As the industry rapidly advances toward digitalization and intelligence, cybersecurity has become a critical issue that cannot be ignored. The rise of Software-Defined Vehicles (SDVs) and autonomous driving technology has transformed modern vehicles into mobile smart devices. However, this evolution has also introduced significant security risks. Upstream’s analysis indicates that the increasing interconnectivity between vehicles and infrastructure is expanding the attack surface. Hackers can now exploit vulnerabilities through telematics systems, application servers, and API interfaces. A staggering 85% of these attacks are executed remotely, without the need for physical contact with the targeted vehicle. This proves that cybersecurity concerns are no longer confined to hardware but encompass the entire digital ecosystem of the automotive industry.
Several major cybersecurity incidents in 2024 have exposed critical vulnerabilities within the sector. In June, CDK Global, a key software provider for U.S. car dealerships, suffered a ransomware attack, bringing operations to a halt for 15,000 dealerships for nearly three weeks. The estimated financial loss exceeded $1.02 billion. This attack demonstrated that hackers are no longer targeting just vehicles but also core systems across the entire industry chain, affecting sales, financial services, and maintenance operations. Similarly, AutoNation faced a severe data breach as a result of the CDK Global attack, leading to significant disruptions in its retail operations. These events highlight that IT systems in car dealerships are now high-risk targets for cybercriminals.
EV charging stations have also emerged as a battlefield for cyberattacks. In early 2024, hackers successfully infiltrated communication protocols between EV charging stations and Charge Point Operators (CPOs), enabling them to remotely disable charging, install malicious firmware, and even charge unauthorized fees to users. These incidents reveal significant security loopholes in EV charging infrastructure, which require urgent reinforcement as charging networks continue to expand. Many existing EV charging stations lack proper encryption, robust authentication mechanisms, and network isolation, making them attractive targets for cybercriminals and potentially undermining consumer confidence in EV adoption.
Cyber vulnerabilities in connected vehicle systems have also drawn global attention. In late 2024, BYD EV owners in Australia discovered that the SIM cards inside their vehicles could receive external calls, raising serious concerns about privacy and security. This flaw meant that hackers or unauthorized individuals could potentially eavesdrop on conversations inside the car. Meanwhile, Volkswagen suffered a software vulnerability that exposed real-time location data for 800,000 EVs, allowing hackers to track vehicles and even access sensitive driver information such as email addresses, phone numbers, and home addresses. Such breaches not only threaten driver privacy but also present opportunities for criminal activities, including vehicle theft and extortion.
Another critical security issue emerged in Kia’s online system, where cybersecurity researchers discovered that hackers could remotely unlock car doors, start engines, and track vehicle locations. While Kia quickly patched this vulnerability, the incident underscores the potential risks of connected car systems and the urgent need for proactive security measures.
In response to these escalating cyber threats, the global automotive industry must adopt more aggressive defensive strategies to ensure the security of both vehicles and infrastructure. EV charging stations and in-car smart systemsrequire enhanced encryption and authentication protocols to prevent hackers from remotely controlling vehicles or charging facilities. Additionally, regular penetration testing must be conducted for connected car and API security, and AI-driven threat detection systems should be deployed to identify and block abnormal activities in real time.
Car dealerships and supply chains also need to strengthen IT security standards by implementing Endpoint Securityto mitigate ransomware attacks that could disrupt the entire dealership network. At the same time, third-party security audits must be tightened to ensure that all software service providers comply with the latest security standards, preventing them from becoming weak entry points for cyberattacks.
As smart vehicles and connected car technologies become more prevalent, the frequency and complexity of cyberattacks will only continue to increase. Automakers, dealerships, EV charging operators, and IT service providers must work together to enhance cybersecurity resilience. Only through proactive defense measures, security investments, and collaboration can the industry safeguard operations, protect consumers, and maintain trust in an increasingly digitalized automotive landscape.