Rajiv C. Mody, CMD & CEO, Sasken Technologies
Imagine parking your car, only to find out someone remotely unlocked it. Or, while driving, you realise someone else is controlling your brakes and windows. Sounds scary, right? In September 2024, a group of white-hat hackers exposed serious vulnerabilities in vehicles produced by a major automotive manufacturer. Using just a licence plate number, they could unlock, start, and track the car, and even steal personal information. The hackers exploited the vehicle’s connectivity portal, designed to let owners control their cars via smartphone. By tricking the system, they re-routed the car’s controls to themselves, gaining full access to locks, ignition, and more. The security incidents are reported even around EV charging stations in public places with hackers stealing credit card information or creating a disruption. Every EV charging point, whether in a private garage or a public parking lot, operates online, running various software systems that interact with electric power grid, payment networks, back end applications and store sensitive driver information. Essentially, they serve as potential weak spots in the Internet of Things (IoT) ecosystem, where vulnerabilities can be exploited, making them susceptible to cyberattacks if not properly secured. There are many such stories in the public domain.
In the age of rapidly evolving automotive technologies, vehicles have transformed into software-driven machines, with advanced systems like ADAS (Advanced Driver Assistance Systems), V2X (Vehicle-to-Everything communication), and autonomous driving shaping the future of transportation and consumer luxury. While these innovations promise increased efficiency, safety, and convenience, they also introduce unprecedented risks. Cybersecurity now plays a pivotal role in ensuring the safety and security of modern vehicles, as they become more connected and reliant on software.
Today’s vehicles are equipped with millions of lines of code, hardware components and network connectivity that control everything from information & entertainment, navigation, road warning & vehicle health signals to critical safety functions such as braking, steering, and acceleration. These complex systems are interconnected, forming an ecosystem of sensors, controllers, and networks that work together seamlessly.
As the automotive industry moves toward autonomous and connected vehicles, hackers are increasingly targeting these complex software systems. Malicious actors can exploit vulnerabilities to manipulate vehicle functions, causing accidents, data breaches, or even seizing control of the car.
The Role of cybersecurity in mitigating risks
Cybersecurity in vehicles is no longer optional; it is fundamental to ensuring both safety and reliability. This involves implementing robust security protocols across the entire lifecycle of the vehicle—from design to manufacturing, software updates, and decommissioning taking a product centric approach.
Here are key areas where cybersecurity plays a crucial role:
- Secure software development: Ensuring that vehicle software is developed with security in mind from the outset (secure by design) is essential. Automakers must adopt cybersecurity standards like ISO/SAE 21434, which addresses the security aspects of the software development process in the automotive industry. This includes threat modelling, vulnerability assessments, and secure coding practices.
- Over-the-Air (OTA) updates: Software-dominant vehicles need regular updates to stay secure. Over-the-air updates allow manufacturers to remotely patch vulnerabilities without requiring a physical recall. However, this method itself needs to be secured to prevent unauthorised access or tampering during the update process.
- Vehicle-to-Everything (V2X) communication: Connected vehicles must communicate securely with infrastructure (traffic lights, road signs), other vehicles, and the cloud. This requires encryption, authentication, and data integrity measures to ensure that malicious entities cannot intercept or alter communications.
- Intrusion Detection and Prevention Systems (IDPS): Like traditional network security, vehicles need systems that can detect and respond to cyber threats in real-time. These systems monitor the vehicle’s network for unusual behaviour and prevent unauthorised access or manipulation of critical functions.
- Collaborative efforts and regulations: Governments and industry organisations are working together to create regulations and standards to ensure vehicle cybersecurity. The UN Regulation No. 155 on Cyber Security and Cyber Security Management Systems mandates that manufacturers demonstrate cybersecurity throughout a vehicle’s lifecycle. Compliance with these regulations helps create a safer, more secure automotive landscape.
The road ahead
As vehicles continue to evolve into software-defined machines, cybersecurity must remain at the forefront of development. Automotive companies (OEMs and their suppliers), technology providers, and cybersecurity experts must work together to take a product centric approach anticipating threats keeping supply chain in mind to ensure that security controls are embedded by design in every single component of the vehicle to build resilient systems that protect both passengers and the broader transportation ecosystem. In doing so, the automotive industry can pave the way for a safer, smarter, and more secure future on the road.