Cookie settings

Our website uses cookies to understand how people use our website in order for us to improve our online experience.

Cookie policy
Automotive Cyber Security

Automotive Cyber Security in the Era of Software-Defined Vehicles

Automotive

What are the key considerations OEMs should have when assessing the security of automotive software? Kristoffer Andersson, Neonode’s cybersecurity expert, explains the vulnerabilities associated with software-defined vehicles and how to avoid the threat of cyber-attacks.

Automotive Cybersecurity

The automotive industry is undergoing a seismic shift with the rise of the software-defined vehicle (SDV), where features, performance and user experience are primarily controlled and updated through over-the-air-software rather than traditional hardware components. This modern approach delivers significant benefits, including reduced manufacturing investment, enhanced connectivity, advanced customization and the seamless integration of features such as autonomous driving.

Despite these advantages, the shift introduces significant cybersecurity threats. SDVs are connected to external networks (e.g., cloud, 5G, Wi-Fi, V2X communication), creating entry points for remote cyber-attacks. As an automotive software supplier, cybersecurity is a priority for Neonode—not just for our own solutions, but for all systems connected to and from our software.

With over 10 years of experience in high-risk data security and an education from the Swedish National Defense University, Kristoffer Andersson emphasizes the importance of security in the vehicle: "Vehicles were once defined by their mechanics, but software has become their backbone. Robust security testing is now an integral part of the vehicle’s production line."

Together with Kristoffer, we explore the cybersecurity risks associated with SDVs, Neonode’s approach to fostering trust in automotive software and the key questions OEMs should consider when selecting software solutions.

The Software-Defined Vehicle and New Cybersecurity Threats

Software can transform a vehicle from a static machine into an adaptable, data-driven platform. Controls such as steering wheels, once reliant on complex motorized compartments, can now operate via steer-by-wire systems that transmit signals to actuators to control the wheel angle. Advanced Driver Assistance Systems (ADAS) enhance driver safety, comfort and convenience by assisting with driving tasks. ADAS uses software combined with sensors, cameras, radar and LIDAR to monitor the vehicles environment, detect potential hazards and provide automated or semi-automated interventions.

If any of these systems were hacked, the consequences could be fatal.

Mitigating Automotive Cyber Risks

Kristoffer states, “Software controlling critical functions must be protected from unauthorized access or manipulation. To ensure these systems are impenetrable, we first need to define what the possible risks and threats are in each context.”

Risks can be identified by first defining a clear item boundary for the software component, in order to understand the potential attack vectors associated with the system. Anything outside of the defined item boundary is a potential threat, for example, data that the component is not programmed to receive.

To combat this threat, Neonode restricts unauthorized data communications and unspecified formats in our driver monitoring software to ensure secure communication, data collection and analysis. This effectively mitigates vulnerabilities and minimizes the risk of malware injections.

Kristoffer explains how Neonode’s data communication strategy helps prevent malware attacks: “Neonode’s MultiSensing software gathers sensor data without ever transmitting it back, ensuring robust transmission. Through rigorous testing and advanced security analysis, we also verify that only authorized input data is processed, detecting and blocking any anomalies outside the defined item boundaries to achieve rigorous system security.”

Kristoffer continues, “During testing, we do everything from Fuzz Testing to advanced Penetration Testing to ensure that the system does not fail or produce unintended outputs.”

Hacking is another technique used in Neonode’s cybersecurity analysis. “Hacking,” as Kristoffer explains, “exploits systems in ways developers didn’t anticipate. It’s my responsibility to take the software from developers and make it airtight.” He recounts a white-hat hack that exploited a prominent global e-commerce website by manipulating currencies - buying products in one currency and returning them in a stronger one for profit. The hacker essentially found a system error by testing non-standard user behavior.

Kristoffer muses, “To ensure our computer vision software will not produce unintended outputs, we test it with non-standard, or unexpected input images, such as a picture of a toaster—which is an image the engineers may not have considered during development.” Spoiler alert: It didn’t toast the system.

Building Trust Through Collaborative Security Analysis

SDV development thrives on integration, requiring seamless coordination between multiple systems, and often multiple suppliers. Neonode’s Driver Monitoring Software, for example, can integrate with ADAS and other cabin systems. Therefore, a collaborative cybersecurity analysis of all systems collectively is the optimal approach to ensure secure communication between all application programming interfaces (APIs).

Kristoffer notes that working together with our customers' cybersecurity experts helps identify potential attack vectors, giving us the opportunity to propose solutions. "During testing, we might find a way to attack a connected system and we can then work together to find a fix. In one case, Neonode identified a vulnerable communication protocol in a partner’s system and we worked with the OEM to address it in order to stay ahead of potential threats."

By attempting to "break" systems early in development, Neonode ensures robustness against real-world threats like SQL injections or memory exploits.

Key Questions OEMs Should Ask When Selecting Automotive Software

OEMs must choose software that integrates seamlessly and minimizes security risks. Kristoffer outlines three critical questions OEMs should consider when selecting automotive software:

  1. How easily does the software integrate into existing platforms? Neonode’s agnostic software integrates with all common automotive-based systems, such as Windows, Android, QNX, and others. “We can run on any platform,” Kristoffer emphasizes. If a system is non-compatible or requires extra development to become compatible, security and functionality risks may arise.

  2. Does the supplier provide clear project responsibilities and support? A strong relationship with the software supplier is vital. Neonode establishes Service Level Agreements (SLAs) tailored to customer requirements, ensuring rapid response to cybersecurity issues. “We have standard processes and support—as long as agreed upfront,” Kristoffer says.

  3. Does the software minimize attack vectors? Choosing software with fewer vulnerabilities reduces security overhead. Neonode’s in-house development, including its synthetic data factory, ensures total control over the product, minimizing external dependencies and risks.

Software-defined vehicles are reshaping the automotive industry—but with innovation comes responsibility. Neonode delivers secure, adaptable software that meets the highest cybersecurity standards. Through collaboration, rigorous testing, and a forward-thinking approach, we empower OEMs to navigate the complexities of SDVs with confidence.