1
Introduction
The development of Artificial Intelligence (AI) is driving a technological revolution across various industries and is changing the way humans live. The automotive industry also requires the support of AI on the path to intelligence.
In recent years, the application of AI technology in the automotive industry has become increasingly widespread, especially in areas such as autonomous driving, driving assistance, in-car entertainment, and vehicle safety. AI algorithms and models contribute to the maturity of autonomous driving, enhancing vehicle safety, convenience, and comfort. However, advanced technologies often act as double-edged swords; while AI grants “intelligence” to smart connected vehicles, it also brings new safety issues and challenges. At the end of January 2025, the DeepSeek online service suffered a massive malicious attack, reportedly one of the most “simple and brutal” methods in cybersecurity—DDoS attacks. The methods of attack on AI algorithms and models are far more than this. This article analyzes the current prominent AI safety issues in the field of smart connected vehicles, aiming to promote safety awareness in the industry.
2
Current Status of AI Function Applications in Smart Connected Vehicles
The AI function applications in smart connected vehicles cover multiple aspects, such as achieving environmental perception, path planning, and decision control. Vehicles collect surrounding environmental data through sensors (such as radar, cameras, lidar, etc.) and further utilize deep learning and computer vision technologies to process and fuse the data to achieve object recognition, optimal path selection, and obstacle avoidance. In addition, AI has also been widely applied in driving assistance systems, such as adaptive cruise control, lane-keeping assistance, and automatic parking.
In in-car entertainment systems, AI technology enables functionalities like voice recognition, facial recognition, and natural language processing, thereby enhancing the user experience for drivers and passengers. In the field of vehicle operation maintenance and monitoring, AI can also monitor various indicators of the vehicle in real-time, predict vehicle failures, and provide early warnings.
The trend of achieving end-to-end autonomous driving has emerged in recent years, simply put as “input sensor data + black-box autonomous driving AI algorithm + output control instructions.” Tesla is a pioneer in the field of autonomous driving, having achieved end-to-end AI autonomous driving in its FSD Beta V12 system. Many domestic companies are also exploring end-to-end autonomous driving technology routes, such as Xiaopeng, Changan, and BYD, which claimed at its press conference on February 10, 2025, that “the Eye of God opens the era of intelligent driving for everyone,” collaborating with DeepSeek to create cloud AI and vehicle-side AI. The application of AI in the smart connected vehicle field is unstoppable.
3
AI Safety Issues in Smart Connected Vehicles
AI models may face various attacks in practical applications, aimed at degrading model performance, stealing sensitive information, or manipulating model outputs. Smart connected vehicles rely on multiple AI models to implement Autonomous Driving Systems (ADS), Advanced Driver Assistance Systems (ADAS), and infotainment systems. These AI models may face various attacks in practical applications, degrading model performance, stealing sensitive information, or manipulating model outputs. Below are several types of attacks and specific attack scenarios in the smart connected vehicle field.
1
Adversarial Attacks
Adversarial attacks involve adding subtle, imperceptible perturbations to input data, causing AI models to produce incorrect outputs. This type of attack is particularly effective against image recognition and speech recognition models. For example, an attacker may place nearly invisible stickers on traffic signs, causing the image recognition model of the autonomous driving system to misidentify a “stop sign” as a “speed limit sign,” leading the vehicle to continue driving where it should stop, resulting in traffic accidents.
2
Data Poisoning Attacks
Data poisoning attacks occur during the model training phase, where attackers inject malicious samples into the training data, disrupting the training process and causing the model to perform poorly or produce incorrect results upon deployment. For example, an attacker may inject a large number of incorrect traffic sign data into the training data of Tesla’s Autopilot system, leading to frequent misidentification of traffic signs during actual driving, increasing the likelihood of traffic accidents.
3
Membership Inference Attacks
Membership inference attacks aim to determine whether a particular data sample was used to train the model. Such attacks can lead to privacy breaches, especially when handling sensitive data. For example, an attacker may analyze the outputs of an autonomous driving system to infer whether specific data from certain locations or times were used to train the model, resulting in the leakage of users’ travel information and invasion of privacy.
4
Model Extraction Attacks
Model extraction attacks involve attackers querying the target model and analyzing its outputs in an attempt to replicate or extract the model’s technology. The goal is to create a substitute model that behaves similarly to the target model, potentially stealing the model’s intellectual property, privacy, or security. For example, an attacker may send a large number of query requests to the autonomous driving system to gradually reconstruct its AI model. The attacker could copy or reverse-engineer the autonomous driving system for illegal purposes, stealing algorithm results or further attacking.
5
Backdoor Attacks
Backdoor attacks involve embedding specific triggers in the training data that cause the model to produce predetermined erroneous outputs when encountering these triggers. Such attacks typically manifest after model deployment. For example, an attacker may embed specific image patterns (such as a special traffic sign) in the training data of the autonomous driving system, causing the model to make erroneous decisions when encountering that sign in actual driving, leading to dangerous behaviors such as sudden acceleration or sharp turns.
4
Safety Protection Recommendations
In the future, as smart connected vehicles become more widespread, the safety issues of AI models will become increasingly important. Certain protective measures can be explored, such as:
(1) Adversarial Training: Incorporating adversarial samples during the model training process to enhance model robustness.
(2) Data Validation: Rigorously validating and cleaning training data to prevent data poisoning attacks.
(3) Privacy Protection: Utilizing techniques such as differential privacy to protect the privacy of training data and prevent membership inference attacks.
(4) Model Protection: Employing model encryption and access control technologies to prevent model extraction attacks.
(5) Backdoor Detection: Conducting backdoor detection before model deployment to ensure model safety.
5
Conclusion
No technology is perfect upon its emergence; technological iteration and evolution take time and investment. The application of AI in the field of smart connected vehicles is no different and does face safety issues. It is not scary. Moving forward, increasing investment in AI safety and privacy protection technology research and exploring more advanced protective measures during usage is crucial. This article introduces the current status of AI applications in smart connected vehicles and analyzes the potential safety issues to draw attention from the industry. Automotive manufacturers, technology companies, government agencies, and academia should strengthen collaboration to jointly address safety challenges and promote the safe and healthy development of AI applications in smart connected vehicles.
Introduction to Saidi Automotive
The Intelligent Connected Vehicle Research and Evaluation Division of the China Software Testing Center (Saidi Automotive) relies on the Key Laboratory of Intelligent Connected Driving Testing and Evaluation of the Ministry of Industry and Information Technology and the Software Testing Center for Intelligent Connected Vehicles of the Ministry of Industry and Information Technology to carry out research on the control operating systems and computing platforms of intelligent connected vehicles, network security, data security, and automotive software OTA upgrades. As one of the first domestic professional third-party quality assurance organizations recognized by CMA inspection and testing organizations, CNAS testing organizations, and CNAS laboratory accreditation, it is dedicated to providing professional third-party evaluation, consulting, and certification services for complete vehicle enterprises, parts suppliers, vehicle networking enterprises, government departments, research institutes, and universities.
Contact Person:
Teacher Zhu
Phone: 010-60730506
Email: [email protected]
Teacher Wang
Phone: 010-60730517
Email: [email protected]
Text | Intelligent Connected Vehicle Research and Evaluation DivisionEditor | Brand Promotion OfficeReviewer | Business Development Department