Connected Vehicle Security: Defending Automotive Systems
Industry: Automotive
Vehicles are seeing increasing connectivity through 4G/5G cellular, Bluetooth, and wireless CarPlay/Android Auto. These connected vehicle systems present soft targets that could lead to memory corruption attacks that can be used to gain initial remote access into the vehicle. By implementing RunSafe’s advanced security measures, OEMs and Tier 1 vendors can comply with automotive safety standards like ISO 21434, ISO 26262, SAE J3061, and UNECE WP.29.
Challenge
Connected vehicles are a part of the Internet of Things (IoT) and interact and share real-time data about the vehicle and its passengers/cargo with the world around them.
- Telematic systems connect the smart vehicle to the OEM’s cloud for navigation and diagnostic information.
- Infotainment systems connect the driver/passenger with personal navigation or entertainment services.
- V2X describes a variety of scenarios, like Vehicle to Infrastructure (V2I) that connects vehicles to Smart Cities, Vehicle to Home (V2H) that connects BEVs to home for energy transfer, and Vehicle to Network (V2N) that connects vehicles to cellular and satellite networks.
A memory corruption attack through any of these vehicle connectivity systems can lead to remote access, allowing attackers to remotely start and stop vehicles or even control steering, braking, and acceleration.
“From our perspective, adding RunSafe means we have more opportunity to shrink the attack surface and reduce overall risks for our customers since security is now already built into our product.”
Key Features:
Build-time SBOM generation, including for C/C++
Automated mitigation and runtime code protection
Seamless
integration
Futureproofing from memory-based zero days
Solution
RunSafe offers a cybersecurity solution designed to keep connected automotive systems secure against known and unknown vulnerabilities.
Key features of RunSafe’s solution include:
- Automated build-time SBOM generation, including for C/C++: RunSafe supports compliance with SBOM and software supply chain standards with build-time SBOM generation and automated vulnerability identification to reduce your risk.
- Automated mitigation and code protection: By using patented runtime protection technology to cyberharden vehicle components, RunSafe reduces opportunities for attackers to exploit memory safety vulnerabilities and take control of critical systems. RunSafe’s solution identifies and mitigates risks before they can impact vehicle safety and operation.
- Seamless integration: RunSafe’s cybersecurity measures are easily integrated into your existing CI/CD pipeline and align with existing automotive safety standards (such as ISO/SAE 21434 and ISO 26262), improving compliance and enhancing the overall safety of vehicle systems.
- Futureproof from zero days: By protecting against known and unknown vulnerabilities and denying the building blocks of zero days, RunSafe prevents future attacks by eliminating the entire class of memory safety vulnerabilities.
Examples
Jeep Cherokee Hack (2015): A vulnerability in the Uconnect infotainment module, exploited via cellular network, led to remote control of steering and brakes.
Example Vulnerability: CVE-2025-2082
CVE-2025-2082 is a critical integer overflow in the Tesla Model 3’s Vehicle Control System Electronic Controller (VCSEC), exploitable via the Tire Pressure Monitoring System. Attackers within Bluetooth or Wi-Fi range could execute arbitrary code on the VCSEC and send unauthorized CAN bus commands, potentially affecting core functions like braking or acceleration.
Latest Resources
The Wild West of C/C++ Development & What It Means for SBOM Generation
C and C++ give developers maximum flexibility and performance benefits, which is why they remain the dominant languages for embedded systems, firmware, and high-performance computing. But as any developer who's worked on a C/C++ project can tell you, (myself included)...
The 2025 SBOM Minimum Elements: A Turning Point But Embedded Systems Still Risk Being Left Behind
Key Takeaways The 2025 SBOM minimum elements represent significant progress since the 2021 baseline. New fields, such as license, hashes, and generation context, push SBOMs beyond check-the-box compliance. Licensing data closes a critical blind spot in software supply...
Why Securing Autonomous Vehicles Must Start Now
The automotive industry is racing toward a driverless future. But with innovation comes an undeniable truth: cybersecurity will determine whether autonomy delivers on its promise or stalls in its tracks. From advanced driver-assistance systems to fully autonomous...