The modern vehicle is no longer just a machine—it’s a rolling network of sensors, software, and connectivity. With over 100 million lines of code and dozens of wireless entry points, cars are increasingly vulnerable to cyber threats. As the industry races toward fully connected, autonomous, and electrified vehicles, attackers are racing just as fast to exploit every gap. From theft and disruption to data exfiltration and grid-level sabotage, the threat landscape is expanding in both scale and impact.
Keyless entry systems, once a premium convenience, are now a prime target. Using relay devices, attackers can capture and replay key fob signals to unlock and start vehicles without detection. Meanwhile, electric vehicle charging infrastructure introduces new risks. Malicious actors can intercept billing data, inject malware through public chargers, or manipulate firmware to disable entire networks. With the rise of vehicle-to-grid technology, compromised chargers could threaten not just cars but the broader energy ecosystem.
Infotainment systems pose another critical risk. These hubs for navigation, communication, and entertainment are tightly integrated with vehicle electronics, and vulnerabilities here can lead to control over braking, steering, or acceleration. As vehicles become software defined, familiar attacks like phishing and brute force credential cracking are hitting dealerships, suppliers, and OEMs. The 2024 ransomware attack on CDK Global, which disrupted operations across 15,000 dealerships, is just one example of how backend systems are becoming soft targets.
Supply chain exposure continues to fuel risk, especially as more components and software are outsourced or updated over the air. Aftermarket devices like insurance trackers or mobile apps can leave behind residual malware, even after resale. VicOne’s 2025 cybersecurity report revealed that 77 percent of automotive vulnerabilities are found in in vehicle systems, with infotainment, telematics, and charging infrastructure among the most exploited. QR code phishing at charging stations is now emerging as another low effort, high impact threat.
Artificial intelligence is introducing its own set of risks. From prompt injection to adversarial data poisoning, AI-powered features in vehicles can be manipulated in ways that traditional defenses are not prepared for. Hackers are already trading stolen vehicle data and zero day exploits on the dark web, moving from experimental hacks to scalable, coordinated campaigns. At Pwn2Own Automotive 2025, researchers uncovered 49 unique zero day vulnerabilities, mostly in infotainment and EV charging platforms.
The future of mobility depends on secure foundations. Without proactive, multilayered defenses across every layer of the vehicle and its ecosystem, the connected car revolution could stall under the weight of its own vulnerabilities. Cybersecurity must be treated as a critical safety feature that every vehicle manufacturer prioritizes above all else.
