The core cybersecurity risks of intelligent automobiles are mainly reflected in three aspects. First, vehicle control system attacks. Intelligent automobiles rely on electronic control units (ECUs) to manage key functions such as braking, steering, and acceleration. Hackers can exploit vulnerabilities in the vehicle’s network system to infiltrate the ECU, thereby gaining control of the vehicle. For example, in 2024, a cybersecurity research team successfully remotely took control of a mainstream intelligent vehicle through its in-vehicle infotainment system, disabling the braking function and changing the driving direction, which exposed the huge safety hazards of vehicle control system vulnerabilities. Second, user data leakage. Intelligent automobiles collect a large amount of user data during operation, including driving habits, location information, personal identity information, and even in-vehicle conversation records. If the vehicle’s data storage and transmission systems are not properly protected, this sensitive data may be stolen or leaked, leading to privacy violations and even property losses. Third, supply chain risks. The intelligent automobile industry involves a complex supply chain, including parts suppliers, software developers, and network service providers. A vulnerability in any link of the supply chain may become a breakthrough for hackers to attack the vehicle system. At present, the protection of automotive cybersecurity faces multiple challenges. On the one hand, the rapid iteration of intelligent technology has led to the continuous emergence of new vulnerabilities. With the popularization of technologies such as 5G, autonomous driving, and the Internet of Vehicles, the attack surface of automobiles has been greatly expanded, and hackers’ attack methods have become more sophisticated, making it difficult for traditional security protection measures to keep up. On the other hand, there is a lack of unified industry standards and regulatory systems. Different automakers adopt different security technologies and standards, resulting in uneven cybersecurity levels of vehicles on the market. In addition, the awareness of cybersecurity among consumers and even some automakers is insufficient. Many consumers do not pay attention to the security settings of their vehicles, while some automakers prioritize product functions and user experience over cybersecurity during the R&D process. To address these risks and challenges, joint efforts from multiple parties are required. For automakers, they should take cybersecurity as a core requirement in the entire product lifecycle, from R&D and design to production and after-sales. This includes strengthening the security design of vehicle electronic systems, conducting regular vulnerability testing and updates, and establishing a rapid response mechanism for cybersecurity incidents. For example, many automakers have begun to adopt “over-the-air (OTA) updates” to promptly fix system vulnerabilities and improve vehicle security. At the same time, automakers should strengthen the management of the supply chain, conduct strict security audits on suppliers, and ensure that all parts and software meet cybersecurity standards. For consumers, they should enhance their awareness of automotive cybersecurity and take practical measures to protect themselves. First, they should regularly update the vehicle’s system and software to fix known vulnerabilities. Second, they should avoid connecting unknown devices or networks to the in-vehicle system, so as not to provide opportunities for hackers to infiltrate. Third, they should pay attention to protecting their personal information, such as not easily sharing the vehicle’s login credentials or personal data with others. In addition, consumers should choose vehicles with good cybersecurity performance when purchasing cars and pay attention to the automaker’s cybersecurity commitments and after-sales services. For relevant government departments and industry organizations, they should formulate unified automotive cybersecurity standards and regulatory systems to standardize the behavior of automakers and suppliers. This includes establishing mandatory cybersecurity testing and certification systems for vehicles, strengthening the supervision of cybersecurity incidents, and imposing severe penalties on illegal acts such as data leakage and malicious attacks. At the same time, they should promote technological innovation and cooperation in the field of automotive cybersecurity, support the research and development of advanced security technologies, and build a sound automotive cybersecurity ecosystem. In the era of intelligent automobiles, automotive cybersecurity is not only a technical issue but also a matter of public safety and user rights. With the joint efforts of automakers, consumers, and relevant institutions, it is believed that the cybersecurity risks of intelligent automobiles can be effectively controlled, and the intelligent automobile industry can develop in a safer and more sustainable direction, bringing more convenience and peace of mind to people’s travel.
