Vulnerability Surge and Lowered Barriers
A new report from PCA Cyber Security reveals a dramatic 105% year on year increase in automotive cybersecurity vulnerabilities. During the first quarter, researchers catalogued 265 new automotive CVEs, marking a 28% jump from the previous quarter. More concerning, 88% of these vulnerabilities could be exploited without specialized tools or extensive preparation, indicating that attack methods are becoming more accessible to a wider range of threat actors.
In Vehicle Ethernet as Primary Attack Vector
Among the 14 distinct entry methods identified, in vehicle Ethernet networks emerged as the dominant attack surface, accounting for 25% of all vulnerabilities tracked in the quarter. This finding is particularly significant as automakers increasingly adopt Ethernet to replace older network architectures and support connected features. Without rigorous security design and testing, this architectural shift expands the attack surface across the entire vehicle.
Ecosystem Wide Risks and Real World Incidents
The report demonstrates that automotive cyber risk extends far beyond isolated vehicle components. Vulnerabilities now span cloud services, mobile apps, support operations, and online marketplaces. Real world impacts were demonstrated by a cyberattack on a Russian telematics provider, whose compromised mobile app left owners unable to unlock doors or start engines for nearly two weeks. Another incident exposed 12.4 million user records from a major automotive marketplace through a voice phishing attack. The Pwn2Own Automotive competition further highlighted the scale of the challenge, with 73 entries uncovering zero day flaws in Tesla infotainment systems, mainstream head units, and EV chargers.
Source: SecurityBrief

