By Florengen Arvin Parulan (Automotive Researcher)
Today’s cars are no longer purely mechanical machines. With in-vehicle infotainment (IVI) systems, telematics, wireless connectivity, advanced driver-assistance systems (ADASs), and cloud services, modern vehicles now function as connected computing platforms on wheels.
As vehicles become more connected and software-defined, the digital attack surface has expanded dramatically. Threat actors are exploiting zero-day vulnerabilities, compromising third-party components, and targeting emerging technologies.
When connected features become attack vectors
At Pwn2Own Automotive 2024 , security researchers from Synacktiv exploited a Tesla Model 3 in about two minutes. The attack began with a rogue GSM signal targeting the vehicle’s modem, then pivoted into the IVI system before gaining control of functions such as the headlights, doors, and trunk.
Two years later, the stakes grew even higher. At Pwn2Own Automotive 2026, researchers demonstrated remote code execution (RCE) against Alpine and Kenwood head units, while electric vehicle (EV) chargers were compromised to manipulate charging sessions and potentially access backend networks.
These demonstrations highlight how attackers can move from externally exposed interfaces into broader vehicle systems. In many cases, a single vulnerability — particularly in interfaces that are visible, reachable, and behaviorally meaningful to drivers — can become an initial attack vector for multi-stage attacks that spread to other vehicle subsystems.
This pattern is also reflected in VicOne’s 2026 Automotive Cybersecurity Report. Analysis of 2025 automotive cybersecurity incidents shows that attackers increasingly target in-vehicle systems that drivers interact with directly, with IVI systems among the most frequently targeted components.
Figure 1. Where attackers focused in 2025. Nearly 40% of observed automotive cybersecurity incidents targeted in-vehicle systems.
Hidden risks in aftermarket accessories
Aftermarket accessories such as dongles and dash cams can introduce significant cybersecurity risks to modern vehicles. Popular devices such as the CarlinKit CPC200-CCPA and the 70mai A51 have been found to ship with hardcoded Wi-Fi passwords, accept unsigned firmware updates via web or USB interfaces, and fail to verify bootloaders or kernels.
An attacker could upload malicious firmware, potentially gaining root access and remote code execution. Once compromised, these accessories can act as persistent backdoors, giving attackers an easy foothold for lateral movement into the rest of the vehicle.
Backdoors in AI-driven vehicle systems
In 2026, a dormant backdoor embedded within the AI “SuperNets” that power autonomous driving systems. Unlike traditional exploits that target hardware or firmware, VillainNet operates within the vehicle’s intelligence layer. The backdoor remains dormant until triggered by attacker-defined conditions such as location, traffic patterns, or weather.
Once activated, VillainNet can manipulate vehicle decision-making while evading conventional security controls. Because the attack resides within the AI model itself rather than in surrounding software or hardware components, traditional detection methods struggle to identify its presence.
The discovery highlights a growing blind spot in automotive cybersecurity. As vehicles increasingly rely on AI-based driving intelligence and decision systems, attackers may no longer need to break into the vehicle’s hardware or networks. They can instead manipulate the intelligence that guides how the vehicle interprets and responds to the world.
ADAS: Where automotive cybersecurity meets vehicle safety
As vehicles move closer toward autonomy, advanced driver-assistance systems (ADASs) are emerging as a critical frontier of automotive cybersecurity. Security researchers have demonstrated that even the sensors guiding these systems can be manipulated. A study in 2019 showed that carefully timed laser signals could spoof LiDAR sensors, causing autonomous systems to perceive obstacles that do not exist or fail to detect real ones.
These demonstrations reveal how vulnerabilities in perception systems can affect the entire driving decision chain. A compromise in one ADAS sensor, for example, can cascade through perception, decision, and control layers, potentially affecting braking, steering, collision avoidance, and other safety-critical functions.
Emerging cyber risks in modern mobility
As vehicles become increasingly connected and software-defined, automotive cyber risks are expanding beyond individual vehicle components to the broader mobility ecosystem. VicOne’s 2026 Automotive Cybersecurity Threat Report highlights several emerging cyber risks that could shape the next phase of automotive cybersecurity. Some of the key predictions include:
- AI training data as a new supply chain risk: Attackers may target the datasets used to train automotive AI systems, introducing vulnerabilities that could propagate across multiple vehicle generations.
- Fleet-scale OTA compromise: A breach in centralized over-the-air update infrastructure could distribute malicious firmware across entire vehicle fleets.
- Cyber risks extending into energy infrastructure: As vehicles integrate with charging networks and Vehicle-to-Grid (V2G) systems, attacks on charging infrastructure could disrupt both mobility services and energy systems.
These emerging risks show how automotive cyber threats are expanding beyond individual vehicles to the broader ecosystem that supports modern mobility.
Conclusion
For deeper insights into the threats and trends shaping automotive cybersecurity, download VicOne’s 2026 Automotive Cybersecurity Report, “Crossroads: Automotive Cybersecurity in the Overlap Era.”
