Blog

As AI assistants become standard features in vehicles, new risks like prompt injection are emerging, quietly manipulating systems through seemingly harmless inputs. We explore how attackers could exploit invisible commands in everyday interactions and why securing AI at the input level is critical to automotive safety.

Hitag2, a legacy key fob system, has long been known to carry security flaws. A recent demonstration showed that it could be cracked in under a minute. We break down how the attack works and why outdated encryption poses serious risks to modern vehicles.

We analyze the three-bug exploit chain demonstrated by security researchers against the Pioneer DMH-WT7600NEX IVI system at Pwn2Own Automotive 2024. We map it to the Automotive Threat Matrix and highlight industry best practices for mitigating similar exploits.

As AI, EVs, and SDVs reshape the automotive industry, cyberthreats are evolving in tandem. Drawing from VicOne’s 2025 automotive cybersecurity report, this article offers key insights into the industry’s threat landscape and outlines the strategies automakers need to stay ahead.

Security researchers uncovered a vulnerability in Subaru’s in-vehicle infotainment (IVI) system admin panel, enabling unauthorized access to personal information, GPS records, and vehicle controls. We examine the findings and emphasize the need for automotive manufacturers to adopt a security-first approach throughout the vehicle lifecycle.

In the first several weeks of 2025 alone, a surge of ransomware attacks hit the automotive industry. We examine recent cases and their broader implications for automotive cybersecurity.

We discuss the two vulnerabilities discovered in the Phoenix Contact CHARX SEC-3100 EV charging controller at Pwn2Own Automotive 2024, highlighting their impact and possible mitigations.

We examine the NCC Group’s two-bug chain during Pwn2Own Automotive 2024, which enabled the team to play Doom on the Alpine Halo9 iLX-F509 IVI system. We underscore the more serious implications once attackers gain root access and recommend countermeasures to mitigate the risks.

We examine a zero-click remote code execution (RCE) vulnerability in Tesla’s tire pressure monitoring system (TPMS), uncovered by Synacktiv researchers at Pwn2Own Vancouver 2024, and highlight its implications for connected vehicle security.

The Pwn2Own Automotive 2024 competition uncovered a high-severity zero-click RCE Bluetooth vulnerability in the Alpine Halo9 IVI system, highlighting the risks of proprietary implementations in connected vehicles. We explore the discovery, exploitation techniques, and key takeaways for securing automotive technologies against emerging threats.

Qualcomm has taken a significant step toward bringing GenAI to vehicles by integrating its next-generation Oryon processor into in-car systems. We explore the technology powering GenAI, highlighting what makes it so transformative — and the security challenges it introduces.

The ZDI has identified six zero-day vulnerabilities in an in-vehicle infotainment (IVI) system. As these vulnerabilities remain unpatched, we recommend security best practices to minimize their potential risks and fortify connected vehicles’ IVI systems.