This post is also available in: heעברית (Hebrew)

Vehicle software is continuously gaining sophistication, creating new threat vectors in the process. As autonomous and connected vehicles become software driven, risks increase that hackers will find ways to take control of the vehicle in order to change their speed and direction.
Vulnerability data in the autonomous and connected vehicle industry was unveiled by Karamba Security. The company has been attracting internet attacks on automotive electronic control units (ECUs) through its latest solution Karamba ThreatHive. In the last three months alone, Karamba ThreatHive analysis concluded that each of the electronic control units that they had exposed to internet connectivity was subjected to as many as 300,000 attacks per month.
ThreatHive technology operates as a threat intelligence command center. The company deploys honeypots globally to identify and track real-world cyberattacks as they exploit vulnerabilities in ECU’s firmware and infrastructure. By creating shielded replicas of the ECUs, the technology tracks exactly where malware penetrates and what it does, according to the company website.
The technology harnesses real-world hacking attempts to expose and pinpoint ECU vulnerabilities to be fixed before such vulnerabilities are exploited in real cars. According to the data, each of the automotive ECUs exposed by ThreatHive to the internet was attacked on average 300,000 times per month by 3,500 different hackers. Attackers come in different forms and are often bots searching for any ECU vulnerabilities they can expose to gain control of the connected system.
ThreatHive supplies companies with actionable security data to fix security bugs and logical errors before hackers actually exploit those vulnerabilities in real cars. The data enables them to close security gaps long time before hackers try to infiltrate the vehicle.
According to, data also uncovered that over 11 different types of attacks were attempted since ThreatHive’s inception. Each simulated ECU was targeted by a different mode of attack, aiming to exploit different services in the ECU. Attacks were prevalent across geographies and service providers.