Automotive Cybersecurity: Navigating the Digital Road Ahead

Automotive Cybersecurity has become a fundamental pillar of today’s modern vehicle security, protecting electronic systems, software, and networks from unauthorized access, manipulation, and cyber threats. As vehicles evolve into highly connected ecosystems through integrating autonomous driving, advanced driver assistance systems (ADAS), shared mobility, electrical and electronic (EE) architecture, in-vehicle infotainment, and more, their attack surface expands, increasing the risk of cyber exploitation.

The automotive cybersecurity technology safeguards both on-board systems—including domain controllers, electronic control units (ECUs), embedded systems, network chips, and sensors—and external interfaces, such as vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), vehicle-to-everything (V2X), cloud and edge services, electric vehicle charging infrastructure, others. The growing complexity of connected vehicles has made automotive cybersecurity a critical concern, with cyberattacks posing risks to safety, data integrity, and operational continuity.

This article explores the significance and advantages of robust cybersecurity measures, examines real-world cyberattack case studies, and analyzes the evolution of attack vectors and high-risk targets. It also outlines effective mitigation strategies, reviews global cybersecurity regulations, and highlights key market players and recent industry developments shaping the future of automotive cybersecurity.

The Critical Role of Automotive Cybersecurity

As modern vehicles integrate increasingly complex computing, software, and connectivity systems, the attack surface for cyber threats expands, making automotive cybersecurity a critical necessity. With drive-by-wire systems, over-the-air (OTA) updates, and vehicle-to-everything (V2X) communication becoming standard, any security vulnerability can have catastrophic consequences, including compromised vehicle control, data breaches, and supply chain infiltration. A robust cybersecurity framework is essential to ensure vehicle safety, regulatory compliance, and ecosystem integrity in the evolving automotive landscape.

Key Importance & Advantages of Automotive Cybersecurity

Digitalization of Vehicles – Securing Software-Defined Mobility

Modern vehicles rely on drive-by-wire and ADAS technologies, making them vulnerable to cyberattacks. Intrusion Detection and Prevention Systems (IDPS) ensure protection against remote hijacking. Cryptographic signing and delta-based firmware updates are also utilized to safeguard software integrity, preventing unauthorized modifications and enhancing cybersecurity resilience.

V2X Connectivity – Expanding the Cyber Attack Surface

Vehicle-to-Everything (V2X) communication enhances road safety but increases cyber risks. IEEE 1609.2 and Zero Trust Architecture secure data exchanges against interception and manipulation. Strong encryption protocols protect vehicle-to-infrastructure (V2I) and vehicle-to-vehicle (V2V) interactions, ensuring safe and authenticated communication.

Securing ECUs and Preventing Counterfeiting

Electronic Control Units (ECUs) control critical vehicle functions but are prime targets for cyberattacks and hardware tampering. Blockchain and Hardware Root of Trust (HRoT) ensure secure authentication of components, preventing counterfeit parts and unauthorized modifications.

Future-Proofing Against Quantum Threats

Quantum computing advancements pose risks to conventional encryption in vehicle security systems. Implementing quantum-resistant cryptographic algorithms ensures long-term data protection, securing vehicle software and communications from future threats.

Regulatory Compliance – Meeting Global Cybersecurity Standards

Compliance with UNECE WP.29, ISO/SAE 21434, and NHTSA standards is essential to maintain cybersecurity across the vehicle lifecycle. Adhering to these frameworks ensures a proactive approach to risk mitigation, safeguarding brand reputation and consumer trust.

Case Studies

Below are some of the recent instances where researchers have identified potential vulnerability pointers, which the attackers could target to gain access to critical vehicle functions and user data:

Case Study 1: The Subaru Starlink Vulnerability

In 2025, automotive cybersecurity researchers uncovered a critical flaw in Subaru’s Starlink-connected vehicle service, exposing customer account details in the United States, Canada, and Japan. The vulnerability stemmed from weaknesses in Starlink’s admin portal, including an insecure password reset API and insufficient two-factor authentication safeguards, allowing attackers to bypass authentication, reset employee passwords, and gain full access to vehicle and customer data. Hackers could remotely modify access permissions, control vehicle functions, track real-time location, and extract PINs, billing details, and emergency contacts using only license plate details and basic owner information. Subaru patched the vulnerability within 24 hours, but the incident underscored significant security gaps in Subaru’s connected vehicle systems.

Case Study 2: Skoda Superb III Cybersecurity Vulnerability Exposure

In 2024, over 1.4 million Skoda Superb III vehicles were found to have multiple security vulnerabilities, exposing sensitive vehicle information. PCautomotive’s researcher revealed they could insert malware into the vehicle’s software system without user authentication. Exploitation of 12 such identified vulnerabilities allowed them unauthorized access to vehicle data from the GPS system, the infotainment system’s display, and the ability to record in-vehicle conversations. This vulnerability could have led to significant privacy risks, including unauthorized location tracking and eavesdropping on user conversations. In response to public awareness, it led to increased scrutiny of vehicles’ cybersecurity and the necessity for manufacturers to address such flaws proactively.

Case Study 3: Kia Connected Car Web Portal Vulnerability

In 2024, researchers discovered a vulnerability in Kia’s Web portal that allowed unauthorized reassignment of connected car features, affecting millions of vehicles. Hackers could access the vehicle functions, including location tracking, door unlocking, horn honking, and start ignitions, using only a license plate number. The attack leveraged weak authentication controls in Kia’s API, granting dealer-level access to any hacker. The Kia breach was part of a broader trend of web-based vulnerabilities in the connected automotive ecosystem. Kia patched the vulnerability after disclosure but has not confirmed a permanent fix. The incident highlighted the ongoing cybersecurity gaps in web-based features in connected automotive ecosystems and the need for stricter security measures and industry-wide reforms.

Case Study 4: The Remote 2015 Jeep Hack

In 2015, cybersecurity researchers remotely hacked a 2014 Jeep Cherokee, exploiting vulnerabilities in Fiat Chrysler’s UConnect system via the Sprint cellular network, affecting over 1.4 million vehicles. The attackers gained control over critical functions by compromising the in-vehicle infotainment system and flashing the Renesas V850 microcontroller chips, including steering, braking, acceleration, and engine shutdown. This remote exploit demonstrated the severe risks of cyber-physical attacks, showcasing how hackers could manipulate vehicle major operations and compromise driver and passenger safety. In response, Fiat Chrysler recalled affected vehicles, and Sprint blocked the vulnerable network port. This incident accelerated the adoption of ISO/SAE 21434 and UNECE R155 cybersecurity regulations among automotive manufacturers around the globe.

Key Exploitation Targets in Automotive Cybersecurity

Figure 1: Key Vulnerability Points in an Automotive Vehicle

As vehicles become increasingly software-driven and interconnected, cyber attackers exploit weak points across backend systems, communication protocols, and embedded electronics. Emerging threats target critical functions such as ECU communication, vehicle-to-cloud systems, and software integrity, posing significant safety and data privacy risks.

Evolution of Automotive Cybersecurity Threats

As vehicles become more and more connected, cyber threats have evolved beyond traditional vulnerabilities. Attackers now exploit real-time communication systems, OTA updates, and in-vehicle networks, making automotive security more complex. Emerging threats are increasingly sophisticated, exploiting complex vehicle networks and evolving faster than traditional security measures can counter.

Types of Automotive Cybersecurity Threats

1. Man-in-the-Middle (MITM) Attacks

Cyber criminals intercept and manipulate ECU communications, compromising data integrity in OTA updates and telematics. Without end-to-end encryption, attackers can alter commands or inject malicious code.

2. Eavesdropping & Data Exfiltration

Unencrypted vehicle data, such as GPS locations and driver behavior analytics, is vulnerable to interception. Attackers can exploit these leaks for identity theft, tracking, or targeted cyberattacks.

3. IP Spoofing & Unauthorized Access

Hackers disguise unauthorized devices as legitimate ECUs to gain access to in-vehicle networks. This can lead to control manipulation, unauthorized software installation, or data theft.

4. Denial-of-Service (DoS) Attacks

Malicious actors flood automotive Ethernet networks with excessive traffic, disrupting essential vehicle functions. This can disable ADAS, braking systems, or infotainment controls, leading to potential road hazards.

5. Message Injection & Vehicle Manipulation

By injecting falsified CAN or LIN bus messages, attackers can alter vehicle behavior, such as disabling brakes, overriding steering, or shutting off critical safety features due to a lack of built-in authentication.

6. Malware Injection via OTA Updates

Exploiting vulnerabilities in software update mechanisms, attackers deploy malicious firmware, compromising ECUs and connected systems. This can lead to persistent control over vehicle operations or network-wide infections.

Automotive Cybersecurity- Mitigation Strategy

Automotive cybersecurity faces evolving threats such as MITM attacks and message injection, which can compromise vehicle communication and safety. To ensure security and mitigate such threats, strategies like the IEEE 1609.2 Security Standard protect V2X communications from interception, while CAN Bus Intrusion Detection Systems (IDS) prevent unauthorized message injections. A few of the mitigation strategies that are employed to combat these threats are outlined below.

1. Network Security & Intrusion Detection

To safeguard critical in-vehicle network components like ECUs, infotainment systems, network switches, and telematics subsystems against unauthorized access and manipulation by detecting anomalies and securing communication protocols. Some of the potential research activities are mentioned below:

• CAN Bus Intrusion Detection System

Beijing Jiaotong University presents a multiple observation Hidden Markov Model (HMM)-based intrusion detection system (IDS) for CAN bus security in automotive networks. The IDS builds multiple HMMs using both the ID domain and data field correlations to establish anomaly detection thresholds. Evaluated across four attack scenarios: DDoS, fuzzy, masquerade, and replay (variant/invariant). It achieved over 95% accuracy, precision, recall, and F1-score, outperforming traditional models like KNN, SVM, and decision trees. The system optimally detects deviations with a time window of 18-24 frames, effectively identifying subtle masquerade and replay attacks.

• Automotive Ethernet Security

Dissecto’s HydraLink facilitates the transition from CAN-based networks to Automotive Ethernet, providing a cost-effective USB3 Gen 1 interface for real-time diagnostics, security testing, and protocol analysis. Designed for ECU development, penetration testing, and traffic interception, it enhances vehicle cybersecurity by enabling firmware flashing, IDS validation, and MITM-based traffic monitoring. This solution streamlines workflows for developers and security professionals, ensuring efficient and secure in-vehicle network communications.

• Graph-based Attack Path Prioritization (GAPP)

Obuda University collaborated with Robert Bosch to present a GAPP (Graph-based Attack Path Prioritization Tool), a novel framework for attack path analysis in automotive cybersecurity. GAPP automates attack path generation, evaluates feasibility based on ISO/SAE 21434, and prioritizes high-risk attack vectors. Using a headlamp system case study, it identifies critical threats, assesses feasibility through attack potential criteria, and visualizes attack paths. The results enhance Threat Analysis and Risk Assessment (TARA) by providing a dynamic, automated approach to network security evaluation.

2. Secure Software & Firmware Protection

It ensures secure over-the-air (OTA) updates by preventing malicious code injections through advanced security mechanisms. It safeguards key infrastructure components, including backend servers, mobile applications, and APIs, ensuring the integrity and reliability of remote software updates. Below are some of the potential security mechanisms presented by researchers:

• Delta-based Firmware updates

The Egypt-Japan University of Science & Technology presents a secure and efficient FOTA system for automotive cybersecurity, utilizing delta-based firmware updates to reduce flashing time by 51.6% and minimize bandwidth usage. Built on the AUTOSAR architecture, it ensures scalability and compliance with industry standards. Security is reinforced through UDS 0x27 authentication, preventing unauthorized access, while real-time communication is achieved via CAN and SPI protocols. FreeRTOS enables seamless multitasking, supporting FOTA and UDS authentication. The results validate the system’s effectiveness, aligning with industry benchmarks for secure and adaptive automotive software updates.

• Over-the-Air (OTA) Security

Coventry University and Conigital Ltd. present an adaptable Security-by-Design approach for securing Over-the-Air (OTA) updates in modern vehicles, integrating threat analysis, a layered security framework, and penetration testing. Built on the Uptane framework and aligned with ISO/SAE 21434 and UNECE WP29 standards, it provides OEMs and stakeholders with a systematic methodology to mitigate cyber risks throughout the security engineering lifecycle. Incorporating security controls across development phases strengthens OTA update resilience, ensuring safer and more reliable automotive cybersecurity.

3. Cryptographic Safeguards

It leverages advanced encryption techniques to safeguard sensitive vehicle data against interception, manipulation, and exfiltration. It secures critical components, including APIs, backend servers, and navigation and communication systems, ensuring data integrity and confidentiality. Some of the future potential encryption techniques are mentioned below:

• Quantum-Resistant Cryptography

Elementalent Technologies, Citi, and iQi Inc. collaborated to present the implementation of post-quantum cryptography (PQC) in automotive cybersecurity to mitigate the risks posed by quantum computing. It evaluates quantum-resistant cryptographic schemes, including lattice-based, hash-based, and isogeny-based cryptography, assessing their feasibility for V2X and in-vehicle communication. The study highlights challenges such as computational overhead, backward compatibility, and real-time processing constraints in automotive environments. A layered security approach combining traditional and PQC methods is proposed, wherein the lattice-based key exchange in autonomous vehicles demonstrates the performance impact and security benefits. The research shows the urgency for the automotive industry to adopt quantum-resistant frameworks to future-proof cybersecurity against quantum-enabled threats.

• Homomorphic Encryption

The University of Anbar introduced HMFLS, a homomorphic encryption-enabled federated learning system for secure pedestrian and vehicle detection. Leveraging Generative Adversarial Networks and VGG19-based feature extraction, it processes encrypted surveillance and fog node data while preserving privacy. Designed for seamless integration into vehicles and mobile applications, HMFLS enhances automotive cybersecurity by ensuring secure, real-time object detection with improved accuracy and reduced resource leakage.

4. Zero Trust and Secure Architecture

It enforces continuous authentication and isolated execution environments to prevent unauthorized access and exploitation. It secures critical components like backend servers, ECUs, and APIs, ensuring protection against cyber threats. A few potential architectures are as follows:

• Zero Trust Architecture

Southwest Research Institute explored the implementation of Zero Trust Architecture (ZTA) to enhance intra-vehicle network security by enforcing strict authentication, network segmentation, and real-time monitoring. Tested using software-in-the-loop simulation and resource-constrained hardware, the approach leverages Secure On-board Communication (SecOC) and Secure Boot to prevent unauthorized access and firmware manipulation. Demonstrating 100% detection of illicit messages and unauthorized firmware, it provides OEMs and automotive stakeholders with a proven strategy to strengthen vehicle cybersecurity while maintaining system performance.

• CHERI (Capability Hardware Enhanced RISC Instructions)

Secure Elements & Edinburgh Napier University collaborated and explored the use of CHERI (Capability Hardware Enhanced RISC Instructions) to enhance automotive cybersecurity by securing Intrusion Detection Systems against IP spoofing and rule manipulation attacks. By leveraging CHERI’s fine-grained memory protection and capability-based access control, the IDS ensures robust defence while maintaining real-time performance. Implemented on the ARM Morello board, the system achieved a 100% detection rate for spoofed packets with minimal latency overhead (12 ms). The study highlights CHERI’s scalability, compliance with automotive standards, and potential for securing connected and autonomous vehicles against advanced cyber threats.

5. AI & Simulation-based Security

It utilizes AI-driven simulations and predictive analytics to anticipate cyber threats and strengthen defensive measures. It enhances the security of infotainment systems, ECUs, and telematics systems by proactively identifying and mitigating potential vulnerabilities.

• Digital Twin Simulation

University of Florida introduces ViSE, a digital twin platform for exploring automotive functional safety and cybersecurity by simulating real-world attack scenarios and system failures. The platform virtualizes ECUs, sensors, and actuators, enabling interactive security analysis and policy testing. A CAN simulator replicates in-vehicle communication, supporting adversarial activities for cybersecurity evaluations. Two system-level use cases, right turn and cruise control, demonstrate ViSE’s capability to identify vulnerabilities and validate countermeasures.

• Embedded ML-based Voltage Fingerprinting

University of Pisa & Capegemini collaboratively introduced a real-time embedded ML-based Voltage fingerprinting approach to enhance in-vehicle cybersecurity. By implementing and validating the solution on automotive-grade microcontrollers, it bridges the gap between theoretical methods and practical deployment. Using a circular buffer strategy and integration of automatic C/C++ code generation enables accurate intrusion detection while maintaining low computational overhead. The approach strengthens ECU security by detecting various attacks in real time, offering a scalable and cost-effective solution for next-generation automotive cybersecurity.

6. Hardware & Supply Chain Security

It strengthens the hardware integrity and secures the automotive supply chain against counterfeiting and tampering. It also improves the security of the Electronic Control Units (ECUs), Remote Keyless Entry Systems, and EV Charging infrastructure.

Mitigation Strategies

• Blockchain-Based Parts Authentication

Solamalai College of Engineering explored energy-efficient Blockchain authentication mechanisms, such as Proof-of-Stake (PoS) and Proof-of-Authentication (PoAh), to enhance security while reducing environmental impact. It emphasizes integrating renewable energy sources and advanced cryptographic measures, including Multi-Factor Authentication (MFA) and Physical Unclonable Functions (PUFs), to safeguard Blockchain networks. By optimizing consensus algorithms, the study ensures improved security, efficiency, and sustainability, making Blockchain technology more viable for secure applications, including automotive cybersecurity.

• Physically Unclonable Functions (PUFs)

Kudelski IoT and PUFsecurity partnered to enhance IoT security, including applications in automotive cybersecurity, by integrating Kudelski’s cryptographic security solutions with PUFsecurity’s PUF-based Secure OTP technology. This collaboration establishes a robust root of trust, offering secure authentication, tamper resistance, and protection against unauthorized access and counterfeit devices. The combined technologies ensure compliance with global cybersecurity regulations while strengthening chip-level security against emerging threats.

Critical Need for Automotive Cybersecurity Regulations

Cybersecurity threats pose significant risks to vehicle safety, data privacy, and operational integrity with the rise of connected and software-defined vehicles. The complexity of modern automotive systems, involving multiple ECUs and V2X communication, demands stringent regulatory frameworks to mitigate cyber threats at every stage of the vehicle lifecycle. Automotive regulations worldwide ensure manufacturers implement cybersecurity management systems, conduct risk assessments, and establish proactive defenses against evolving cyber risks. The following regulations have been explained and distributed based on their region:

NHTSA Cybersecurity Guidelines:

In the US, the National Highway Traffic Safety Administration (NHTSA) provides best practices for cybersecurity risk management in vehicles, emphasizing secure software development, real-time intrusion detection, and OTA update security. While non-mandatory, these guidelines influence manufacturers to adopt cybersecurity frameworks aligning with federal safety standards to mitigate legal and operational risks.

UNECE R155 & R156:

In Europe, the United Nations Economic Commission for Europe (UNECE) WP.29 mandates automotive manufacturers to implement CSMS and software update management systems (SUMS) across vehicle lifecycles. It ensures compliance through cybersecurity risk assessments, monitoring, and incident response planning. It also requires manufacturers to establish cybersecurity governance across supply chains and comply with ISO/SAE 21434 to maintain approval for vehicle sales in 54 UNECE member states.

China’s GB44495:

In China, Standardization Administration of China (SAC), introduces mandatory technical requirements for vehicle cybersecurity, including CSMS implementation, secure ECU design, and protection against cyber threats in vehicle networks. It aligns with UNECE R155 and ISO/SAE 21434 while tailoring cybersecurity measures to China’s regulatory landscape. Requires model-specific risk assessments for cybersecurity approval extensions.

ISO/SAE 21434:2021 (Automotive Cybersecurity Standard)

Under International Organization for Standardization (ISO) & Society of Automotive Engineers (SAE), two global regulatory bodies, this standard establishes a framework for managing cybersecurity risks from vehicle concept and development to production, operation, and decommissioning. It defines processes like Threat and Risk Assessment (TARA) for early cyber risk identification. Guides OEMs and suppliers in securing vehicle software, networks, and components to comply with UNECE R155 and other regulations.

Key Market Players and Activities

Figure 2: Key Players Contributing to the Automotive Cybersecurity Ecosystem

Automotive Cybersecurity Ecosystem

Key Market Activities:

• In March 2025, FPT became the first ASEAN Company to achieve ISO/SAE 21434 certification, reinforcing its commitment to global automotive cybersecurity standards. This certification validates FPT’s expertise in managing cybersecurity risks across the vehicle lifecycle, from design to decommissioning.
• In March 2025, Green Hills Software and NXP Semiconductors collaborated to advance automotive cybersecurity by integrating ASIL D safety-certified software with NXP’s S32K5 MCUs, enabling secure multi-OS ECU consolidation, hardware-based isolation, accelerated debugging and development time, and compliance with ISO/SAE 21434 standards for next-generation software-defined vehicle architectures.
• In August 2024, Option 3 announced that ENIGMA, its cybersecurity platform, acquired Onclave Networks. ENIGMA focuses on Zero Trust, a security paradigm gaining traction as traditional tools lose effectiveness. Onclave’s Zero Trust principles, modeled after U.S. Department of Defence methods, significantly reduce security breaches, attack surfaces, network complexity, and operational costs. This acquisition enhances ENIGMA’s capability to secure devices, services, and personnel across diverse environments.

Conclusion & Future Scope

In an era where connectivity defines modern vehicles, automotive cybersecurity is no longer optional but a necessity. As cyber threats grow in sophistication—ranging from MITM attacks to remote vehicle takeovers—automakers must adopt a proactive security approach. Regulatory frameworks like ISO/SAE 21434 and UNECE R155, alongside cutting-edge solutions such as CAN intrusion detection, quantum-resistant encryption, and Zero Trust Architecture, are shaping a more secure automotive future. Several industry leaders such as DENSO, Bosch, Harman, continue to drive advancements, while countries introduce regulations such as GB 44495-2024 to reinforce the need for stringent cybersecurity measures.

The industry must embrace continuous innovation, rigorous risk management, and a security-first mindset to ensure trust, safety, and resilience in the evolving mobility landscape. Future advancements in automotive cybersecurity would focus on scalable IDS solutions capable of handling complex in-vehicle networks without performance degradation. Enhancing transparency through explainable AI (XAI) will be crucial for trust, validation, and compliance. Adaptive IDS mechanisms with real-time learning will be essential to counter evolving cyber threats. Research must also optimize IDS performance on embedded automotive platforms while ensuring compliance with ISO/SAE 21434 standards. Additionally, energy-efficient security solutions should be developed to balance power consumption and detection accuracy in resource-constrained vehicle environments.