Cars have quietly morphed into rolling data centers. High-performance computers interpret radar and lidar feeds, Alexa pipes playlists through 5G modems, over-the-air (OTA) updates patch bugs while the vehicle sits in the driveway—and that's before we get to systems governing assisted or automated driving.
Those same conveniences, however, widen the door for cybercriminals. As self-driving cars edge onto public roads, every new sensor, wireless link, and line of code expands the available attack surface.
This article maps the threats we're seeing right now, projects how the landscape could evolve if left unchecked, and spotlights the defenses automakers and regulators are racing to deploy.
The current landscape of automotive cyber threats
From proof-of-concept to practical danger
The existence of cyber threats to vehicles isn't news. The industry's wake-up call sounded a decade ago, in 2015, when hackers were able to kill the engine of Jeep Cherokees from 10 miles away. Since then, headline exploits have arrived with unsettling regularity.
In autumn 2024, a flaw in Kia's web portal enabled full remote control of millions of cars, with no hardware required, just a browser and the victim's plate number.
This year alone, in January, investigators showed that a single license plate lookup could unlock, track, and even start any recent Subaru by abusing a gap in the Starlink telematics backend. And as recently as June, a Bluetooth chain-attack dubbed "PerfektBlue" exposed more than 1.4 million Volkswagen and Škoda vehicles to covert cabin audio recording and location tracking via their MIB3 infotainment units.
At Black Hat Asia 2025, researchers demonstrated how a single infotainment bug could turn a Nissan Leaf into a 1.6-tonne remote-controlled toy, complete with steering and brake access.
These cases prove that control of critical functions is no longer a theoretical threat. And this is just on the road. With more and more automated vehicles being used in manufacturing and construction, it might not be long until hacked vehicles become one of the main site hazards.
An epidemic in numbers
Because many exploits ride cloud APIs as readily as in-vehicle networks, successful attacks scale disturbingly well. Upstream's 2025 Global Automotive Cybersecurity Report recorded a 125% increase in automotive cyber events over the past two years and found that 60% of incidents in 2024 affected "thousands to millions" of assets. The share of truly massive-scale attacks leapt from 5% to 19% year-over-year.
The financial fallout is climbing just as fast. Analysis pegs direct losses at $22.5 billion from automotive cyber incidents in 2024, with $20 billion attributed to data leaks and $1.9 billion to downtime. Ransomware is the most dominant form of attack, accounting for 45% of automotive cyber incidents in Q1 2025.
How attackers break in
Remote exploits delivered over Bluetooth, Wi-Fi, and cellular links remain the quickest route to the engine bay, but attackers have options. Physical access to the OBD-II diagnostic port or direct CAN bus injection lets thieves bypass immobilizers.
Bugs buried deep in infotainment middleware supply durable footholds, while sprawling supply chains provide soft targets: more than 90% of attacks in 2023-24 focused on Tier-2 and Tier-3 suppliers, not the OEMs themselves.
The evolving threat landscape for autonomous vehicles
More code, more connectivity, more risk
Research projects that there could be 367 million connected vehicles on the road by 2027. Each of these software-defined vehicles (SDV) is effectively a mobile network of sensors, zonal controllers, and cloud links. OTA updates that once arrived quarterly now ship as frequently as every four weeks (Tesla's current cadence), and Volkswagen is targeting 12-week cycles for its ID series. Every fresh firmware image, V2X (vehicle-to-everything) packet, or REST-API call is a new foothold for an adversary.
V2X connectivity is especially fraught. Security researchers warn that spoofed traffic alerts can create phantom congestion, launch denial-of-service floods, or mount Sybil attacks in which a single rogue node masquerades as hundreds of roadside units. Experiments have shown that falsified perception data can trigger emergency braking or prevent the detection of real obstacles in autonomous convoys.
New motives, sharper tools
The black market economy around vehicles is maturing. Jailbreak kits that strip subscription paywalls from heated seats or hands-free highway pilots are already for sale, and 65% of 2024 attacks were executed by professional "black hat" operators active on dark web forums. Generative AI tools now automate firmware fuzzing and produce polymorphic malware that adapts on the fly.
Nation-states see strategic opportunity, as well. Western intelligence services warn that foreign-built infotainment stacks could funnel sensitive telemetry offshore, an anxiety magnified by quantum computing. Analysis cautions that companies may have less than a decade to migrate to post-quantum-safe cryptography before current encryption fails.
High-stakes consequences
Unlike a laptop breach, an intrusion in an autonomous vehicle carries devastating physical threats to people. Last year, attackers hijacked multiple robotaxis by manipulating V2X beacons, causing minor collisions and city-wide gridlock.
As human oversight fades, every packet on an in-vehicle network becomes a potential life-or-death decision.
Securing the autonomous frontier
Security by design and by default
Defense must start long before the first prototype rolls off the bench. UNECE Regulation 155, fully binding for new type approvals since July 2024, requires every manufacturer to operate an audited Cyber Security Management System throughout the vehicle's life cycle. ISO/SAE 21434 complements the rule with engineering guidance on threat analysis and secure development, pushing the industry from reactive patching toward proactive resilience.
Technical building blocks
Cybersecurity for automotive vehicles needs to be built on strong foundations:
-
Quantum-ready encryption: Automakers are already testing post-quantum algorithms to protect OTA pipelines and V2X sessions.
-
Strong authentication: Multifactor logins for mobile keys and dealer portals close the holes exploited in incidents like the Subaru and Kia breaches.
-
AI-driven intrusion detection: An evidential deep-learning framework can flag in-vehicle anomalies with 99% precision while keeping latency below a second.
-
Network segmentation and graceful degradation: Isolating drive-by-wire systems from infotainment traffic limits lateral movement and lets safety-critical controllers fall back to safe modes.
-
Tamper-evident ledgers: Blockchain could underpin secure V2X attestations and software update proofs by mid-decade.
Threat intelligence and supply chain visibility
Even the smartest intrusion detection system is blind without context. That is why researchers assembled the Acti corpus, an open access dataset that distils 908 real-world automotive cyber incident reports into a machine-readable feed that security teams can mine for fresh tactics and indicators of compromise.
Visibility must also run the length of the software supply chain. Europe's Cyber Resilience Act will obligate makers of any "product with digital elements," cars included, to hand over a Software Bill of Materials (SBOM). Washington is following suit: the U.S. Army's August 2024 directive makes SBOMs mandatory for most new software contracts. Yet, most companies are still flying blind: only 23% of organizations enjoy high visibility into their software supply chain, while four-fifths of low-visibility firms suffered a breach in the past year.
Collaboration and user awareness
Cyber resilience is a team sport. Auto-ISAC, OEMs, and security vendors increasingly share indicators of compromise in real-time, while Upstream's vehicle-centric security operations center aggregates telemetry across brands to spot cross-platform campaigns.
End-users play a part too: the strongest cipher is useless if a driver ignores OTA security updates or pairs the car with a malware-infected phone.
Conclusion
As vehicles transform from mechanical conveyances into full-fledged computers, cybersecurity becomes inseparable from safety. The past 18 months alone have delivered remote engine starts, full-fleet takeovers, and ransomware demands worth billions—proof that adversaries are evolving as fast as the technology they target.
Yet the roadmap to resilience is becoming clearer: design security into every ECU and line of code, monitor relentlessly with AI-assisted analytics, harden every channel with quantum-safe cryptography, and share threat intelligence across the entire mobility ecosystem. Getting that right is the difference between a future of frictionless autonomy and one where every journey risks a digital hijack.
