Exploiting weaknesses in car architecture to steal them is a real issue, says Kaspersky!

The world is increasingly producing modern, computerised vehicles with numerous electronic control units (ECUs), and attackers will continue to exploit implementation errors and vulnerabilities to steal vehicles. One recent example is when attackers were able to connect to the CAN bus of a major manufacturer’s vehicles through a headlight, subsequently gaining access to the engine starter system.

Experts expect that new vulnerabilities used for car theft will be discovered in 2026. Entry points can be any accessible interface: CAN bus, OBD port, Ethernet port, NFC module, Wi-Fi and Bluetooth chips, and LTE modem.

“It’s important to note that some automakers like Tesla have begun to focus on cybersecurity, demonstrating a high level of responsibility and actively preparing to address a wide range of threats. We work closely with these companies, regularly conducting security audits at their request, and thereby increasing the level of security across the entire supply chain, from manufacturers to end users,” comments Artem Zinenko, Head of Kaspersky ICS CERT.

Vulnerability Research and Assessment
Modern embedded vehicle computer systems are directly or indirectly connected to the internet, making attacks against them a matter of time. To create attack-resistant systems, security principles should be incorporated into the design and development stages.

This will mitigate some risks and minimise the likelihood of exploitation. Kaspersky has developed its own solution for ensuring vehicle information security which is Kaspersky Automotive Secure Gateway, based on the KasperskyOS operating system.

Furthermore, risks can be minimised by regularly conducting security audits to promptly identify and remediate vulnerabilities, as well as installing specialised solutions with protection against ransomware and other types of malware on endpoints in office and industrial networks.

Meanwhile did you know that with over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure and governments around the globe.

The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialised security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats.