For many people around the world, a large portion of their lives is lived online. They conduct business, maintain personal relationships, manage their money, buy stuff and even get their car news using the Internet.

This has been amazing for convenience, but that convenience has outpaced security, and so we hear about companies being hacked on a near-daily basis. This problem is increasingly spilling over into our vehicles, which have become increasingly attractive targets to hackers as they've gotten more technologically sophisticated.

We've covered vehicle hacks and vulnerabilities before, along with manufacturer "bug bounty" programmes that encourage so-called "white hat" hackers to report their findings in exchange for a financial reward rather than exploit them for other personal gain. What we've lacked has been a more complete picture of just how bad car hacking has gotten, but thanks to a report by Israeli firm Upstream.auto, now we've got one.

So, just how bad is it? Well, according to Upstream's report, there were only around 150 incidents in 2019, which isn't good, but it's not like we're experiencing the automotive equivalent of the end of the 1995 film Hackers. However, that represents a 99% increase in cybersecurity incidents in the automotive space in the last year. Even worse, the industry has experienced 94% year-over-year growth in hacks since 2016.

Those 150 or so incidents vary a great deal in the number of people they affect. For example, a breach in February targeted systems in some of the US Army's troop carrier vehicles. A month later, Toyota announced a breach that exposed the data of 3.1 million of its customers.

Bug bounties are a large part of what vehicle manufacturers and suppliers are doing to help combat hacking. Nevertheless, only 38% of reported security incidents are being done by bounty-hunting white hat hackers. Black hats (aka the bad guys) are still responsible for 57% of incidents, while 5% are being perpetrated by "other" parties.

Some bug bounty programmes have been more effective than others. Uber, for example, has 1,345 resolved bug reports and has paid out more than US$2.3mil . That's either good or bad, if you take the stance that it had almost 1,400 vulnerabilities in its software, while Toyota only has 349 resolved bug reports. Tesla has had good luck with its programme, with white hats finding several vulnerabilities with the Model S key fob that allowed it to be hacked in seconds.

If Tesla's fobs were so vulnerable, how many other vehicles are being accessed by keyless entry systems? A lot. The bulk (29.6%) of these cyberattacks are using the key fob to gain access. Company servers are a close second at 26.4%. Vehicle mobile apps represent around 12.7% of the hacks, with OBDII ports and infotainment systems rounding out the top five.

The worrying thing about these attacks is that 82% of them occur remotely, meaning that the hacker doesn't need to physically be inside the vehicle to do his or her dirty work. There are short-range remote hacks, like the Tesla key fob hack, where the hacker needs to be within a few metres of the car to break the fob's weak encryption, and there are long-distance hacks that can be perpetrated from anywhere.

Remote hacks are tough to defend against as an end user, so we're often left at the mercy of car companies and suppliers to find and fix the problems before something terrible happens. But as we have seen in Upstream's report, they could be doing a better job of it.

 - Tribune News Service