Behind the Man-in-the-Middle Attacks For Connected Cars: Real-Life Interception of Network Traffic Between Connected Car and Back-End Platforms

Image 1: Connection of the car to external OEM back-end and third-party back-end platforms, representing emerging cyber-risks to connected cars

What is a MITM attack? How does it work on a connected vehicle?

MITM attacks occur when a hacker secretly relays and alters the communication between two connected targets. Modern connected vehicles are equipped with plenty of wireless interfaces such as Wi-Fi, Bluetooth, cellular communications, Near Field Communications (NFC), and proprietary radio interfaces, making it very feasible for hackers to organize MITM attacks. For example, one way a hacker can intercept cellular communication and data in connected vehicles is by establishing rogue base stations that the vehicle’s modem will connect to and therefore facilitating the MITM attack.

Image 2: Scheme of a Man-in-the-Middle attack
Image 3: Man-in-the-Middle attack for connected cars
  • jamming the 3G/4G signals of nearest base stations
  • creation of Faraday garage for the car’s cellular modem

What are the consequences of a MITM attack for a connected vehicle?

Once the hackers have established connectivity to the vehicle, they will begin the process of intercepting the vehicle’s data and communications. Some of the vehicle data that can be intercepted include OTA software updates and network traffic using the MITM GPRS protocol. Hackers can also intercept SMS messages using GSM protocols and can also access data transmitted between the vehicle and the OEM’s platforms. These attacks have various levels of danger, for example, hackers can also gain control of the steering wheel, adjust the speed of the vehicle, and manipulate the brakes, which creates an unsafe environment both for the passenger and the other drivers on the road.

How can you prevent MITM attacks?

The danger that cyber-attacks, and MITM attacks in particular pose to the automotive industry can’t be underestimated. As technology in connected vehicles advances and becomes more sophisticated, so do the methods used by cyber criminals to attack or threaten victims worldwide. To tackle this, OEMs can rely on Penetration Testing (or pen-testing) which is performed by authorized professionals in order to exploit vulnerabilities in connected devices to determine whether malicious activity is possible. It allows organizations to gain deep insights on their system or vehicle’s possible vulnerabilities, comply with security standards, and verify staff awareness.

Image 4: The purpose of pen-testing


The automotive cybersecurity landscape is shifting rapidly, with each layer of new connected features and customer experiences adding a potential risk for OEMs and customers. Recognizing the need for penetration testing to expose the vulnerabilities of their vehicles will allow the automotive industry to take a preventative approach against cyber-attacks.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
NavInfo Europe

NavInfo Europe

Helping companies power their future with intelligent solutions in AI, Simulation, Map Data Services, and Cybersecurity.