Auto Industry Faces Rapid Increase in Cyberattacks, AI Manipulation, and Unauthorized Access, Resulting in Financial Losses Totaling Billions Worldwide
In the rapidly evolving world of automotive technology, a new report has shed light on the increasing cybersecurity risks that come with the shift towards software-defined vehicles (SDVs) and connected mobility. The VicOne 2025 Automotive Cybersecurity Report has identified several emerging risks and vulnerabilities that the global auto industry must address to ensure the safety and security of vehicles, electric charging networks, and artificial intelligence (AI) systems.
Soaring Cyberattacks on Modern Vehicles
The report reveals that vehicle-related cyberattacks have surged by an alarming 600% over the past four years. Attack methods have become more sophisticated and scalable, posing long-term security challenges for modern vehicles, which rely heavily on software throughout their typical 12-15 year lifespan.
Vehicle Network Vulnerabilities
The security of onboard systems and software supply chains is a significant concern. Vulnerabilities in third-party software and hardware components require rigorous validation of suppliers and transparency through software bills of materials (SBOMs). Attackers are increasingly targeting vehicle networks, potentially compromising safety-critical functions.
Threats to Electric Vehicle Charging Networks
Emerging threats target electric vehicle supply equipment (EVSE) and charging systems. These systems face risks of unauthorized access, service disruption, or manipulation, impacting the operational reliability and user trust in EV infrastructure.
AI Systems within Vehicles: New Attack Surfaces
In AI systems within vehicles, particularly AI-powered smart cockpits and assistants, there are vulnerabilities related to data privacy, unauthorized access, and misuse of AI capabilities. The risks include sensitive data leaks and new AI-specific attack vectors such as prompt injections.
A Holistic Cybersecurity Strategy
The VicOne report stresses the importance of a holistic, forward-looking cybersecurity strategy. This includes the adoption of secure AI design principles and frameworks, encryption and audit trails to protect AI training data and user privacy, supplier validation and continuous vulnerability assessment, and the implementation of zero-trust security principles and dynamic threat analysis.
Comprehensive protection solutions that span vehicle life cycles, from manufacturing to operations, are also crucial. The report underscores the need for proactive, comprehensive automotive cybersecurity to safeguard vehicles, charging infrastructure, AI systems, user safety, and brand reputation in a highly connected and software-dependent environment.
[1]: Source: VicOne 2025 Automotive Cybersecurity Report [2]: Source: Shifting Gears: VicOne 2025 Automotive Cybersecurity Report [3]: Source: Understanding AI Risks in Transportation, U.S. Department of Transportation's September 2024 white paper [4]: Source: Pwn2Own Automotive 2025 report on zero-day vulnerabilities discovered in in-vehicle infotainment systems and EV-charging networks.
- The VicOne 2025 Automotive Cybersecurity Report highlights the concerning 600% increase in vehicle-related cyberattacks over the past four years, emphasizing the need for a holistic cybersecurity strategy in the industry.
- Vulnerabilities in third-party software and hardware components pose risks to onboard systems and software supply chains, as attackers increasingly target vehicle networks, which could compromise safety-critical functions.
- AI systems within vehicles also present new attack surfaces, with potential vulnerabilities related to data privacy, unauthorized access, and AI-specific attack vectors such as prompt injections.
