Automotive Internet Security Perspectives (2025 Issue 2)

Automotive Internet Security Perspectives (2025 Issue 2)

Table of Contents

International Perspectives

  • Upstream, an autonomous driving technology developer, releases the “2025 Global Automotive Cybersecurity Report”

  • Arkansas, USA, sues General Motors for collecting data without user consent

  • The European Commission plans to legislate to grant automotive service groups access to vehicle data

Domestic Developments

  • Premier Li Qiang emphasizes the vigorous development of smart connected new energy vehicles in the government work report

  • The Ministry of Industry and Information Technology and the State Administration for Market Regulation jointly issued a notice on further strengthening the management of product access, recalls, and software online upgrades for smart connected vehicles

  • The Shanghai Municipal Government Office issued opinions on further reducing traffic accidents in the city

  • The Tianjin Municipal Bureau of Industry and Information Technology released a notice soliciting public opinions on the “Tianjin Regulations on Promoting the Development of Smart Connected Vehicles”

  • Jiaxing City released the “Implementation Rules for Road Testing and Demonstration Applications of Smart Connected Vehicles (Trial)”

  • The group standard “Cybersecurity Protection Requirements for Internet of Vehicles Service Platforms” was selected as a demonstration project for group standards application in 2024

  • Hangzhou held a work exchange meeting on the “Integration of Vehicle, Road, and Cloud” for smart connected vehicles

  • Moon Io announced the integration of the DeepSeek-R1 large language model to drive intelligent upgrades in automotive cybersecurity

Security Incidents

  • Kaspersky disclosed security vulnerabilities found in the Mercedes-Benz in-car infotainment system

  • Tesla electric vehicle chargers were compromised at the Pwn2Own 2025 hacking competition

  • A domestic automotive manufacturer’s Indian subsidiary’s CRM and logistics systems were found to have significant security vulnerabilities

  • Research found potential security vulnerabilities in open-source autonomous driving system projects

International Perspectives

1. Autonomous driving technology developer Upstream releases the “2025 Global Automotive Cybersecurity Report”

Keywords: automotive, cybersecurity, report, risk status, ransomware attacks

On February 15, Upstream Security released the “2025 Global Automotive Cybersecurity Report,” indicating that in 2024, the automotive and smart mobility ecosystem faced a sharp increase in cyber threats, with large-scale ransomware attacks causing unprecedented damage. The speed of cyber risk development has outpaced regulatory-driven responses, highlighting the growing gap between risk status and organizational response capabilities. To narrow this widening gap, organizations must not only meet compliance requirements but also enhance their response capabilities.

Source:

https://upstream.auto/reports/global-automotive-cybersecurity-report/

2. Arkansas, USA, sues General Motors for collecting data without user consent

Keywords: USA, General Motors, data selling, data collection

On February 27, Arkansas filed a lawsuit against General Motors and its subsidiary OnStar, accusing them of fraudulent trade practices. Over the past decade, GM collected driving data such as speed and location without consumer consent and sold it to brokers and insurance companies. Even if drivers did not register for OnStar, as long as the vehicle was connected, location data would be collected and sold, affecting over 100,000 residents in the state. Arkansas is seeking an injunction to stop this data practice and impose significant civil penalties, including restitution for data sales.

Source:

https://therecord.media/arkansas-sues-gm-over-data-collection-sharing

3. The European Commission plans to legislate to grant automotive service groups access to vehicle data

Keywords: European Commission、legislation, vehicle data, access rights

On March 4, the European Commission plans to propose draft legislation this year aimed at providing insurance companies, leasing companies, and repair shops with fair access to vehicle data. If supported by member states, this law could end the competition over vehicle data between automotive service groups, large tech companies, and automakers. Automakers have expressed concerns about this legislation, warning that it could pose risks to trade secrets and data misuse. Additionally, the automotive industry fears that large tech companies may dominate automotive infotainment systems.

Source:

https://cn.investing.com/news/world-news/article-93CH-2698079

Domestic Developments

1. Premier Li Qiang emphasizes the vigorous development of smart connected new energy vehicles in the government work report

Keywords: State Council, government work report, smart connected new energy vehicles

On March 5, Premier Li Qiang delivered the government work report at the third session of the 14th National People’s Congress, discussing this year’s work. The Premier proposed to stimulate innovation in the digital economy, continue to promote the “AI+” initiative, better integrate digital technology with manufacturing and market advantages, support the widespread application of large models, and vigorously develop smart connected new energy vehicles, AI smartphones and computers, smart robots, and other new generation smart terminals as well as intelligent manufacturing equipment.

Source:

https://www.thepaper.cn/newsDetail_forward_30306753

2.The Ministry of Industry and Information Technology and the State Administration for Market Regulation jointly issued a notice on further strengthening the management of product access, recalls, and software online upgrades for smart connected vehicles

Keywords: Ministry of Industry and Information Technology, State Administration for Market Regulation, smart connected vehicles, software online upgrades, safety

On March 1, the Ministry of Industry and Information Technology and the State Administration for Market Regulation jointly issued a notice on further strengthening the management of product access, recalls, and software online upgrades for smart connected vehicles, clarifying the primary responsibility of automotive manufacturers for production consistency and quality safety, detailing product access and recall management requirements, deepening automotive safety sandbox regulation, improving incident reporting and assessment mechanisms, conducting classified management of OTA upgrade activities, enhancing management collaboration, and establishing a shared information mechanism for automotive OTA upgrade activities.

Source:

https://mp.weixin.qq.com/s/3ufqQlZNyGxaNzF0opWxsw

3.Shanghai Municipal Government Office issued opinions on further reducing traffic accidents in the city

Keywords: Shanghai, smart connected vehicles, safety regulation

On February 24, the Shanghai Municipal Government Office issued revised opinions on further reducing traffic accidents in the city, proposing to strengthen safety regulation of smart connected vehicles, including researching the establishment of a municipal-level safety regulation platform for smart connected vehicles, enhancing safety regulation of smart connected vehicle enterprises, and conducting operational monitoring and accident investigations;guiding and supervising smart connected vehicle testing and application units to regularly train safety personnel and drivers in professional knowledge and emergency response.

Source:

https://www.shanghai.gov.cn/nw12344/20250126/2b8e5bbed08d4661bc0b73c9a02b34e0.html

4.The Tianjin Municipal Bureau of Industry and Information Technology released a notice soliciting public opinions on the “Tianjin Regulations on Promoting the Development of Smart Connected Vehicles”

Keywords:Tianjin, smart connected vehicles, regulations, public opinion solicitation, safety assurance

On February 14, the Tianjin Municipal Bureau of Industry and Information Technology released a notice soliciting public opinions on the “Tianjin Regulations on Promoting the Development of Smart Connected Vehicles (Draft for Public Comment).” Chapter 5 on safety assurance clearly states the requirements for cybersecurity and data security, implementing cybersecurity management systems, cybersecurity assessments and management mechanisms, and establishing and improving data security protection systems, fulfilling data security protection obligations in accordance with the law.

Source:

https://gyxxh.tj.gov.cn/ZMHD1898/jcyjzj/202502/t20250214_6858824.html?type=1

5.Jiaxing City released the “Implementation Rules for Road Testing and Demonstration Applications of Smart Connected Vehicles (Trial)”

Keywords:Jiaxing, smart connected vehicles, implementation rules, cybersecurity, data security

On January 27, Jiaxing City revised and released the “Implementation Rules for Road Testing and Demonstration Applications of Smart Connected Vehicles (Trial),” clearly stating the need to strengthen the construction of data and cybersecurity protection capabilities, establishing a cybersecurity protection system covering the entire lifecycle of smart connected vehicles and key components, managing software upgrades throughout the process, and legally protecting personal information and data security.

Source:

https://jxj.jiaxing.gov.cn/art/2025/1/27/art_1599223_53.html

6.The group standard “Cybersecurity Protection Requirements for Internet of Vehicles Service Platforms” was selected as a demonstration project for group standards application in 2024

Keywords: Internet of Vehicles service platform, cybersecurity protection, group standard, application demonstration project

On February 26, the Ministry of Industry and Information Technology announced the list of typical cases for the application and promotion of group standards in 2024. A total of six group standards from the China Communications Standards Association were selected, including the “T/CCSA 441-2023 Cybersecurity Protection Requirements for Internet of Vehicles Service Platforms,” which has been applied in many smart connected vehicle manufacturing enterprises and Internet of Vehicles service platform operating enterprises nationwide, providing standard basis for the implementation of classification and filing of Internet of Vehicles service platforms, with relevant national standards under development and expected to be released this year.

Source:

https://mp.weixin.qq.com/s/kQPr7pMo7ByPTAmjaymTfg

7.Hangzhou held a work exchange meeting on the “Integration of Vehicle, Road, and Cloud” for smart connected vehicles

Keywords: Hangzhou, smart connected vehicles, vehicle-road-cloud integration, safety protection

On February 19, the Hangzhou Transportation Investment Group organized a work exchange meeting on the “Integration of Vehicle, Road, and Cloud” for smart connected vehicles, where construction units reported on the current status of the municipal cloud control platform’s construction.The next step for Hangzhou will be to focus on three key points: the cloud control platform, functional vehicles, and applications, ensuring the proper positioning, data application, and safety protection of the cloud control platform, and expediting the implementation of the cloud control platform.

Source:

https://www.hangzhou.gov.cn/art/2024/4/7/art_812266_59095536.html

8.Moon Io drives intelligent upgrades in automotive cybersecurity by integrating the DeepSeek-R1 large language model

Keywords: Moon Io, smart connected vehicles, large language model, cybersecurity

On February 8, Moon Io announced the successful integration of the internationally leading large language model DeepSeek-R1, utilizing the large language model to comprehensively upgrade four major application scenarios in automotive cybersecurity, covering the entire lifecycle, including compliance and risk management, threat analysis and assessment, intelligent security operations, and long-term risk prediction.Building an efficient, economical, and intelligent security protection ecosystem to provide precise security assurance for smart connected vehicles throughout their lifecycle.

Source:

https://mp.weixin.qq.com/s/T-NeguXKVcuDDqqwVOegbw

Security Incidents

1. Kaspersky disclosed security vulnerabilities found in the Mercedes-Benz in-car infotainment system

Keywords: Mercedes-Benz, vulnerabilities, in-car infotainment system, Kaspersky

On January 21, Kaspersky disclosed more than a dozen vulnerabilities found in the Mercedes-Benz MBUX in-car infotainment system. Some vulnerabilities could be used for DDoS attacks, data retrieval, command injection, and privilege escalation. Attackers with physical access to the vehicle could exploit these vulnerabilities to disable anti-theft protection, calibrate the vehicle, unlock paid services, etc. Mercedes stated that the vulnerabilities have been fixed and are not easily exploitable.

Source:

https://hackernews.cc/archives/57020

2. Tesla electric vehicle chargers were compromised at the Pwn2Own 2025 hacking competition

Keywords: hacking competition, Tesla, 0-day vulnerabilities, electric vehicle chargers

From January 22 to 24, the Pwn2Own Automotive 2025 hacking competition was held in Tokyo, Japan, where two different teams successively compromised the Tesla electric vehicle charger Wall Connector, exploiting unpublished 0-day vulnerabilities. This competition focused on automotive operating systems, electric vehicle chargers, and in-car infotainment systems, discovering 16 0-day vulnerabilities on the first day and a total of 23 0-day vulnerabilities on the second day, with rewards totaling $335,000. The event organizers promised to publicly disclose the results of this competition 90 days after its conclusion.

Source:

https://hackernews.cc/archives/57086

3.A domestic automotive manufacturer’s Indian subsidiary’s CRM and logistics systems were found to have significant security vulnerabilities

Keywords: India, automotive manufacturer, security vulnerabilities, data breach

On February 27, a foreign forum exposed serious security vulnerabilities in the CRM and logistics systems of a certain domestic automotive manufacturer’s Indian subsidiary. Attackers could log into the system with obtained administrator privileges, threatening company data and operations. The platform records a large amount of sensitive data, and the poster offered to sell administrator accounts and passwords for $6,500. This subsidiary operates multinational company data, and the vulnerabilities could become a gateway for larger cyberattacks. It is reported that multiple online management systems of this Indian subsidiary have leaked, and different systems share the same backend login credentials.

Source:

https://mp.weixin.qq.com/s/wnzZM0pwcmCLPqJaDovBig

4.Research found potential security vulnerabilities in open-source autonomous driving system projects

Keywords: academic research, autonomous driving, security vulnerabilities

On February 27, a research paper revealed potential security vulnerabilities in open-source autonomous driving system (ADS) projects. The research utilized the CodeQL tool to analyze three projects: Autoware, AirSim, and Apollo, focusing on CWE-class vulnerabilities. The results showed that such vulnerabilities are widespread, persisting for over six months and spanning multiple versions, with the severity of vulnerabilities directly related to the performance impact on ADS. Therefore, it is recommended that developers integrate CodeQL into their development processes and regularly update third-party libraries; regulatory agencies should promote the use of tools and establish industry standards to enhance system security.

Source:

https://arxiv.org/html/2502.19687

Automotive Internet Security Perspectives (2025 Issue 2)

Click the blue text to follow us

Automotive Internet Security Perspectives (2025 Issue 2)

This article’s information is sourced from the internet, and the copyright belongs to the original author. Compiled by members of the Internet of Vehicles Security Intelligence Alliance. Please indicate the source when reprinting.

Previous Highlights:

Automotive Internet Security Perspectives (2025 Issue 1)

Automotive Internet Security Perspectives (2024 Issue 11)

Automotive Internet Security Perspectives (2024 Issue 10)

Automotive Internet Security Perspectives (2024 Issue 9)

Automotive Internet Security Perspectives (2024 Issue 8)

Automotive Internet Security Perspectives (2024 Issue 7)

Automotive Internet Security Perspectives (2024 Issue 6)

Related posts

  1. Why Use MQTT Protocol for Data Transmission in Vehicle Networking TSP?
  2. Technical Insights | TI’s Ultra-Compact M0+ MCU Packaging Offers More Possibilities for Your Designs
  3. Common Types of Automation Control Systems and Their Development Directions
  4. Matter Occupancy Sensor for Smart Home Automation
  5. Keil MDK-ARM 5.34 Installation Guide
  6. Stanford Team Develops Millirobot for Precision Drug Delivery
  7. Understanding Metal 3D Printing Materials
  8. GC4419 Effectively Treats SOM Induced by Chemoradiotherapy
  9. AI Based on This Architecture is Ubiquitous
  10. Introduction to Industrial Control Systems: Building a Simple Temperature and Humidity Control System
  11. Understanding the Vehicle Networking Industry
  12. Exploring Mobile Broadcasting Reconstruction Paths in Connected Vehicles
  13. Trends and Investment Strategies in the Industrial Control Computer Industry (2025-2030)
  14. The Development of UBI Car Insurance in the Era of Connected Vehicles and Big Data
  15. Observing the World (13): Don’t Be Deceived by the Chip War! The Real Outcome Was Written in Line 7 of the Tariff List
  16. Understanding IoT Technology and Its Applications
  17. Reversing and Exploiting Embedded Devices: Software Stack Part 1
  18. From Beginner to Expert: Understanding TCP/IP and OSI Models
  19. How to Build Automated Software Update Solutions for the Automotive Industry in the Era of Connected Vehicles?

Leave a Comment