13529277067?profile=RESIZE_400xA new report from VicOne, a leading automotive cybersecurity firm, warns of escalating threats in the global auto industry. Despite recent progress in law enforcement efforts, the Shifting Gears: VicOne 2025 Automotive Cybersecurity Report highlights growing vulnerabilities in vehicles, electric charging networks, and artificial intelligence systems.

Cyberattacks between 2022 and 2024 caused tens of billions of dollars in damages. Automotive vulnerabilities reached record highs in 2024, with over 77% found in onboard vehicle systems, underscoring the urgent need for stronger security measures [1]. Surfaces like prompt injection vulnerabilities and compromised training data.

The rapid growth of electric vehicles (EVs) has revealed flaws in charging infrastructure, including outdated communication protocols and insecure payment systems that could impact vehicles and power grids. Cybercriminals increasingly use dark-web forums to exchange stolen vehicle data and advanced hacking techniques, posing new risks for automakers and consumers.

A June 2024 ransomware attack on a dealership software provider disrupted operations at over 15,000 North American dealerships, exposing weaknesses in the supply chain. The report notes that 530 automotive-related vulnerabilities were identified in 2024 alone, nearly double the number recorded in 2019.

13529277875?profile=RESIZE_400xSecurity experts at Pwn2Own Automotive 2025, a global hacking competition, discovered 49 unique zero-day vulnerabilities, mainly in in-vehicle infotainment (IVI) systems and EV-charging networks. Large language models (LLMs) used in AI-powered vehicle systems have also become prime targets for cybercriminals due to their reliance on sensitive enterprise data.

One of the most disruptive incidents occurred in June 2024, when a ransomware attack on a dealership software provider rippled across the industry, affecting more than 15,000 dealerships across North America. The attack underscored the fragility of the automotive sector’s digital backbone, where a single compromised supplier can cause widespread operational paralysis.

Analyzing underground criminal networks suggests that such attacks are only becoming more sophisticated. The findings indicate a shift from isolated, manual hacks, once the domain of car modification enthusiasts, to broader, systemic threats such as identity theft and remote vehicle manipulation.

At the same time, security researchers are documenting an accelerating rise in vulnerabilities across automotive systems. In 2024, the number of automotive-related software vulnerabilities, known as CVEs (Common Vulnerabilities and Exposures), climbed to 530, nearly double the total recorded in 2019. While earlier security flaws often stemmed from hardware-related issues, the latest vulnerabilities are increasingly concentrated in in-vehicle infotainment (IVI) platforms, operating systems, and electric vehicle (EV) charging infrastructure.

The severity of these threats was underscored at Pwn2Own Automotive 2025, an elite cybersecurity competition held in Tokyo in January. Over three days, security researchers from 13 countries uncovered 49 previously unknown vulnerabilities, mainly affecting IVI and EV charging systems. AI and LLM are introducing various operational, financial, and strategic risks that industry leaders are scrambling to address.

A September 2024 white paper from the US Department of Transportation - Understanding AI Risks in Transportation- warns that AI-enabled systems are vulnerable to misuse and abuse at various lifecycle stages. “AI-enabled systems may encounter misuse and abuse throughout their lifecycle due to factors such as over- or under-utilization, operating outside of operational envelopes, and malice,” the report states. The role of humans in these systems, it adds, can either exacerbate vulnerabilities or serve as a safeguard against them.

Among the most pressing concerns is the security of large language models (LLMs), the backbone of generative AI. These models rely on vast amounts of enterprise data and self-learning mechanisms that can be difficult to control, making them an attractive target for cybercriminals. Risks such as insecure plug-in designs, flawed output handling, and adversarial attacks highlight the challenges of integrating AI safely into the automotive industry.

Beyond operational threats, automakers also face deeper strategic and financial risks. The widespread use of AI reshapes governance structures, raises questions about liability and risk management, and even challenges traditional brand identities. As the industry navigates this seismic shift, one thing is clear: the road to AI-driven innovation comes with its own set of hazards.

As the automotive industry races toward an era of software-defined vehicles, the growing attack surface raises urgent questions about how automakers, suppliers, and regulators will confront a challenge that is no longer theoretical but increasingly inevitable.
Link to full report: “Shifting Gears: VicOne 2025 Automotive Cybersecurity Report.”

This article is shared at no charge and is for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com

• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941

Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122

[1] https://www.autoconnectedcar.com/2025/03/cyber-threats-ai-hacking-growing-in-automotive-costing-billions-of-dollars/#google_vignette

© 2025 Red Sky Alliance Corporation. All rights reserved.

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!