Recently, using parts purchased on eBay and a salvage yard, a group of hackers managed to hack the Bluetooth of a Nissan electric vehicle , taking control: they turned on the horn and windshield wipers, and recorded passenger conversations, all without touching the vehicle. Although it was only an ethical test, it shows that the automotive sector is redefining itself and must do so with cybersecurity at its core .
Modern cars are already a technological device ; they connect via Wi-Fi or Bluetooth and use Artificial Intelligence (AI) to activate virtual assistants or predict when they need maintenance. They also have servers that store the driver’s location or navigation preferences to improve their experience. These are undoubtedly important innovations for smart mobility, but they also open up a gateway for cybercrime , capable of accessing this personal data, installing malware, disrupting critical car functions, and even causing physical damage.
This is a challenge in itself, but the need for cybersecurity is not limited to vehicles. It’s a challenge for the entire automotive industry, as many threats originate from production processes, multiplying vulnerabilities in the value chain, which, in its quest to be more efficient and sustainable, is more connected than ever and, therefore, more exposed.
In the first quarter of 2025, threats were detected on 21% of industrial control system computers in Latin America . One of the most affected sectors was manufacturing, putting vehicle manufacturers on alert. Their infrastructure, from administrative and development systems to production lines, can be targeted by one of the most dangerous industrial threats : ransomware . The modus operandi consists of stealing confidential information, demanding large sums of money to recover it, and paralyzing critical processes, generating economic losses, production delays, and risks to vehicle quality and safety.
Added to this is the supply chain, with dozens of suppliers, where a lack of transparency in security practices , delays in reporting vulnerabilities, and the use of unprotected systems are common, generating risks for the entire connected ecosystem.
Part of the problem is that cybersecurity is often left for after the damage is done, even though, to truly work, it must be built in from the design stage.
The idea of ”security by design” means that cars should be designed to be secure from the outset , not when they’re about to hit the market. This involves integrating protections from the software that controls their functions to the systems that connect them to the internet. This can prevent risks such as data theft, remote control of the car, or navigation system failures.
In addition to secure vehicle design, manufacturers must protect their operations and critical information from attacks . They need tools that safeguard their industrial control systems and access to threat intelligence to anticipate risks and respond quickly. Preventative measures such as penetration testing, security assessments, and attack simulations are valuable.
Security must permeate the entire supply chain, from the sensor supplier to the software developer for each component. To achieve this, it is essential to audit processes, enforce good development practices, and establish clear responsibilities for cybersecurity. International regulations urge manufacturers and suppliers to adopt a risk-based approach throughout the vehicle lifecycle.
In an increasingly connected industry, it only takes one weak link to compromise the entire chain. The mobility of the future will be intelligent, but it must also be secure . And this will be achieved if cybersecurity is placed at the heart of every decision.
*Jaime Berditchevsky is the general director for Mexico at Kaspersky .
Comment and follow Jaime Berditchevsky on LinkedIn .
Comment and follow us on X: @GrupoT21
