Not too long ago, the phrase “vehicle control” conjured images of gears, valves, shafts, and steel. Today, a contemporary automobile embodies an intricate synergy of code and metal, evolving into a dynamic digital system on wheels, propelled by an astounding 100 to 500 million lines of code.
According to Deloitte’s Global Automotive Consumer Study (GACS) for the Indian market in 2026, technology and features are pivotal in consumers’ vehicle purchasing decisions, influencing brand choice by a striking 50 percent.
This phenomenon is underscored by an impressive 80 percent of Indian consumers attesting to the utility of software-defined vehicles (SDVs), leading to an uptick in connected cars traversing the streets.
This seismic shift is generating value for both consumers and original equipment manufacturers (OEMs), yet it is fraught with notable risks. Connectivity, personalization, and autonomous functionalities are key elements of brand differentiation.
However, each user-friendly interface can inadvertently amplify security vulnerabilities. The architectural complexity that bestows competitive advantage upon SDVs simultaneously enlarges the attack landscape.
Real-world incidents underscore how a solitary weak interface can precipitate critical safety dilemmas.
- Last year, a leading global passenger car manufacturer experienced a major vulnerability in its vehicle mobile application due to inadequate authentication, exposing the vehicle identification number (VIN) and granting unauthorized remote access to essential car functionalities, including start/stop capabilities, climate control, and door security.
- A few years prior, a notable sports utility vehicle (SUV) hacking incident evolved from the head unit over a cellular network into the controller area network (CAN) bus, enabling researchers to manipulate braking, transmission, and steering systems. This breach necessitated a vast vehicle recall and redefined the parameters of “cyber” as a pressing road-safety concern.
The attack surface of SDVs has metamorphosed from a mere perimeter into a complex mesh. Data from GACS reveals that consumers are willing to invest additional funds for connected features.
The analysis indicates that 75 percent are amenable to paying for autonomous parking solutions, while 77 to 79 percent express preference for vehicle health reporting, app connectivity, automatic detection of vehicles or pedestrians, and digital keys.
- Infotainment systems: These are integrated with smartphone mirroring and voice assistance technologies but lack rigorous network segmentation or gateway enforcement, culminating in significant safety risks.
- Advanced driver assistance systems (ADAS): This raises the stakes further, as these platforms integrate data from cameras, radar, and LiDAR sensors. A minor manipulation of sensor inputs or injection of adversarial signals could profoundly alter vehicle behavior.
- Telematics units: The maintenance of persistent cloud connectivity and over-the-air (OTA) updates transforms operational advantages into systemic vulnerabilities, particularly due to flawed authentication models and inadequate certification management.
- Vehicle-to-Vehicle/Vehicle-to-Everything (V2V/V2X): While enhancing safety and efficiency, V2X also introduces potential attack vectors such as spoofing and Denial of Service (DoS) threats into the ecosystem.
The automotive industry’s response must transcend reactive patch cycles; security infrastructure must be integrated from the inception of the vehicle’s architectural design.
Employing thorough threat analysis and risk assessments (TARA) during the conceptual phase, along with secure boot chains, software bill of materials (SBOM) governance, and aligned secure coding standards, is not negotiable—they are essential for maintaining system integrity.
This proactive approach is further solidified by regulatory momentum. ISO/SAE 21434 formalizes cybersecurity engineering procedures during development, production, and decommissioning phases, while UNECE WP.29 R155 requires a cybersecurity management system (CSMS) for vehicle type approval across key markets. National frameworks, such as AIS-189, further delineate compliance expectations.
Certification now relies on demonstrable risk management, traceability, incident response readiness, and the integration of cyber governance within the homologation process.
For OEMs, the strategic landscape is evolving. Cyber resilience is now intertwined with safety, brand reputation, investor confidence, and customer trust.
According to GACS, approximately 95 percent of consumers are willing to invest in SDVs, with safety, security, and continuous vehicle health updates ranking as top features. As vehicles become increasingly software-centric, cyber risk shifts to become an integral safety and brand risk.
OEMs that embrace cybersecurity as a foundational system property—architected early, continuously validated, monitored at a fleet-wide scale, and anchored in CSMS/ISO 21434 protocols—will maintain pace with adversaries and regulators, outstripping competitors in trust, time-to-feature delivery, and total lifecycle value.
In an era where software dictates how vehicles sense, evaluate, and maneuver, trust will emerge as the critical fuel shaping the future of mobility.
Source link: Autocarpro.in.
