppliers. In addition, systems and devices used in connected cars are identified to further extend the reach of the study. The scope of this thesis is limited to publicly available material from two types of sources. The first source is the repository of cyber security company Upstream, which monitors automotive incidents in real-time. The second source is the National Vulnerability Database, NVD. The most common types of vulnerabilities linked to connected cars were found to be predominantly related to remote keyless systems (RKS), mobile applications, infotainment systems and the OBD port. A vast majority of the found vulnerabilities were remotely exploitable.The most common weakness was related to failure or lack of protection mechanisms.