Modern vehicles have transformed into computers on wheels, but this connectivity comes with a serious downside. Hackers can now remotely start cars, unlock doors, track locations, and steal personal data using nothing more than a license plate and basic owner information. Recent breaches affecting major automakers like Subaru and Kia have exposed how vulnerable connected car systems have become.
The automotive industry is facing a cybersecurity crisis that’s only getting worse. 148 publicly disclosed automotive cyber incidents were tracked in just the first quarter of 2025, yet experts warn this represents only a fraction of actual attacks since many incidents go unreported.
Consumer confidence is plummeting as awareness grows. Only 19% of drivers feel secure about their connected vehicles, while 76% fear remote cyberattacks according to recent survey data. The automotive industry now finds itself racing to patch vulnerabilities while regulators and researchers scramble to establish better security standards for an increasingly digital fleet.
Why Car Cybersecurity Risks Are Rising
Modern vehicles have transformed into sophisticated computers on wheels, creating unprecedented vulnerabilities that hackers are actively exploiting. The automotive industry faces mounting cybersecurity threats across multiple fronts, from remote vehicle takeovers to massive data breaches affecting millions of drivers.
The Shift to Connected Cars and Software-Defined Vehicles
Today’s cars function as rolling data centers packed with connected features, over-the-air updates, and software-defined architectures. This digital transformation has created enormous convenience for drivers but also expanded the attack surface for malicious actors.
Connected vehicles now routinely transmit data through multiple channels, including cellular networks, Wi-Fi, Bluetooth, and cloud-based services. Each connection point represents a potential entry for cybercriminals seeking to exploit weaknesses in vehicle systems.
The integration of third-party applications and services adds another layer of complexity. Automotive cybersecurity risks span across several stages of the supply chain, from connected in-vehicle systems to digital manufacturing operations and component suppliers. Software now controls critical vehicle functions that were once purely mechanical, meaning a successful cyberattack could have physical consequences on the road.
Major Cybersecurity Threats Facing Modern Vehicles
Security researchers recently uncovered a major vulnerability in Subaru’s Starlink system that allowed hackers to take control of vehicles using just a license plate and basic owner information. Attackers could remotely start or stop cars, lock and unlock doors, and track real-time locations with accuracy within five meters.
The flaw also enabled access to personally identifiable information, including emergency contacts, billing details, and vehicle PINs. Perhaps most alarming was the ability to extract precise location data spanning over a year, allowing hackers to build detailed profiles of victims’ movements.
Similar vulnerabilities have affected other manufacturers. A flaw in Kia’s dealer portal allowed hackers to locate and steal vehicles using license plates alone.
Common automotive cybersecurity threats include:
- Remote hijacking of vehicle functions
- Theft of personal and financial data from onboard systems
- Ransomware attacks that render vehicles unusable
- GPS spoofing to mislead drivers or facilitate theft
- Compromised infotainment systems that leak sensitive information
AI, Autonomous Vehicles, and Emerging Vulnerabilities
Artificial intelligence and autonomous driving technologies introduce new layers of complexity to vehicle cybersecurity. These systems rely on massive amounts of data processing, sensor inputs, and real-time decision-making algorithms that must remain secure from tampering.
The ADAS and autonomous vehicle technology sector faces unique challenges as vehicles become more self-reliant. A compromised AI system could misinterpret road conditions, ignore traffic signals, or make dangerous driving decisions without human intervention.
Ransomware attacks on vehicles have spiked in 2025, with cybercriminals targeting the digital systems that control modern cars. These attacks can disable critical functions, holding vehicles hostage until owners pay a ransom. The integration of AI makes these systems more sophisticated but also creates additional entry points for attackers who understand machine learning vulnerabilities.
Notable Real-World Car Hacks and Recalls
The 2015 Jeep Cherokee hack marked a turning point in automotive cybersecurity awareness. Security researchers remotely took control of a Jeep Cherokee on a highway, manipulating its steering, brakes, and transmission from miles away. This demonstration led to a recall of 1.4 million vehicles.
NHTSA has increasingly focused on vehicle cybersecurity research at facilities like the Vehicle Research and Test Center in Ohio. The agency now examines cybersecurity risks in modern vehicle electronic architectures and develops guidance to improve security postures.
Competition events like Pwn2Own Automotive 2025 highlight ongoing vulnerabilities as security researchers successfully breach vehicle systems to demonstrate weaknesses. These contests reveal that even the latest models contain exploitable flaws in their connected systems.
Stolen vehicle data has become a lucrative target for cybercriminals. Breaches at automakers and their suppliers have exposed millions of customer records containing personal information, vehicle locations, and financial data.
How the Automotive Industry and Drivers Are Responding
The automotive industry has begun implementing new security standards and technologies to address mounting cyber threats, while facing ongoing challenges in managing complex software supply chains. At the same time, consumer awareness remains limited despite the growing risks.
Automotive Industry Solutions and Security Standards
Major automakers have started adopting ISO/SAE 21434 as a framework for automotive cybersecurity. This standard guides manufacturers through security requirements from design to decommissioning. UN Regulation No. 155 has also pushed the industry toward more structured cybersecurity management systems.
Some companies have turned to specialized security technologies. RunSafe Security has developed memory relocation techniques and software hardening solutions specifically for automotive applications. These technologies use pre-hardened open-source packages that protect vehicle systems from exploitation.
The shift toward software-defined vehicles has introduced over-the-air update capabilities, allowing manufacturers to patch vulnerabilities remotely. However, this same connectivity expands the attack surface that hackers can target.
Industry analysts note that automakers are increasingly borrowing practices from the IT sector. They’re implementing threat intelligence programs and vulnerability management systems similar to those used in enterprise software development.
Challenges in Software Supply Chains and Supplier Ecosystems
Software supply chain transparency has emerged as a critical weakness in automotive cybersecurity. Modern vehicles contain code from dozens of third-party suppliers, creating a complex web of dependencies that’s difficult to secure.
The 2023 research by Sam Curry revealed how vulnerabilities in telematics systems allowed access to manufacturer back-end infrastructure. His team exploited weaknesses in APIs to gain access to employee applications, then leveraged that access to reach sensitive internal systems. This demonstrated how cloud service compromises affect automotive manufacturers differently than traditional IT companies.
Chipset vulnerabilities have shown the deepest penetration into vehicle systems. Issues in systems-on-chip accounted for the largest share of reported vulnerabilities since 2021, followed by problems in third-party management apps.
Many suppliers lack the resources to implement comprehensive security programs. Smaller component manufacturers often don’t have dedicated cybersecurity teams, leaving gaps in the overall security posture of finished vehicles.
Consumer Awareness and the Impact on Buying Decisions
Most car buyers remain largely unaware of cybersecurity risks in their vehicles. Unlike concerns about crash safety or reliability, connected car cybersecurity rarely factors into purchase decisions.
The 2025 Connected Car Cyber Safety & Security Index tracks consumer perceptions alongside actual threat levels. The data shows a significant gap between the technical reality of automotive cyber threats and public understanding of those risks.
Few dealerships provide information about vehicle cybersecurity features during the sales process. Sales staff typically focus on entertainment features and convenience rather than the security measures protecting those systems.
Some early adopters have started asking questions about security protocols and patch management. These consumers want to know how manufacturers will handle vulnerabilities discovered after purchase and whether their vehicles will receive long-term security support.
More from Steel Horse Rides: