White Papers

Is a vehicle the next insider threat?

Let’s get this out of the way up front, I am a car guy, and this is just my thought on what is possible.  Some elements may or may not be worked out to make this happen, but I believe it to be possible.

Vehicles are changing fast; they have more processing power, and the new push for Electric Vehicles (EV) is expanding daily.  Adding EVs to the mix increases processing power with other technologies, and the battery power is there to run systems longer and harder.  Most new vehicles come with Wi-Fi onboard, so we have hit the technology trifecta Compute power, Wi-Fi Access, and Battery Power.

Every business in Federal or Commercial space has employees that drive to work.  These vehicles are parked within the Wi-Fi range of the networks.  If you have the knowledge and willingness to hack them, you could, in theory, create a new level of insider threat using the onboard systems. We have all seen the recent news articles about people hacking cars to steal them or override other vital systems.  The focus has been on safety related to hacking vehicles, but I pose another chilling concern. 

What if the onboard systems were enabled to access outside networks opening the door to what is possible? You could have a device that gains access to the Information Technology (IT) environment and be used as a two-way access point.  This would allow someone to transmit data or just store data onboard vehicle systems. These systems are potential data theft targets or even introduce threats to IT environments by introducing malware. 

A few years ago, I wrote about concerns related to vehicle data collection with the development of smart roads and traffic control systems across the U.S.  There is ongoing development on vehicle-to-vehicle communications. All these systems are being explored for excellent reasons, and as I stated before, they can be used for malicious reasons. Think in terms of digital twins that are created by using vehicles as collection nodes or, in the insider threat concept related to data I touched on, the ability to transfer data from one vehicle to another to create a network of nodes to hide the activity or destination of the data theft or origin of the malicious content that is transferred.

The simplest example is using corporate or government laptops to connect to the Wi-Fi to work since this was why these Wi-Fi points were added to vehicles in the first place.  This example is happening today and if the onboard systems were used to collect data, credentials, or introduce malware, would we even be able to detect it?

The Defense Industry Base needs to consider these attack vectors and how they can be identified, addressed, and blocked before they are used to access critical systems.  It will be a challenging problem, but the good thing is we should have a little bit of time before the bad actors figure out how to use it to their advantage.  Do we need to develop new Wi-Fi sniffers, firewalls, applications, or other methods to address the concern? 

Written by Michael Ferree, PMP Shojiki Consulting, Released 8/4/2022