ID 10 T

Tag: car

  • Cybersecurity in the Era of Connected Mobility: Technical Foundations, Remote Functionality, and Multi-Tiered Defense Strategies

    Cybersecurity in the Era of Connected Mobility: Technical Foundations, Remote Functionality, and Multi-Tiered Defense Strategies

    The automotive industry is currently navigating its most significant transformation since the invention of the internal combustion engine. This shift is characterized by the transition from hardware-centric mechanical systems to software-defined vehicles (SDVs) that are perpetually connected to the internet.1 Modern automobiles, including cars, SUVs, and heavy-duty trucks, have evolved into sophisticated mobile data centers, utilizing advanced infotainment systems, telematics control units, and integrated sensor suites to provide enhanced convenience and safety.4 However, this connectivity introduces a vast and complex cyber-physical attack surface. Features such as remote start, digital locking/unlocking, and even remote vehicle disablement—functionalities once the domain of science fiction—are now standard, yet they rely on underlying communication protocols that were originally designed without inherent security in mind.7 This report provides an exhaustive technical and strategic analysis of automotive cybersecurity, examining the architectural foundations of connected vehicles, the history of cyber-physical exploitation, the legal and ethical dimensions of remote disablement systems, and comprehensive mitigation strategies for both non-technical and professional users.

    Technical Foundations of In-Vehicle Networks

    To understand the cybersecurity landscape of a modern vehicle, one must first analyze the internal communication infrastructure that allows various electronic control units (ECUs) to exchange data. The primary backbone of this system is the Controller Area Network (CAN) bus, which serves as the “nervous system” of the vehicle.7

    The Controller Area Network (CAN) Bus Architecture

    The CAN bus protocol, originally developed to reduce the complexity and weight of electrical wiring, is a message-based broadcast system.7 In a traditional automotive setup, sensors and actuators are connected to ECUs, which then communicate via the CAN bus to coordinate functions such as engine timing, braking, and lighting.10 This centralized approach enables simplified diagnostics and configuration but creates a significant vulnerability: any node on the network can broadcast messages that are received and implicitly trusted by every other node.12

    The architecture of a CAN data frame is highly structured, yet it lacks fields for encryption or sender authentication.7 The following table details the components of a standard CAN message frame:

    Frame Bit / FieldSize (Bits)Description and Security Implication
    Start of Frame (SOF)1Marks the beginning of a message; synchronizes nodes.7
    Identifier11 or 29Sets message priority; lower values have higher priority. Lack of origin ID allows for spoofing.7
    Remote Transmission Request (RTR)1Distinguishes between data frames and requests for information.7
    Control Field (IDE, r0, DLC)6Includes the Data Length Code (DLC) indicating the size of the payload.7
    Data Field0–64Contains the actual data (e.g., sensor values). Transmission is unencrypted by default.7
    CRC Field16Cyclic Redundancy Check for error detection; does not prevent malicious tampering.7
    ACK Field2Acknowledgment from receiving nodes.7
    End of Frame (EOF)7Marks the end of the message.7

    The absence of authentication in the identifier field means that a compromised infotainment system can broadcast a high-priority message mimicking the Braking Control Module, and other ECUs will process the command as legitimate.8 This structural flaw is the root cause of many high-profile automotive hacks, as it permits message injection and “man-in-the-middle” attacks once initial access to the bus is achieved.8

    Telematics and External Gateways

    The Telematics Control Unit (TCU) serves as the primary gateway between the vehicle’s internal networks and the outside world.4 It integrates various wireless modules, including cellular modems (LTE/5G), Wi-Fi, Bluetooth, and Global Navigation Satellite Systems (GNSS).4 The TCU is responsible for two-way communication with manufacturer cloud servers, facilitating over-the-air (OTA) updates, remote diagnostics, and the remote commands requested by users via smartphone apps.4

    A critical second-order insight regarding TCU architecture is the shift from distributed domain control to regional or zonal control.16 In older architectures, the TCU was often a standalone module with limited interaction with safety-critical systems. In newer software-defined vehicles, the TCU is increasingly integrated into a “zonal controller” that acts as a central hub for all data traffic.16 This integration provides better performance and lower latency for advanced driver assistance systems (ADAS) but also means that a compromise of the TCU’s external interface could provide a direct pathway to the vehicle’s core safety functions if network segmentation is not rigorously enforced.5

    Theoretical Frameworks and Regulatory Standards

    As the risks associated with connected vehicles became undeniable, international bodies developed comprehensive standards to govern automotive cybersecurity engineering and lifecycle management.20

    ISO/SAE 21434 and UNECE WP.29 Regulations

    The two most influential frameworks in the current landscape are ISO/SAE 21434 and the United Nations Economic Commission for Europe (UNECE) Regulation 155 (R155).21 While they share the goal of securing vehicles, they serve different functions within the industry ecosystem. ISO/SAE 21434 provides the engineering “how-to,” outlining best practices for identifying and managing risk from the concept phase through decommissioning.20 In contrast, UNECE R155 is a legal regulation that requires manufacturers to implement a Cybersecurity Management System (CSMS) to obtain “type approval,” without which a vehicle cannot be legally sold in many global markets.22

    FeatureISO/SAE 21434UNECE R155
    NatureIndustrial Standard (Process-oriented) 20Legal Regulation (Requirement-oriented) 22
    FocusEngineering lifecycle and supply chain management 20Homologation and organizational management 22
    Key DeliverableThreat Analysis and Risk Assessment (TARA) 23CSMS Certificate of Compliance 22
    EnforcementVoluntary, but often required by OEMs for suppliers 21Mandatory for new vehicle types since July 2022 5

    These standards emphasize the “Security by Design” philosophy, moving away from reactive patching toward proactive threat modeling.8 For manufacturers, compliance involves documenting every potential attack path and ensuring that the entire supply chain—including third-party software providers—adheres to strict security protocols.20

    Software-Defined Vehicles and OTA Security (UNECE R156)

    The emergence of the Software-Defined Vehicle has necessitated a specific focus on the security of software updates. UNECE R156 establishes requirements for Software Update Management Systems (SUMS), ensuring that over-the-air updates are conducted securely and do not compromise the vehicle’s functional safety.5 This involves cryptographic verification of update packages, secure boot processes that prevent the execution of unauthorized code, and fail-safe “rollback” mechanisms that allow a vehicle to return to a known good state if an update fails.5

    Historical Exploitation and Case Studies

    The current state of automotive security is largely a response to high-profile exploits demonstrated by security researchers over the past decade.8

    The Miller-Valasek Jeep Hack (2015)

    The most famous incident in automotive cybersecurity remains the remote compromise of a 2014 Jeep Cherokee by researchers Charlie Miller and Chris Valasek.8 By exploiting a vulnerability in the vehicle’s Harman uConnect infotainment system, the researchers were able to gain access via a cellular connection from miles away.29 The core flaw was an unnecessarily open port () on the Sprint cellular network, which allowed them to pivot from the infotainment unit to the vehicle’s CAN bus.29

    Once they achieved bus access, they could send malicious CAN messages to control critical safety systems.15 The demonstration included disabling the brakes, manipulating the steering, and shutting down the engine while the vehicle was in motion on a highway.8 This hack forced the first-ever cybersecurity-related vehicle recall, impacting million vehicles, and served as a catalyst for the development of modern gateway firewalls that isolate infotainment systems from safety-critical networks.8

    Tesla Model S Key Fob Cloning

    In another significant case, researchers demonstrated the ability to unlock and drive away a Tesla Model S by cloning its key fob.8 This was achieved by exploiting weaknesses in the cryptographic implementation of the keyless entry system.8 Unlike the Jeep hack, which targeted the “brain” of the vehicle, this attack focused on the “access control” layer, highlighting that even vehicles with advanced software architectures can be vulnerable if their wireless communication protocols are not properly secured.25

    Zero-Day Vulnerabilities in Aftermarket Peripherals

    A more recent threat vector involves aftermarket devices that connect to the vehicle’s systems, such as wireless CarPlay dongles and smart dashcams.31 In 2025, researchers identified five zero-day vulnerabilities in popular aftermarket devices, including the CarlinKit dongle and 70mai dashcam.31 These devices often utilize hard-coded or weak Wi-Fi passwords and lack firmware signature verification.31

    Vulnerability IDDeviceMechanismPotential Impact
    CVE-2025-2765CarlinKitHard-coded Wi-Fi credentials 31Unauthorized access to configuration and data.31
    CVE-2025-2763CarlinKitRCE via unverified firmware upload 31Persistent control of the device and IVI bridge.31
    CVE-2025-276670maiDefault Wi-Fi password bypass 31Theft of video logs, GPS history, and driver audio.31

    The second-order implication of these vulnerabilities is that an attacker does not need to compromise the vehicle’s complex security architecture directly; they can instead target a “weak link” in the owner’s chosen ecosystem of convenience devices.31 A compromised dongle plugged into a USB port can serve as a bridge, allowing an attacker to probe the In-Vehicle Infotainment (IVI) system and potentially pivot to the internal network.9

    Remote Disablement and Repossession Technology

    The user’s query specifically highlights the ability to disable vehicles remotely, particularly for repossession.32 This technology represents one of the most controversial intersections of connectivity, finance, and cybersecurity.34

    Starter Interrupter Devices (SIDs) and Smart Contracts

    “Starter interrupters” are devices installed between the ignition switch and the starter motor.34 Originally developed in the late 1990s as simple “On Time” keypad systems, modern SIDs are integrated with GPS and cellular modems.34 These devices are frequently used by “buy here, pay here” lenders who cater to subprime borrowers.32 If a payment is missed, the lender can remotely deactivate the starter, preventing the vehicle from being driven.34

    The conceptual evolution of these devices has led to their inclusion in discussions regarding “smart contracts,” where the physical performance of an agreement (making payments) is automatically enforced by the device’s logic.36 However, this “digital coercion” introduces significant safety risks.33 There are documented cases of vehicles being disabled while idling in dangerous intersections or when owners were attempting to reach emergency medical facilities.33

    The Move Toward “Autonomous Repossession”

    Recent technological developments suggest a future where the vehicle itself acts as the repossessor. In February 2023, a patent application by Ford described systems for autonomous repossession.33 Under this model, a vehicle in default could receive a remote command to:

    1. Disable certain convenience features (radio, air conditioning) to encourage payment.37
    2. Emit an unpleasant, continuous audible tone via the infotainment system.33
    3. Lock the owner out of the vehicle entirely.33
    4. Ultimately, autonomously drive itself from the owner’s premises to a repossession agency or a public space where it can be easily towed.33

    While this reduces the risk of physical confrontation during repossession, it raises profound questions about property rights, due process, and the potential for “unintended autonomous behavior” if the repossession server is hacked.33 If an adversary gains control of a manufacturer’s “repossession fleet” command, they could theoretically immobilize or redirect thousands of vehicles simultaneously.38

    Data Privacy and the Monetization of Connectivity

    Connected vehicles are among the most invasive data collection platforms in existence, generating terabytes of data that are highly revealing of personal lifestyles and habits.40

    The Data Broker Ecosystem

    Automakers collect a vast array of data points, including precise geolocation, driving patterns (speed, harsh braking, rapid acceleration), biometric indicators, and even voice recordings from in-car assistants.4 This data is often shared with third parties, including insurance companies and data brokers such as LexisNexis and Verisk.42

    Insurance companies use this data to create “driver scores”.4 While marketed as a way to lower premiums for safe drivers, the data is frequently used to justify rate increases or policy denials based on patterns that the driver may not even be aware of, such as frequent late-night driving or traveling through “risky” neighborhoods.38

    Privacy Risks and Domestic Violence

    The persistence of location tracking creates unique security risks for vulnerable populations. Connected car services have been exploited by perpetrators of domestic violence to track, harass, and control their victims.40 Many users are unaware that their vehicle’s location can be accessed remotely via a mobile app, or that a previous owner or shared user may still have active credentials for the vehicle’s connected services portal.40

    Security Strategies for the Non-Technical User

    For the everyday user, cybersecurity is less about “hacking back” and more about establishing robust habits and physical barriers to protect their vehicle.44

    Physical Security and Signal Mitigation

    Because many modern vehicle thefts rely on “relay attacks” to clone key fob signals, physical mitigation is the first line of defense.45

    • Faraday Pouches: Storing key fobs in a signal-blocking Faraday pouch when at home prevents thieves from using boosters to relay the fob’s signal to a vehicle in the driveway.45
    • OBD-II Port Locks: Since many “high-tech” thefts involve plugging a device into the diagnostic port to program new keys, a physical lock over the port can prevent unauthorized access to the CAN bus.45
    • Steering Wheel Locks: A visible mechanical lock remains a powerful deterrent, as it forces a thief to spend time on a noisy, physical removal process that digital bypasses do not account for.45

    Digital Hygiene and App Management

    Users should treat their vehicle’s mobile app with the same level of security as a banking application.45

    • Multi-Factor Authentication (MFA): If the vehicle manufacturer supports it, MFA should always be enabled. This ensures that even if a password is stolen, the vehicle cannot be remotely unlocked or started without a second verification step.44
    • Account Audits: When purchasing a used vehicle, it is critical to ensure that all previous owner accounts are deleted from the vehicle’s system.40 Conversely, when selling a car, a “factory reset” of the infotainment system is necessary to protect personal data like home addresses and phone contacts.40
    • App Permissions: Users should review the permissions granted to vehicle companion apps, disabling “always-on” location tracking if it is not required for the features they use.43

    Privacy Opt-Out Protocols

    Most major manufacturers provide mechanisms to opt-out of data sharing, though these are often buried in complex menus.43

    ManufacturerFeature NameOpt-Out Path
    Toyota / LexusDrive Pulse / Insure ConnectToyota App > Profile > Account > Data Privacy Portal > Decline.52
    Ford / LincolnConnected Vehicle FeaturesSYNC Screen > Settings > Connectivity > Connected Vehicle Features > Toggle Off.54
    GM (Chev/Cad/GMC)Smart Driver (OnStar)GM App > Settings > Privacy > Smart Driver > Toggle Off.43
    Honda / AcuraDriver FeedbackInfotainment Settings > Connectivity > Data Sharing > Toggle Off.43

    Strategies for the Tech-Savvy User

    For users with a background in information technology or engineering, securing a vehicle involves active monitoring and the use of specialized forensic tools.55

    Network Monitoring and Packet Sniffing

    The most advanced way to audit a vehicle’s security is to monitor its internal network traffic.55

    • CAN Bus Logging: Tech-savvy users can use hardware like the “Panda” dongle or “PiCAN” HATs for Raspberry Pi to sniff CAN traffic.13 By using open-source software like SavvyCAN, users can visualize the message stream and identify if an unauthorized device (like a hidden GPS tracker or an insurance dongle) is injecting frames into the network.56
    • Wi-Fi and Bluetooth Auditing: Many infotainment systems have hidden debug ports or unsecured Wi-Fi configurations.31 Using tools like Wireshark on a laptop with a Wi-Fi adapter in monitor mode can help identify if the car is broadcasting unencrypted data or if it is vulnerable to “Drive-by” interception.31
    • API Analysis: For those familiar with web security, analyzing the traffic between the vehicle’s mobile app and the manufacturer’s back-end API can reveal if sensitive information (like the vehicle’s VIN or location) is being sent over insecure channels.26

    Implementing Hardware Isolation

    Advanced users may consider adding layers of hardware isolation to their vehicle’s systems, particularly if they utilize aftermarket telematics.6

    • Isolated Gateways: For project vehicles or fleets, installing an isolated gateway between the OBD-II port and the rest of the CAN bus can prevent an insecure aftermarket device from “poisoning” the network.14
    • Silent Mode Monitoring: When debugging or adding custom electronics, users should utilize “Silent Mode” (Listen-only mode) on their CAN transceivers.12 This ensures that the custom hardware can read data without the risk of accidentally transmitting a message that could interfere with the vehicle’s functional safety.12

    Threat Hunting with AI Platforms

    While largely targeting enterprise fleets, some cloud-based “Mobility Detection and Response” (XDR) platforms offer insights that can be adapted by advanced enthusiasts.58 Platforms like Upstream use AI to create a “digital twin” of a vehicle, monitoring for anomalies in telematics data that might indicate a cyberattack or a malfunctioning component.58 By analyzing metadata—such as the frequency of remote start requests or the source IP addresses of API calls—these systems can detect a breach before physical symptoms appear in the vehicle.58

    The Future of Automotive Security: 2026 and Beyond

    The next several years will see the consolidation of security-by-design as the industry standard, driven by both regulation and the requirements of autonomous driving.1

    The Rise of Zonal Architecture and Hardware Security Modules (HSMs)

    To combat the inherent weaknesses of the CAN bus, manufacturers are moving toward Automotive Ethernet and Zonal Architectures.1 In this model, the vehicle is divided into zones (e.g., Front Left, Rear Right), with each zone controlled by a powerful computer that acts as a secure gateway.16

    At the chip level, modern ECUs are being equipped with Hardware Security Modules (HSMs).1 These are dedicated hardware regions that store cryptographic keys and perform encryption tasks in a way that is isolated from the main processor.5 This makes it significantly harder for an attacker to spoof messages, as every critical frame on the network can be digitally signed and verified in real-time.5

    Blockchain for Data Integrity and V2X

    As vehicles begin to communicate with each other (V2V) and with smart city infrastructure (V2I), the need for immutable data records grows.1 Blockchain technology is being explored as a method for managing these communications.18 By utilizing a decentralized ledger, the vehicle ecosystem can ensure that traffic light signals, road hazard warnings, and software updates are authentic and have not been tampered with by a malicious actor.18

    AI-Enabled Defense and vSOCs

    The future of automotive defense will be predictive rather than reactive.18 Vehicle Security Operations Centers (vSOCs) are now being established by major OEMs to monitor millions of vehicles simultaneously.21 These centers use machine learning to identify emerging attack patterns across an entire model line.18 If a new exploit is detected in one vehicle in California, a patch can be developed and pushed via OTA to every similar vehicle globally within hours, effectively “vaccinating” the fleet against the threat.58

    Conclusions and Practical Recommendations

    The cybersecurity of modern vehicles is a multifaceted challenge that requires the coordination of manufacturers, regulators, and consumers. As automobiles become more connected and autonomous, the line between “automotive engineering” and “computer security” will continue to blur. For the everyday user, the transition to connected mobility offers immense benefits in convenience and safety, but these benefits come with the responsibility of maintaining digital and physical vigilance.

    The following table synthesizes the recommended security posture for modern vehicle owners:

    User TierPrimary ObjectivesKey Tools and Actions
    Non-TechnicalDeter theft and protect privacy.45Use Faraday pouches; lock OBD-II ports; enable app MFA; opt-out of insurance data sharing.43
    Tech-SavvyMonitor network integrity and audit device behavior.55Perform CAN sniffing with SavvyCAN; audit aftermarket device Wi-Fi; monitor mobile app API traffic.56
    Professional / FleetEnsure compliance and maintain fleet-wide uptime.21Implement vSOC monitoring; enforce ISO 21434 in procurement; utilize secure OTA and SUMS.5

    Ultimately, the most effective defense against automotive cyber threats is a layered approach that combines hardware isolation, cryptographic authentication, and informed user behavior. By understanding the underlying architecture of their vehicles and the nature of the threat landscape, users can enjoy the advantages of the connected vehicle era while minimizing their exposure to its digital risks.

    Works cited

    1. Connected Car Security Market Forecast to 2032: Growth of Managed Security Services and Vehicle SOCs Presents Lucrative Opportunities – ResearchAndMarkets.com, accessed January 16, 2026, https://www.businesswire.com/news/home/20260114247359/en/Connected-Car-Security-Market-Forecast-to-2032-Growth-of-Managed-Security-Services-and-Vehicle-SOCs-Presents-Lucrative-Opportunities—ResearchAndMarkets.com
    2. Key Tech & Business Trends That Drive SDV Innovation – Tietoevry, accessed January 16, 2026, https://www.tietoevry.com/en/blog/2025/04/top-software-defined-vehicle-trends/
    3. The Software-Defined Turning Point: What 2025’s Biggest Trends Mean for the Future of Connected Mobility – Cubic3, accessed January 16, 2026, https://www.cubic3.com/blog/the-software-defined-turning-point-2025-trends-connected-mobility/
    4. The Ultimate Guide to Automotive Telematics – Acsia Technologies, accessed January 16, 2026, https://www.acsiatech.com/the-ultimate-guide-to-automotive-telematics/
    5. Automotive Cybersecurity Best Practices – Svitla Systems, accessed January 16, 2026, https://svitla.com/blog/automotive-cybersecurity-best-practices/
    6. Vehicle Cybersecurity Threats and Mitigation Approaches – Publications – NREL, accessed January 16, 2026, https://docs.nrel.gov/docs/fy19osti/74247.pdf
    7. What Is Can Bus (Controller Area Network) – Dewesoft, accessed January 16, 2026, https://dewesoft.com/blog/what-is-can-bus
    8. car hacking, automotive cybersecurity, vehicle vulnerabilities, connected cars, Jeep Cherokee hack – Leadvent Group, accessed January 16, 2026, https://www.leadventgrp.com/blog/hacking-cars-real-world-case-studies-and-lessons-learned
    9. Secure Your CAN-Bus: Implementing ISO/SAE 21434 in Embedded Systems – Copperhill, accessed January 16, 2026, https://copperhilltech.com/blog/secure-your-canbus-implementing-isosae-21434-in-embedded-systems/
    10. An Illustrated Introduction to CAN Bus and Automotive Networks – Electude, accessed January 16, 2026, https://www.electude.com/teacher-toolbox/can-bus-and-automotive-networks/
    11. CAN bus – Wikipedia, accessed January 16, 2026, https://en.wikipedia.org/wiki/CAN_bus
    12. CAN Communication Silent Mode: Principle and Applications – 风丘科技, accessed January 16, 2026, https://www.windhilltech.com/content/articles/20250911/1757561192269/
    13. Security Concerns in CAN, CANopen, and J1939 Networks – JCOM1939 Monitor Pro, accessed January 16, 2026, https://jcom1939.com/security-concerns-in-can-canopen-and-j1939-networks/
    14. Vehicle Cybersecurity: The Jeep Hack and Beyond – Software Engineering Institute, accessed January 16, 2026, https://www.sei.cmu.edu/blog/vehicle-cybersecurity-the-jeep-hack-and-beyond/
    15. Lessons learned from hacking a car – ResearchGate, accessed January 16, 2026, https://www.researchgate.net/publication/337664393_Lessons_learned_from_hacking_a_car
    16. Components Behind the TCU (Telematics Control Unit): Connectivity …, accessed January 16, 2026, https://en.eeworld.com.cn/news/qcdz/eic704720.html
    17. What is telematics? Everything you need to know | Verizon Connect, accessed January 16, 2026, https://www.verizonconnect.com/resources/article/what-is-telematics/
    18. The Future of Automotive Cybersecurity Safeguarding the Next Generation of Mobility, accessed January 16, 2026, https://www.cyberdefensemagazine.com/the-future-of-automotive-cybersecurity-safeguarding-the-next-generation-of-mobility-2/
    19. Secure Vehicle Architecture – NXP Semiconductors, accessed January 16, 2026, https://www.nxp.com/applications/technologies/security/secure-vehicle-architecture:AUTOMOTIVE-SECURITY
    20. An Overview of ISO 21434 for Automotive Cybersecurity – PTC, accessed January 16, 2026, https://www.ptc.com/en/blogs/alm/iso-21434-for-automotive-cybersecurity
    21. Automotive Cybersecurity for Beginners | Resource | SIS – UL Solutions, accessed January 16, 2026, https://www.ul.com/sis/resources/automotive-cybersecurity-for-beginners
    22. A Comparative Analysis of UNECE WP.29 R155 and … – CNR-IRIS, accessed January 16, 2026, https://iris.cnr.it/retrieve/8ce973fd-a139-4021-b060-37c2124f8567/prod_474034-doc_193290.pdf
    23. ISO/SAE 21434’s Role in Auto Cybersecurity | Synopsys IP, accessed January 16, 2026, https://www.synopsys.com/articles/iso-sae-21434-automotive-cybersecurity.html
    24. Automotive Cybersecurity: Solutions for ISO/SAE 21434, UNECE WP.29 | Keysight, accessed January 16, 2026, https://www.keysight.com/us/en/assets/3121-1410/solution-briefs/Automotive-Cybersecurity-Solutions-for-ISO-SAE-21434-UNECE-WP29.pdf
    25. The Hidden Risks in Remote Keyless Entry Systems: A Supply Chain Perspective, accessed January 16, 2026, https://c2a-sec.com/the-hidden-risks-in-remote-keyless-entry-systems-a-supply-chain-perspective/
    26. GitGuardian and the Automotive Industry, accessed January 16, 2026, https://www.gitguardian.com/industries/automotive
    27. Cybersecurity Risks of Automotive OTA Updates – Apriorit, accessed January 16, 2026, https://www.apriorit.com/dev-blog/cybersecurity-risks-of-ota-automotive
    28. Ten Years After the Jeep Hack: A Retrospective on Automotive Cybersecurity | USENIX, accessed January 16, 2026, https://www.usenix.org/conference/vehiclesec25/presentation/miller-valasek-keynote
    29. Jeep Hack 0Day: An Exposed Port – Dark Reading, accessed January 16, 2026, https://www.darkreading.com/cyber-risk/jeep-hack-0day-an-exposed-port
    30. Lock It and Still Lose It – On the (In)Security of Automotive Remote Keyless Entry Systems – Flavio D. Garcia, accessed January 16, 2026, https://flaviodgarcia.com/publications/lock_it_and_still_lose_it.pdf
    31. Thousands of Vehicles at Risk: Zero-Day Vulnerabilities Reveal a …, accessed January 16, 2026, https://vicone.com/blog/thousands-of-vehicles-at-risk-zero-day-vulnerabilities-reveal-a-critical-blind-spot-in-automotive-cybersecurity
    32. Electronic Disabling Devices for Repossession – Holland Law Firm, accessed January 16, 2026, https://www.hollandlawfirm.com/electronic-disabling-devices-for-repossession/
    33. Remote Repossession – Digital Commons@DePaul, accessed January 16, 2026, https://via.library.depaul.edu/cgi/viewcontent.cgi?article=4277&context=law-review
    34. Auto Controllers – Logic Magazine, accessed January 16, 2026, https://logicmag.io/security/auto-controllers/
    35. Synthetic identity fraud is targeting BHPH dealerships – PassTime GPS, accessed January 16, 2026, https://passtimegps.com/how-to-stop-synthetic-identity-fraud-at-your-car-dealership-before-it-starts/
    36. The Law and Legality of Smart Contracts – Georgetown Law Technology Review, accessed January 16, 2026, https://georgetownlawtechreview.org/the-law-and-legality-of-smart-contracts/GLTR-04-2017/
    37. US20230055958A1 – Systems and Methods to Repossess a Vehicle – Google Patents, accessed January 16, 2026, https://patents.google.com/patent/US20230055958A1/en
    38. PSA for all prius owners: Call Toyota Connected services to disable your DCM Module to prevent spying. – Reddit, accessed January 16, 2026, https://www.reddit.com/r/prius/comments/1ef9bda/psa_for_all_prius_owners_call_toyota_connected/
    39. The Silent Theft Epidemic: What the Key Fob Lawsuit Reveals About …, accessed January 16, 2026, https://upstream.auto/blog/the-silent-theft-epidemic-what-the-key-fob-lawsuit-reveals-about-automotive-cyber-risk/
    40. UNSW Privacy & Security Regulation for Connected Cars Workshop – OAIC, accessed January 16, 2026, https://www.oaic.gov.au/news/speeches/unsw-privacy-and-security-regulation-for-connected-cars-workshop
    41. The Connected Car – BC Freedom of Information and Privacy Association, accessed January 16, 2026, https://fipa.bc.ca/wp-content/uploads/2018/01/CC_report_lite.pdf
    42. Driving Compliance: The Data Protection Risks of Connected Car Technology, accessed January 16, 2026, https://www.infosecurity-magazine.com/opinions/driving-compliance-data-protection/
    43. How to Figure Out What Your Car Knows About You (and Opt Out of …, accessed January 16, 2026, https://www.eff.org/deeplinks/2024/03/how-figure-out-what-your-car-knows-about-you-and-opt-out-sharing-when-you-can
    44. Mobile Security Threats in Connected Car Services: What You Need to Know – Approov, accessed January 16, 2026, https://approov.io/hubfs/White%20Paper/WP-Mobile%20Security%20Threats%20in%20Connected%20Car%20Services.pdf
    45. Car Cybersecurity 101: How to Protect Your Vehicle from Digital Threats – CyberPanel, accessed January 16, 2026, https://cyberpanel.net/blog/car-cybersecurity-101-how-to-protect-your-vehicle-from-digital-threats
    46. What is Keyless Entry in a Car? Security Risks and Solutions, accessed January 16, 2026, https://www.carkeyssolutions.co.uk/what-is-keyless-entry-in-a-car-security-risks-and-solutions/
    47. Find the Best Car security System for Total Vehicle Protection – CarLock, accessed January 16, 2026, https://www.carlock.co/blog/en/2023/10/13/best-car-security-system/
    48. OBD II Port Lock, OBD2 Connector Lockout, Prevents Access, accessed January 16, 2026, https://smaroadsafety.com/II-Port-Lock-OBD2-Connector-Lockout-Prevents-Access/683965
    49. OBD2 Port Lock – Security Device To Block Access To Your Car’s Diagnostic Connector, accessed January 16, 2026, https://www.westcottevents.com/Security-Device-To-Block-Access-To-Your-Car-039-s-Diagnostic-g-834446
    50. OBD2 Port Anti-Theft Lock – Security Protector For Cars, SUVs & Trucks (Red), accessed January 16, 2026, https://yourpghlawyer.com/OBD2-Port-Anti-Theft-Lock-Security-Protector-For-Cars-SUVs-656364/
    51. What Security Concerns Come With Automotive Apps? – Mobile app developers, accessed January 16, 2026, https://thisisglance.com/learning-centre/what-security-concerns-come-with-automotive-apps
    52. How do I opt-out of sharing my vehicle data with Toyota Insurance, accessed January 16, 2026, https://support.toyota.com/s/article/How-do-I-optout-of-sh-10033
    53. PSA: Toyota Selling Your Info to Car Insurance Companies – Reddit, accessed January 16, 2026, https://www.reddit.com/r/Toyota/comments/1bfrjv7/psa_toyota_selling_your_info_to_car_insurance/
    54. How do I turn off data sharing in my vehicle? – Ford, accessed January 16, 2026, https://www.ford.com/support/how-tos/sync/sync-4a/how-do-i-turn-off-data-sharing-in-my-vehicle/
    55. Vehicle Spy 3 | Intrepid Control Systems, Inc., accessed January 16, 2026, https://intrepidcs.com/products/software/vehicle-spy/
    56. Security Highlight: Building a Multi-CAN Bus Logger for Automotive – Keysight, accessed January 16, 2026, https://www.keysight.com/blogs/en/tech/nwvs/2018/09/18/security-highlight-building-a-multi-can-bus-logger-for-automotive
    57. Top 9 Network Security Monitoring Tools for Identifying Potential Threats – AlgoSec, accessed January 16, 2026, https://www.algosec.com/blog/network-security-monitoring-tools
    58. Automotive Cybersecurity & Data Management – Upstream Security – Upstream Security, accessed January 16, 2026, https://upstream.auto/
    59. vehicle-monitoring – Lidar-based Traffic Analytics & Parking – Outsight, accessed January 16, 2026, https://www.outsight.ai/solutions/vehicle-monitoring
    60. Application Note – Top Design Questions About Isolated CAN Bus Design – Texas Instruments, accessed January 16, 2026, https://www.ti.com/lit/pdf/slla486
    61. Best practices for cybersecurity management in telematics – Geotab, accessed January 16, 2026, https://www.geotab.com/white-paper/cybersecurity-management-telematics/
    62. Software-Defined Vehicle Market Data & Insights | S&P Global, accessed January 16, 2026, https://www.spglobal.com/automotive-insights/en/theme/future-of-mobility/software-defined-vehicles