A report published by Trend Micro has revealed high-risk cyberattacks against a connected vehicle (CV) can be carried out by a 'low-skill' attacker.
The cybersecurity firm says attacks such as a distributed denial of service (DDoS) could overwhelm connected vehicle communications.
DDoS renders a machine or network resource unavailable to the user by disrupting services of a host connected to the internet.
Launching a DDoS assault on an exposed ITS infrastructure could have devastating consequences - especially if connected vehicles rely on it for driving decisions, the company adds.
This is just one of 29 real-world scenarios flagged up in Cybersecurity for Connected Cars Exploring Risks in 5G, Cloud and other Connected Technologies.
Trend Micro identifies 17% as high-risk, 66% as medium-risk and 17% as low-risk.
The firm says other dangerous attacks include electronically jamming connected vehicle safety systems or wireless transmissions to disrupt operations.
Medium-risk attacks can include sending incorrect or improper commands to back-end ITS.
Remotely transmitting and installing malicious firmware and/or apps fall into the low-risk category.
Rainer Vosseler, threat research manager for Trend Micro, says the research shows there are “ample opportunities” for attackers looking to abuse connected vehicle technology.
“Fortunately, there are currently limited opportunities for attacks, and criminals have not found reliable ways to monetise such attacks,” Vosseler continues.
“With the UN's recent regulations requiring all connected cars to include cybersecurity, as well as a new ISO standard underway, now is the time for stakeholders across the industry to better identify and address cyber risk as we accelerate towards a connected and autonomous vehicle future."
Trend Micro has issued guidance for protecting CVs, which includes establishing effective alert, containment and mitigation processes.
The firm also recommends protecting the end-to-end data supply chain across the car's E/E network, the network infrastructure, back-end servers and vehicle security operations centre.
It also emphasises the importance of applying lessons learned to prevent repeat incidents, using security technologies such as firewall, device control, app security, vulnerability scanner and code signalling.