According to some projections, by 2027 more than 97% of cars sold globally will be digitally connected. This is an epochal change, because it transforms the very concept of mobility: each of these vehicles becomes a network node, capable of exchanging data, updating remotely, communicating with energy systems and, in the future, becoming increasingly integrated with autonomous driving functions. All this, while on the one hand offering convenience and advantages of various kinds, including the possible reduction of accidents and greater efficiency in energy consumption, on the other hand brings with it new challenges related to IT security. A “connected car” can in fact be compared to a computer on wheels: it has operating systems, sensors, wireless networks and software which, as happens with smartphones and laptops, are potentially vulnerable to external attacks. Possible scenarios range from the theft of personal data to the blocking of driving functions, up to the alteration of crucial systems such as braking or stability assistance.
And the issue doesn’t just concern individual cars: with the transition to electric vehicles, charging stations also become part of this complex network, becoming a further access point for possible intrusions. In this context, manufacturers and institutions are working to ensure that the mobility of the future does not become the Achilles’ heel of our digital security. Specific regulations, penetration tests and protocols designed to protect vehicles are already in place, and at the same time the internal skills of companies to manage this challenge are growing. The objective is clear: to ensure that technological innovation goes hand in hand with safety.
Password: multilevel defense
When talking about cybersecurity in connected cars, it is useful to clarify that we are not referring to a hypothetical risk. Already today, infotainment systems – the displays that allow you to listen to music, receive traffic information or make calls – can be the target of intrusions. The same goes for external interfaces like Wi-Fi, Bluetooth, USB, and GPS, all potential gateways for an attack. For this reason, car manufacturers have started to implement a multi-level defense, which does not only concern the vehicle itself, but the entire production chain. In factory departments, for example, machinery and networks connected via the Industrial Internet of Things are protected; remote diagnostics and predictive maintenance systems are armored in cloud infrastructures; Central nodes such as the Central Gateway, which manages internal data, or the Powertrain, i.e. the powertrain, are protected inside the car.
To support these measures there are international standards that oblige producers to respect precise rules. IEC 62443 concerns the protection of production sites and industrial systems. ISO/SAE 21434 establishes how to identify and manage cyber risks throughout the life cycle of a vehicle, from its design to its decommissioning. The UNECE R155 and UNECE R156 regulations, however, introduce specific obligations: the first concerns the management of cybersecurity on board; the second software updates, which must be able to be carried out safely.
Before a car is put on the market, it must pass a penetration test. This is a hacker attack simulation, conducted under controlled conditions, to test how resistant a vehicle is to external intrusions. The test takes into account wireless networks, car-to-car communication or V2V (Vehicle-to-Vehicle) and that between cars and infrastructure or V2I (Vehicle-to-Infrastructure). This allows any flaws to be highlighted and corrected before the car reaches customers.
How to mitigate the safety risks of electric cars
The universe of electric cars deserves a separate discussion. These vehicles are not only connected to the Internet, but also integrated into the electricity grid. Through services such as V2G (Vehicle-to-Grid) can return energy to the grid at peak times, transforming themselves into real mobile batteries. This functionality, although useful, introduces new vulnerabilities: every time a car connects to a charging station, it exchanges not only energy, but also data, and this can expose the ecosystem to cyber attacks. Possible scenarios include data theft or data breach and DoS attacks (Denial-of-Service), which aim to saturate a system to make it unusable. In an extreme case, malware introduced via a charging station could spread not just to a vehicle, but to the entire distribution network. All this would obviously have very serious consequences.
Charging methods play a crucial role. Today, three can be distinguished: conductive charging, i.e. via a cable connected to a wallbox or a public column; inductive charging, which occurs without a cable but by magnetic induction, in static or dynamic mode; and battery swapping, which involves rapid replacement of the battery in special stations. From a safety point of view, conductive charging is considered the most exposed, especially when it uses communication protocols such as OCPP (Open Charge Point Protocol) in older versions, where documented vulnerabilities have already been discovered. During a public stop, the car remains connected for long periods of time, increasing the time window in which an attacker could act.
To mitigate these risks, experts suggest adopting updated protocols such as OCPP 2.0.1, which integrates stronger authentication mechanisms and advanced encryption. Encryption, for those who don’t know it, is a method that transforms information into a ciphered language understandable only by those who have the key to decode it, making the data unusable for anyone else. At the same time, it becomes essential to invest in the training of engineers, designers and specialized technicians, capable of constantly updating systems and anticipating new types of attacks.
The challenge of cybersecurity in connected cars, and even more so in electric ones, should therefore not be seen as an obstacle to the future of mobility, but as a field in which technology and security must advance together. Of course, awareness and careful use by us drivers will also be key to safe smart mobility.
