Smart Cars, Dumb Passwords: Auto Industry Still Runs on Weak Passwords

A new study by NordPass and NordStellar reveals the automotive industry is plagued by weak, reused, and common passwords like 123456, leaving smart cars and critical systems vulnerable to cyberattacks. Learn why the car sector’s digital security is lagging.

Even with all the progress in smart vehicles and automated systems, the automotive industry still has a big cybersecurity problem with weak and reused passwords.

A recent study by NordPass, conducted in collaboration with NordStellar and shared with Hackread.com, highlights how car manufacturers, suppliers, and dealerships are often using easily crackable passwords to secure vital systems. This puts valuable data and critical infrastructure at risk of cyberattacks.

The analysis that led to these findings involved reviewing a massive 2.5 terabyte (TB) database of credentials compiled from publicly available sources, including the Dark Web.

The research identified a troubling trend of predictable and unsafe passwords being widely used across the automotive sector. For instance, passwords like 123456 and P@ssw0rd are still prevalent, alongside variations linked to company names or roles, such as @Incontrol1976 and caoa2024**.

Karolis Arbaciauskas, head of business products at NordPass, stated that these simple credentials can be “easily cracked, leaving companies wide open to cyberattacks.” Moreover, the study found that many companies commonly reuse passwords with minor changes, like F3930ebbce and F3930ebbce@, increasing their susceptibility to breaches.

The research also highlights that this issue isn’t limited to the automotive sector. Other industries, including education, technology, healthcare, and retail (which has faced a wave of cyberattacks recently) also rely on weak or easily guessed passwords.

It is worth noting that these insights are part of a broader study that examined password trends across 11 key sectors, including healthcare, finance, and education, to identify industry-specific vulnerabilities.

The report points to several weaknesses in the automotive industry’s online security. A major contributing factor is human error, which reports suggest accounts for up to 70% of data breaches. Employees often make critical mistakes, such as using their email addresses or personal names as passwords, making it easier for hackers to gain unauthorized access. Another key vulnerability is the lack of multi-factor authentication (MFA), a crucial security layer that requires more than just a password to verify a user’s identity.

To address these vulnerabilities implementing cybersecurity training for employees is crucial to educate them on best practices. Businesses should also adopt advanced network security solutions, including business VPNs and password managers for secure storage of credentials.

Multi-factor authentication (MFA) is highlighted as an essential defence against unauthorized access. Additionally, the study mentions the emerging role of passkeys, a more secure alternative to traditional passwords, with tools like Authopia by NordPass helping companies integrate this technology.

Overall, NordPass highlights the significant role of compromised credentials in data breaches, emphasizing the need for enhanced password management and comprehensive cyber resilience strategies.

Check out the Top20 not-so-secret automotive passwords:

Stream3312# @Incontrol1976 @EciAutomation1976 F3930ebbce Ngtr@2020 F3930ebbce@ f3930ebbce Top44430 [email protected]

novi1pass2

Springbok+78

$tr3amLine

123456

Stream3312!

Ankara0661

@Incontrol1971

caoa2024**

P@ssw0rd

Mega@poli07

Elite$00