Posted on 06/20/2025 11:27:52 AM PDT by Red Badger
Why Car Cybersecurity Can’t Be Ignored
Imagine treating a ticking time bomb as background noise. That’s how many in the automotive industry have approached ransomware. Ransomware now accounts for 45% of all automotive cyber incidents so far in 2025, making it the leading threat to the sector. The scale of these attacks is also increasing: large-scale incidents affecting millions of vehicles more than tripled in 2024, and nearly 60% of all reported cyber events in 2023–2024 were large-scale in nature
There is strong evidence that the number of publicly disclosed automotive ransomware attacks is only a fraction of the true total. Many incidents are never disclosed. 148 publicly disclosed automotive cyber incidents were tracked in just the first quarter of 2025, but cybersecurity experts warn it is just getting started: “The pieces are in place for a transition from today’s manual, car-modding hacks to more harmful and larger-scale attacks,” and that criminal activity on the dark web points to a much broader, largely hidden threat landscape.
In a world where drivers expect more than just horsepower, digital security has become as essential as the engine itself.
The New Threat in the Driver’s Seat
Today’s cars are marvels of connectivity, but this convenience comes with risk. Picture a journalist at a dealership, eyeing rows of sleek sedans. Each keypad and dashboard screen seems harmless—until malware hidden in the firmware threatens to lock down the entire vehicle. That 45% breach statistic isn’t just a number; it’s a warning. What if, the next time you start your car, you’re met with a ransom note instead of the familiar engine hum?
When Code Becomes a Weapon
Ransomware attacks on car manufacturers often start with a weak link—stolen credentials from suppliers or compromised service portals. Once inside, attackers can encrypt vital systems: infotainment, navigation, even the ignition. An encrypted Electronic Control Unit (ECU) can make starting your car impossible until a ransom is paid. Unlike the data breaches of the past, these attacks don’t just steal information—they can bring your car to a standstill.
Vulnerabilities in the Supply Chain
The automotive supply chain is vast and complex, providing more opportunities for cybercriminals. A single phishing email to a small supplier can lead to malicious code being embedded in a firmware update, which then spreads to thousands of vehicles. Compromised update servers can deliver ransomware-laden patches, infecting entire fleets in minutes. Ironically, even the most security-conscious manufacturers can inherit vulnerabilities from distant partners.
Everyday Routines, Unusual Risks
Consider your morning routine: coffee in hand, you tap “Start” on your car’s smartphone app—only to find your vehicle locked by ransomware. The cost of negotiating with hackers may exceed typical repair bills, and insurers are still figuring out how to handle these new risks. Meanwhile, online forums buzz with debates over which software updates fix vulnerabilities and which might accidentally introduce new ones. Delayed security patches can leave vehicles exposed for weeks, making every drive a potential gamble.
Trust on the Open Road
Modern vehicles offer dazzling features and seamless connectivity, but these advances come with serious questions. When convenience can so easily turn into coercion, will drivers still trust their cars? On the open highway, does the engine’s roar reassure you—or remind you of the silent code that could one day hold you hostage?
You’re not powerless against this wave of automotive ransomware—there are concrete steps you can take right now to protect yourself and your EV:
Start by disabling remote access features when you don’t need them.
Always use strong, unique passwords for your car’s apps and accounts.
Keep your vehicle’s software and apps updated; patches often fix vulnerabilities before hackers can exploit them.
Be cautious with Bluetooth, Wi-Fi, and public charging stations.
Secure your key fob in a signal-blocking pouch.
Avoid connecting to unfamiliar networks.
If you add aftermarket gadgets, choose only trusted brands and check their security track record.
Stay alert for official security updates from your automaker and report any unusual vehicle behavior immediately.
A little digital vigilance goes a long way—taking these steps can help keep your car, your data, and your daily routine safe from cybercriminals.
He was right.
Much of this is counter productive when it comes to reliability, ease of maintenance, privacy, or even freedom (imagine they geo-zone areas where you can’t go with a fancy new car).
Think about this, a new clothes washer and dryer or dishwasher is digital, the display and controls, it once was all analog. It still does the exact same things, in the exact same way. But why would you want to make the control system digital on a machine that is exposed to moisture, lint, vibration and heat?
I hate the flat button design because I have to either put on my glasses or just slap randomly at where the button might be until I hit the right spot.
Just give me dials and buttons that go "click".
We should treat them exactly as we used to treat pirates back in the 18th and 19th Century.
No mercy. I am retired now but there were several times these people made my life miserable. Cut off their hands.
Not kidding.
I agree . Make it too frightening to even consider the crime
Not every step has been a step forward.
IMHO, it’s all about profits and money of course. But in many cases it’s LESS environmental, LESS safe (cars are getting smaller and lighter), LESS reliable, harder to repair and often with proprietary parts not even available after a few years (essentially disposable and that’s why often less environmental).
Why could we build refrigerators in 1952 that last 56 years (I had a Fridgeadaire in the hot Texas garage keeping the sodas cold that was 56 years old!), but in 2008 we can’t build a fridge to last 20 (and that’s not a joke)?
And what is the “logic” behind replacing a mechanical control system with a digital one on appliances like dishwashers, washing and drying machines, etc? These are appliances that operate in an environment where you have moisture, heat, lint and vibration!
I worked in health care and just retired a few weeks ago after 39 years, and it is a fact that healthcare is specifically targeted by ransomware pirates and people who write malicious code that when it isn't simply to extort money, is emotionally for them the simple equivalent of spraypainting a car and then overturning it and setting it on fire.
I took part in a conference call a couple of years ago with probably about 70 people from hospitals all over our region, and one hospital that had undergone a ransomware attack, three months after the fact, told us their story.
Three months later, and it STILL was not fully operational. The harm it caused to patients was profound, and the mental anguish it caused for the healthcare providers who were unable to provide timely care was sobering.
And it gave me a keyhole glimpse into what would happen if we had a large EMP event.
Hospitals are vulnerable to these types of attacks, because they often have no recourse but to pay. This hospital had all of their active system databases encrypted and locked, and the malicious software searched and found their backups, infected them and were also encrypted and locked by this ransomware.
In their immediate region, they were the only Level 1 Trauma hospital that could be accessed without putting someone in a helicopter.
They had to resort to paper, which they didn't have and were unprepared for. They could only store and display their radiology images on the devices that acquired them. They had no way to transmit results on exams to clinicians who needed them. At one point, they had to close and lock the doors to the rooms the Radiologists occupied to execute their interpretations, because it was like a zombie movie with clinicians taking care of critically ill patients, clamoring at the doors to get results.
The team from that hospital were obviously traumatized by it, and I heard several of their voices crack and choke up as they described the events.
When asked if they had to pay the ransomware pirates, they declined to tell people on the conference for legal reasons, which made me conclude they had to pay millions, but that is speculation on my part.
As you can probably guess-I am not in the least bit kidding in my post saying these people should be hunted down by trained military assault teams, have canvas bags placed over their heads, transported to places they can be waterboarded to extract any available information about their cohorts, tried, and executed.
It sounds harsh, but just wait until one of these people does something that kills large quantities of people in a single event. Hacking planes. Hacking power grids.
Or worse.
The first step is finding them given the volume and spoofing going on. These people look at it as throwing out fishing lines and maybe they will get some easy money.
I got a message yesterday stating that I had unpaid motor vehicle tickets. It came from the Philippines. Probably not as serious as what you described but if someone falls for it they could be wiped out.
Agreed - this stuff needs to be dealt with.
I think we have let it go on far too long already. It’s crazy.
I drive a 2000 Saturn SL2, a 1999 F-150, and a 2003 GMC 2500. Good luck trying to hold those hostage.
"Too late, Skippy. Now you send me $10,000 or I'll park it in your driveway."
I totally agree.
About 5 years ago, my oldest son's Rheumatologist's computers were taken over by ransomware. They wouldn't let anyone make an appointment until they got their system back. I asked him, hadn't they ever heard of appointment books? Or the fact that they could either dictate into a hand recorder, and/or write the notes from a visit that someone could enter into the system at a later date? They actually paid the ransom. It wasn't long after that, that he found another doctor to visit.
Early last year, the billing company Change Healthcare that handles Medicare billing and claims was hacked. I have no clue if they've even got the problems straightened out since then.
How did we ever produce, and view x-rays without digital devices? People have become way too reliant on devices to conduct their business. At least at the library, if their computer system is down, you can still find a book by checking the card catalog.
Besides making people lazy, the internet has caused as many problems as it has helped. It's given criminals just another platform to victimize people with. And nobody in the government seems to want to do anything about stopping it. When was the last time you heard of someone, or a group of criminals, being charged with sending out phishing emails, and phony text messages? Does anybody actually do anything with the scam emails you forward to the companies whose names are on them, or all the text messages you mark as spam, and mark "report"?
As far as I can see there is a connection between the victims and the pirates ie the money paid. If the money can find the pirates the so can the fbi or interpol if they want to.
Very reliable if it’s made in the USA.
-SB
This goes for any critical information, not just hospitals.
By the way, even though I am a "computer geek", I keep my backup material on thumb drives and CD-ROMs. Those are kept off-site. My project records are ALL on paper stored in three ring binders. I'm old fashioned, but robust. My computer roots go back to 1967. I don't trust 'em.
As someone who has worked for the last 39 years in both clinical and the IT end of things, I can tell you firsthand it isn’t that simple. (and this is in no way a criticism of you-like most people, you wouldn’t have any way of knowing about these kinds of things)
My clinical background was Nuclear Medicine, and about 30 years ago I transitioned out of direct patient care to Radiology Informatics.
I worked in a very modern, advanced Level 1 Trauma Center 20 miles from Boston. I was involved in every aspect of system design, construction, workflow analysis and design, billing, scheduling, reporting, you name it.
I straddled the transition from a completely analog Radiology environment to a wholly digital paperless Radiology environment.
When I began in 1984-86 after I got out of the Navy (I was a Jet Mechanic) during college studying for my degree, then entering the workforce after graduation, I entered a completely analog environment.
In that analog environment, there were darkrooms that had blind people working in them, developing machines with supplies of chemicals you had to constantly replenish, paper folders full of analog images that were stored in gymnasium sized rooms filled floor to ceiling with patient folders, an entire army of dozens of people who took them off the shelves, sent them to every corner of the hospital for appointments and who filed them back on those shelves when the clinical teams were done with them, light boxes for the Radiologists to hang and view physical films on, paper jackets, five part carbon copy paper requisitions for exams, small hand-held tape recorders for dictating, a large team of bureaucratic personnel who had to distribute these X-rays and requisitions out to Radiologists to read them, and who would have to pick up the tapes WITH the part of the five part requisition to give to a large team of 10-15 dedicated transcriptionists who would transcribe those tapes into mainframe computers that would print them out in batches, which were then sent back out to ALL the Radiologists who had to look at each one and physically verify that what the transcriptionist typed is what they actually said, and all those verified reports were collected and sent to Medical Records to be filed in the patient chart, and another copy sent to the Radiology files to be stored in the paper folder with the films. Another copy was sent to the people who prepared the result to send to the people who would reimburse the hospital for its work.
It was slow. It might take between a week and two weeks to get a result of a chest X-ray into the hands of a clinician for treatment.
And all kinds of things could go wrong. The developing machines could malfunction and eat the film, or break down at a crucial time and not process it correctly. Films could, and did get lost in that massive gymnasium sized room with dozens of people pulling them out and filing them in, sometimes filing them the wrong place by accident. Physicians would keep films for treatment purposes, not returning them when they should and hanging onto them. They would get completely disorganized inside the paper folders, and a lot of cussing and grousing took place when a clinician could not find that one single X-ray taken on a specific date because lazy, overworked, or people simply crazed by stress would just throw them back into the paper folder without organizing them.
Most debilitatingly, only one person could look at any film at any given time.
There might be a patient in the ICU who was having trouble breathing, and the X-ray today needed to be compared to the last several, but...the folder of films could not be found. One physician managing the neurological situation might have all the films and walked away with them to discuss them with some other neurologist, but the pulmonologist needed the chest X-ray right now.
Pagers would go off. Overhead voice pages throughout the whole hospital saying “Dr. Jones, please call extension 1234 STAT. STAT!” in an attempt to locate them. Personnel would frantically be making phone calls trying to find those films.
But sometimes, nobody actually had those films checked out. When they were re-filed in storage, someone made a mistake and filed them where they shouldn’t have been, and from that point on, were considered “lost”. We had a specialized group of film librarians, perhaps two or three who were especially talented with almost a spiritually inspired knack of tracking lost films down and finding them. They knew all the mistakes people made when filing, and could miraculously find those films.
But sometimes, they wouldn’t. And those films might be lost for days, weeks, or months. Then suddenly, a month or a year later, they would suddenly resurface when someone stumbled across them by accident looking for someone else’s film folder. And sometimes, they would never be found.
I was there for the entire transition from analog to digital. I designed the workflows and built the computer systems to integrate with those workflows which meant I had to map them out and know them from top to bottom, troubleshoot them when things didn’t work, develop workarounds when the system could not be changed or adapted to fill in a hole that was discovered that might delay care or cause harm to a patient. Near the end of my career, simply by osmosis and constant exposure, I began to more fully understand server setup, intersystems messaging, and database configuration. I learned SQL that allowed me to pull data to analyze issues and provide data to managers.
It took us many years to go to a front-to-back wholly digital, truly paperless system, and it was often very painful, as we could only do it as fast as the current technology in servers, workstations, networking and software would allow us to. And we were always waiting for technology to allow us to do what we needed to do.
Always.
Now, the clinicians order the imaging study, it is sent electronically to all of our systems in an authorized/signed status, the techologists taking the images have it show up on an electronic wordlist on their imaging device, they take the images, we track the flow so that we know where a patient is at any point in the process, with milestones (arrive in Radiology, begin the exam, end the exam, and when the final result is produced.
We have doctors today that when the result isn’t ready in under an hour from the time they enter the order, they get impatient and begin investigating to find out what the delay is. That process used to take weeks. Now, it can take minutes. And everyone can look at the images at the same time. Nurses checking the position of the line in a patient’s airway can see it while it is being read by the Radiologist, who might have another radiologist pull it up on their workstation to discuss it.
And we are using AI to help out. When the technologist looks at the digital image to ensure the quality is up to standards on a CT brain scan for suspected stroke, a copy of the images is automatically sent to an AI system which analyzes them for anything that might remotely resemble a stroke. If it finds something, it can flag the study with a key image of the brain where it sees the abnormality, and trigger a priority flag that the radiologist reading exams sees as they peruse their wordlist while, at the same time, moving the exam to the top of all exams awaiting interpretation, flagging it even more dramatically by making the entire line in the wordlist at the top turn red. Any Radiologist will see that, can stop and save whatever they are currently working on, and switch over to interpret that flagged stoke exam.
When they open it, the AI Key Image opens in a heat-mapped image that makes the abnormality obvious, and the Radiologist and go immediately to that exact spot and begin their human, in depth interpretation.
When someone is having a stroke, every second counts, and can make the difference between a full recovery and the paralysis of half of the patient’s body, or even the death of the patient. Seconds.
These are things that cannot be replicated on paper in a manual system. They simply cannot. It is impossible.
But I can tell you that we worked damn hard to develop the best downtime processes we could, but to be honest, all downtime processes, all of them, without fail, are imperfect and difficult. And when you have one of those ransomware attacks that not only takes down the ordering system, dictation system, radiology workflow system but also takes down the entire network, you CANNOT build in a level of redundancy where you can flip a switch and regain functionality.
In the real world, it simply doesn’t work that way. The best you can hope for is to have a primitive way to obtain the images, view the images, and get information to an ED physician who is treating a seriously injured patient that could potentially die. For the time being, you have to hope the system outage happens at night when there are far fewer patients rather than the middle of a busy day, where there may be thousands.
It is things like these downtimes that do make me relieved I am retired. It was extraordinarily stressful, knowing that the life of the patient, someone’s child, husband, wife, father or mother, could be hanging in the balance because the ED physician is unable to get the radiologist interpretation for whatever reason.
I was extremely lucky. I had worked both clinically and in IT, so I had the requisite blend of knowledge to do what was needed. I had a great, productive, rewarding career, and for the last 20 years of it, I worked 60 hour work weeks on salary, not hourly. I was being paid for 40 hours. I was on call 24x7. But I was blessed to work the the most amazing Radiology Informatics team. I was the oldest one. At the end, they worked hard to take things off my plate, when for so many years, everything was ON my plate, all of it.
These people I worked with, endeavored to lighten my load, and I will never, ever be able to thank them for that. THEY are what I will miss in my work.
At the end of my career, I no longer had direct patient contact. But as I walked through the clinic, I would see patients who were obviously lost and confused. It was my favorite part of the job, at the end. I could go up to them in the hallway and ask them if they needed help. Their faces would light up with genuine gratitude, and I would talk to them. If they were wearing a military hat, I would thank them and ask them about their service and what they had done, and when they were in.
But the look of unalloyed gratitude and appreciation on their faces, for something that was so easy and effortless to me, was in my mind, what I thought a dose of crack must be like for an addict. And for me, it cost me...nothing to walk a little old lady to the elevator, or some fellow to a destination in the hospital, chatting all the way.
That is what I will miss most of all from my profession. But we all move on. And now I do.
My old beater does not get any “security updates”.
Lol.
I'm in my 22nd year of retirement. Never thought I'd live this long. I was at a funeral service yesterday and ran into one of the officers I'd worked with. He had just retired as a Sergeant like me, after working 35 years. God bless him. I was old enough in 2003 to retire at 56 with 25 years when I went out. The system was bad when I left, and it's gone terribly down hill even more since then. They can't find anyone to take the Civil Service Test for the position anymore. They start Correctional Officers now, at basically the amount I retired at, as a Sergeant.
"I was there for the entire transition from analog to digital."
Some people have a problem with change. I was a long-time patient of a rheumatologist. During one of my visits I discovered that although every doctor was required to use a laptop to record visits, he didn't seem that familiar with the behavior of computers. He walked into the room, looked at the black screen on the laptop, and said "Well, that doesn't look good." I asked him what he was talking about, and he pointed to the laptop on the desk. I told him that it was just asleep, and all he had to do was touch one of the keys, and it would wake back up. I pressed down on a key, and he was delighted when the screen returned to normal. He actually thanked me for fixing his computer. Yikes! I asked him if he had a computer at home, and he said yes, so I wondered why he'd never come across his computer going to sleep on him there. It wasn't long after that, he discovered that the healthcare network he was working for, was going to be installing a new computer system, and that he'd have to take classes to learn how to use it. He was so scared of the whole thing that he retired. Never did get around to finding another rheumatologist. One less co-pay to come up with.
Not even 556Nato to 300 Blackout? :)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.