With General Motors cars and trucks becoming increasingly more connected and full of complex software and hardware- is there a chance your Silverado or Sierra could be hacked? What about other increasingly connected automotive brands? Upstream, an Israeli cybersecurity firm has issued a new report detailing the growing threat.

Could the specter of Toby Keith be haunting your car’s sound system? It might sound like a stretch, but in the realm of automotive cybersecurity, the question isn’t entirely out of left field. The past ten years have seen a dramatic shift in the landscape of vehicle security, harkening back to the chilling incident where a Jeep was remotely hijacked and steered off the road. This event marked a turning point, underscoring the increasing vulnerability of our vehicles—not just the flashy electric ones, but any modern vehicle on the road.

US Report 2024 Web Chapter 3 0043
Connected vehicles are increasing the attack surface for nefarious groups at an alarming rate.

The latest findings from Upstream’s report highlights a staggering 250% surge in large-scale cyberattacks affecting the automotive industry, with potential damages for companies like GM, as well as suppliers and transportation fleets, spiraling into the hundreds of millions. These “massive-scale incidents” don’t just target individual vehicles but can compromise thousands, even millions, of “mobility assets.” This term encompasses a wide array of elements, from the vehicles themselves to charging stations and the various apps and backend systems that support them.

Read the report yourself: https://upstream.auto/reports/global-automotive-cybersecurity-report/

US Report 2024 Web Chapter 1 012 1
The number of impacted “assets” is growing each and every year- potentially exponentially in the next few years. 

The nature of these attacks is predominantly remote, with 85% coming from a distance and 95% initiated without any physical interaction. This isn’t about the close-range hacks or social media-based schemes that grab headlines; we’re talking about serious, covert operations that often don’t even get disclosed to the public.

At the heart of the issue is the complexity of modern vehicles. Today’s cars are essentially computers on wheels, with millions of lines of code and over a hundred digital controllers managing everything from the brakes to the infotainment systems. As vehicles become more software-dependent, the door to cyber threats swings wider open. The introduction of Software Defined Vehicles, exemplified by brands like Tesla and BYD, underscores this shift. While over-the-air updates promise convenience and the latest features, they also present new vulnerabilities to malicious software, from malware to ransomware.


Another emerging threat lies in the charging stations that have become ubiquitous as we shift towards electric vehicles. The convenience of paying through an app, either on your infotainment screen or smartphone, comes with its own set of risks. Cyber attackers could potentially shut down these stations, intercept your payment information, or even pilfer valuable data from your vehicle.
US Report 2024 Web Chapter 2 45

The narrative takes an even more futuristic turn with the potential role of AI in cybersecurity. Upstream’s report suggests that Generative AI could be a double-edged sword, capable of sophisticating phishing schemes and creating malware that slips past detection systems. Yet, there’s a silver lining, as this same technology could revolutionize how we defend against these cyber threats.

Upstream globally monitors threats from Ann Arbor, Michigan, Herzliya, Israel, London, England, Munich, Germany and Tokyo, Japan and it’s somewhat comforting to know that at over 25 million of the global vehicle fleet are under their surveillance.

Upstream Vehcile Operations Center 1
Upstream Vehicle Operations Center in Ann Arbor, MI

Upstream’s global operations, spanning from Ann Arbor to Tokyo, offer a glimmer of hope, with over 25 million vehicles worldwide under their watchful eye. The company’s insights suggest that we’re on the cusp of a new era in automotive cybersecurity regulations, aimed at safeguarding sensitive data and the infrastructure supporting electric vehicles. As the threat landscape evolves, so too must our defenses, ensuring that our vehicles remain safe, secure, and, most importantly, under our control.