The 2025 recall of nearly 800,000 Hyundai and Kia vehicles over security vulnerabilities wasn’t caused by a mechanical failure, but by a flaw in the vehicles’ remote access systems. The issue, which could allow thieves to unlock and start the cars, highlighted a growing reality in the automotive industry: the value of a modern vehicle increasingly resides not in its mechanical reliability, but in the continuity of its software.
From entry-level hatchbacks with app-based keyless entry to luxury electric vehicles with cloud-connected diagnostics, the functionality of a car is now deeply intertwined with software and network connectivity. This shift means that whether a vehicle “runs” or “doesn’t run” can depend on whether a remote authentication system remains active, or if an over-the-air software patch is successfully applied. The Hyundai and Kia recall underscored the potential consequences of failing to secure these systems.
The vulnerabilities exploited in the Hyundai and Kia vehicles stemmed from weaknesses in their “Hyundai Digital Key” and “Kia Access” systems, which allow owners to lock, unlock and start their vehicles using a smartphone app. Security researchers discovered that attackers could exploit these systems to bypass security measures and gain control of the vehicles. The National Highway Traffic Safety Administration (NHTSA) determined the flaw posed a significant safety risk, prompting the recall.
This incident is not isolated. The expanding attack surface of connected vehicles presents a growing challenge for automakers and cybersecurity professionals. Electric vehicles (EVs), in particular, are heavily reliant on software for battery management, power distribution, and other critical functions. The security of EV charging infrastructure is likewise paramount, as compromised charging stations could potentially disrupt the power grid or steal user data. EMudhra, a provider of Public Key Infrastructure (PKI) solutions, emphasizes the necessitate for robust security measures to protect EV charging stations through encrypted data exchange, secure authentication, and access control, preventing cyberattacks and data breaches.
Public Key Infrastructure (PKI) is emerging as a key technology for securing connected vehicles. PKI uses digital certificates to verify the identity of devices and users, and to encrypt communication channels. EMudhra’s solutions, for example, offer conclude-to-end encryption, tamper-proof communication, and secure software updates. These capabilities are crucial for protecting against a range of threats, including unauthorized access, data manipulation, and malware infections.
Traditional authentication methods, such as Radio Frequency Identification (RFID) and Near Field Communication (NFC), are increasingly recognized as vulnerable to attack. A recent research paper highlighted the cybersecurity challenges associated with these technologies in the context of EVs and Electric Vehicle Charging Systems (EVCs). The paper suggests that more robust authentication protocols are needed to protect vehicles, users, and energy infrastructure.
The need for secure software updates is particularly critical. Automakers are increasingly relying on over-the-air (OTA) updates to fix bugs, improve performance, and add new features. However, if these updates are not properly secured, attackers could potentially inject malicious code into vehicles. EMudhra’s PKI solutions authenticate and secure these software updates, enabling safe remote access and system monitoring.
The integration of vehicles into broader digital ecosystems also raises concerns about data privacy. Connected vehicles collect vast amounts of data about drivers and their habits, which could be exploited for commercial or malicious purposes. Secure data encryption and access controls are essential for protecting this sensitive information.
Microsoft’s Entra ID platform is being integrated with automotive software platforms, like Continuity Software Platform, to provide single sign-on capabilities and centralized account management. This allows automakers to leverage existing identity management infrastructure and streamline access control for both employees and customers.
The automotive industry is responding to these challenges by investing in cybersecurity research and development, and by collaborating with security experts. However, the threat landscape is constantly evolving, and automakers must remain vigilant in their efforts to protect connected vehicles from cyberattacks. The long-term security of the automotive ecosystem will depend on a layered approach that combines robust security technologies, secure software development practices, and ongoing monitoring and threat intelligence.
