Smart Car Information Security (Cybersecurity and Data Security) Research Report, 2025
상품코드:1797623
리서치사:ResearchInChina
발행일:2025년 07월
페이지 정보:영문 441 Pages
라이선스 & 가격 (부가세 별도)
한글목차
현재 지능형 커넥티드카가 직면한 보안 위험은 무엇인가? 자동차 정보 보안에는 사이버 보안과 데이터 보안의 두 가지 측면이 있습니다. 사이버 보안 대책과 데이터 보안 기술은 정보 보안 프레임워크에 통합되어 다층적인 보호를 형성합니다.
지능형 커넥티드카는 통합된 모바일 스마트 단말기가 되었습니다. EEA는 계속 진화하고 있지만, 자동차 정보보안 공격은 자율주행 안전 공격(센서 고장 및 속임수, 소프트웨어 취약점 및 네트워크 공격, 판단 알고리즘 결함, 데이터 프라이버시 및 보안), 차량-도로-클라우드 통합 네트워크 공격(차량 인터넷 플랫폼 공격, 도로변 인프라 도구, 위성 인터넷 공격), 충전 네트워크 공격(신에너지 자동차 배터리 시스템 공격, 충전소 네트워크 공격) 등이 지속적으로 증가하고 있습니다. 예를 들어, Toyota의 네트워크는 2024년 8월에 해킹당한 것으로 보고되었으며, Qualcomm은 2024년 10월에 자사의 칩셋에 영향을 미치는 제로데이 취약점 CVE-2024-43047을 확인했습니다. 재규어 랜드로버는 2025년 3월 해킹을 당해 700건의 내부 문서가 유출됐습니다. Vecentek VSOC가 모니터링하는 300만 대 이상의 차량에 따르면, 2024년 보안 사고는 2023년에 비해 전년 대비 31% 증가했습니다.
정책적 측면에서는 수출 및 내수 시장을 위한 OEM 및 특정 모델은 확립된 기준 및 사양(유럽 GDPR(EU 개인정보보호규정)(General Data Protection Regulation), UNECE WP.29 R155/R156, ISO/SAE 21434 "Road Vehicles- Cybersecurity Engineering", GB4449464-2024 "Technical Requirements for Vehicle Information Security", GB/T 44464-2024 "General Requirements for Vehicle Information Security", GB/T 44464-2024 "General Requirements for Vehicle Information Security" 등)을 준수해야 합니다. Cybersecurity Engineering", GB44495-2024 "Technical Requirements for Vehicle Information Security", GB/T 44464-2024 "General Requirements for Automotive Data 등)을 충족해야 합니다. 정보 보안 사양을 충족해야만 차량을 시장에 출시할 수 있습니다.
1. 공급망의 평탄화 추세는 생태적 연계와 보호를 필요로 하고, SDV의 반복 주기가 짧아지면서 보안 테스트에 대한 압력이 증가합니다.
SDV(Software-Defined Vehicle)는 소프트웨어와 하드웨어를 분리한 것입니다. OEM은 현재 새로운 기능의 출시 주기를 3-6개월로 단축하기 위해 반복적인 연구 개발 모델을 채택하고 있으며, 자동차 소프트웨어의 보안 테스트에 대한 압박이 두드러지게 나타나고 있습니다. 사이버 보안 및 데이터 보안 위협에 직면한 OEM은 개발 및 운영의 애자일 데브옵스(Agile DevOps)를 통해 자동차 라이프사이클 개발의 모든 단계에 보안 조치를 통합하고 있습니다. OEM은 DevSecOps의 통합 개발을 점차 수용하고 있습니다.
공급망이 평평해지는 추세에 따라 OEM은 더 많은 공급업체와 대면해야 하고, 디바이스의 소스 코드를 확보하기 어려워졌으며, 효율적인 펌웨어 보안 테스트 도구가 부족해졌습니다. 이러한 상황을 감안하여 OEM은 취약점 관리에 대한 노력을 점차 강화하고, 소프트웨어 공급망 보안에 대한 노력을 지속적으로 강화하고 있습니다. 효과적인 대응책으로는 소프트웨어 부품표(SBOM) 관리, 소프트웨어 구성 분석(SCA), 코드 검토, SAST, IAST, DAST, 퍼즈 테스트, 기타 기술 등이 있습니다. 이 중 소프트웨어 부품표(SBOM)에는 부품명, 버전 번호, 공급처 등뿐만 아니라 라이선스 정보, 저작권 표시, 취약점 데이터 등이 포함됩니다. 오픈소스 소프트웨어 거버넌스 및 소프트웨어 공급망 보안 관리에 사용하는 중요한 도구 중 하나인 SCA는 중요한 핵심 기능 중 하나로 SBOM을 생성하고, 이후 단계의 보안에 필수적인 기본 정보를 제공합니다.
본 보고서에서는 중국의 자동차 산업을 조사 분석하여 자동차 정보보안과 데이터 보안, 주요 기업에 대한 정보를 제공합니다.
목차
정의
제1장 자동차 정보 보안
지능형 커넥티드카의 현재 보안 리스크
자동차 정보 보안 취약성 동향
공급망 보안
자동차 정보 보안 컴플라이언스 시스템에 관한 제안
보호 기술 : IDPS와 VSOC
보호 기술 : 침입 테스트와 파즈테스트
보호 기술 : SAST, IAST, DAST
보호 기술 : 내 양자암호
정책, 규제, 기준
제2장 자동차 데이터 보안
데이터 보안 규제와 정책
OEM가 직면하는 데이터 보안 과제와 보호 대응 제안
국경간 데이터 규제와 정책 배경
데이터 보안 사례 1 : Agile Technology
데이터 보안 사례 2 : Eagle Cloud
데이터 보안 사례 3 : BJCA
데이터 보안 사례 4 : SafePloy
데이터 보안 사례 5 : Infosec Technologies
제3장 OEM 정보 보안 활동
SERES
Leapmotor
Xpeng
NIO
Li Auto
Xiaomi
BYD
Geely
Dongfeng Motor
BAIC
FAW
SAIC
GAC
JAC Group
Chery
Changan
Great Wall Motor
제4장 대표적인 자동차 정보 보안 하드웨어 기업
UNI-SENTRY
Thinktech
NationalChip
Shanghai Hangxin
HSEC
Fudan Microelectronics
Nations Technologies
HED
W.UNITED
Tongxin Microelectronics
제5장 주요 자동차 정보 보안 소프트웨어 프로바이더
Software Security Technology
Anban Tech
SourceGuard
Seczone
SECTREND
Feysh Technology
TICPSH
Chiwu Technology
Xmirror
제6장 대표적인 차량 인터넷 정보 보안 솔루션 제공업체
Vecentek
Callisto Technology
GoGoByte
Inchtek
SECDEER
Topsec
SEC-ICV
Yaxon Zhilian
Qingtianxinan
제7장 동향과 요약
자동차 정보 보안 칩 요약
파즈테스트솔루션 요약
SCA 툴/플랫폼 요약
원시 코드 보안 툴/플랫폼 요약
IDPS·VSOC 솔루션 요약
시큐어 통신 솔루션/플랫폼과 공동적 OEM 요약
차량 인터넷 보안 솔루션과 공동적 OEM 요약
자동차 사이버 보안 솔루션과 공동적 OEM 요약
자동차 데이터 보안 솔루션과 공동적 OEM 요약
트렌드 1:
자동차 산업에서의 양자 이후 암호화 기술 적용이 기술 축적에서 산업화로 전환
양자 이후 암호화 제품 및 협력 OEM 요약
트렌드 3:
자동차 정보 보안 분야 AI 적용/협력 사례
트렌드 4:
파운데이션 모델 자동차 정보 보안 적용/OEM
자동차 정보 보안 분야 에이전트 적용/협력 사례
LSH
영문 목차
영문목차
Research on Automotive Information Security: AI Fusion Intelligent Protection and Ecological Collaboration Ensure Cybersecurity and Data Security
At present, what are the security risks faced by intelligent connected vehicles? Automotive information security covers two aspects: cybersecurity and data security. Cybersecurity measures and data security technologies are embedded in the information security framework to form multi-layer protection.
intelligent connected vehicles have become integrated mobile smart terminals. The EEAs continue to evolve, but automotive information security attacks are increasing, including autonomous driving safety attacks (sensor failure and deception, software vulnerabilities and network attacks, decision algorithm defects, data privacy and security), vehicle-road-cloud integrated network attacks (Internet of Vehicles platform attacks, roadside infrastructure tools, satellite Internet attacks), and attacks on charging networks (new energy vehicle battery system attacks, charging station network attacks). For example, Toyota's network was reportedly hacked in August 2024, and Qualcomm identified a zero-day vulnerability, CVE-2024-43047 in October 2024, affecting its chipsets. Jaguar Land Rover was hacked in March 2025, resulting in the leakage of 700 internal documents. According to the 3 million+ vehicles monitored by Vecentek VSOC, security incidents in 2024 increased by 31% year-on-year compared with 2023.
In terms of policy, OEMs and specific models for both export and domestic markets must meet established standards and specifications (the European General Data Protection Regulation (GDPR), UN ECE WP.29 R155/R156, ISO/SAE 21434 "Road Vehicles-Cybersecurity Engineering", GB44495-2024 "Technical Requirements for Vehicle Information Security", GB/T 44464-2024 "General Requirements for Automotive Data", etc.). Only after meeting the information security specifications can vehicles be qualified to be launched on the market.
1. The trend of flattening the supply chain requires ecological collaboration and protection, and the shortened SDV iteration cycle increases the pressure of security testing
Software-defined vehicles (SDV) separate software and hardware. OEMs are currently adopting an iterative R&D model to shorten the new function release cycle to 3-6 months, so that the pressure of automotive software security testing is prominent. Faced with the threat of cybersecurity and data security, OEMs are increasingly integrating security practices into all phases of the vehicle lifecycle development within their agile DevOps for development and operation. They are gradually embracing the integrated development of DevSecOps.
With the trend of flattening the supply chain, OEMs now have to face more suppliers, and it is difficult for them to obtain device source code, and there is a lack of efficient firmware security testing tools. In view of this, OEMs are gradually increasing vulnerability management efforts and continuously strengthening software supply chain security efforts. Effective response measures include software bill of materials (SBOM) management, software composition analysis (SCA), code review, SAST, IAST, DAST, fuzz testing and other technologies. Among them, the software bill of materials (SBOM) includes not only component names, version numbers, suppliers, etc., but also license information, copyright statements, vulnerability data and other information. As one of the important tools for open source software governance and software supply chain security management, SCA generates SBOM as one of its important core functions, providing essential basic information for security in subsequent stages.
It is also worth noting that DAST has a collaborative value with IAST and SAST. DAST (dynamic application security testing) is a black box security testing technology that simulates external attacks (such as malicious request injection) when the application is running, and detects its dynamic response to detect security vulnerabilities. Collaboration between DAST and IAST: With Interactive Application Security Testing (IAST) accurate vulnerability positioning (such as code line level) is realized, the DAST false alarm rate reduces (from 30% to <5%). DAST and SAST are combined to form a "double inspection mechanism" (SAST for early repair of code defects + DAST for later verification of runtime security) to offer the protection in the full life cycle.
2. The application of AI in the field of automotive information security is evolving from single-point defense to intelligence and systematization
AI is reshaping the paradigm of automotive information security, shifting from passive protection to a closed loop of "prediction-defense-response". The application of AI in the field of automotive information security is evolving from single-point defense to intelligence and systematization. The main trends are reflected in two aspects: technology application and industrial ecology. The technology application trends include the following:
Cloud-edge-vehicle linkage: For example, NavInfo and Alibaba Cloud jointly build an intelligent cloud base to support the closed loop of autonomous driving R&D data and security strategy collaboration.
Deep collaboration between OEMs and technology companies (such as vertical foundation models and zero-trust architecture) will become mainstream, such as FAW Toyota X Tencent Cloud and NavInfo X Alibaba Cloud for joint research and development, focusing on the construction of "AI+security" platforms. Compliance requirements and global deployment will further drive scenario-based innovation of AI technology in line with regulations such as UN R155 and GB 44495-2024, and promote the application of AI in cross-border data and privacy protection (such as Vecentek's compliance solution for the EU).
In addition, VSOC (Vehicle Safety Operation Center) is developing towards intelligence and cloud computing to reduce the global deployment cost (Chery VSOC supports real-time translation in multiple languages).
Callisto S3-VSOC: Based on the AI-native automotive cybersecurity platform, Callisto S3 relies on the self-developed foundation model platform "Butterfly AI 2.0" (Automotive Safety Agent Cluster) to build an automotive safety agent cluster that integrates compliance, cognition and operation, enabling the process from vehicle abnormal reporting to cloud AI alarm analysis, automatically generating "Security Incident Investigation Report" in one sentence, and assisting compliance engineers in natural language interactive investigation, reducing the time spent on daily security operations by 65%.
Cognitive evolution (from experience to reasoning): Butterfly AI understands the semantics of CAN signals, diagnostic signals, remote control signals, etc. through foundation models, establishes attack maps and signal sequence behavior reasoning mechanisms, and truly transforms "data from traffic to attacks".
Ecological collaboration (from closed to linkage): TSP, remote diagnosis, OTA and intelligent driving platforms are connected to achieve natural language-driven collaboration between systems and support integrated automatic response processes.
Risk governance (from static defense to dynamic closed loop): Users can build and adjust security policies using natural language, and agents can continuously learn and evolve monitoring strategies based on feedback.
Inchtek's inVSOC Automotive Security Operation Platform: inVSOC V3 uses a self-developed high-performance DAG execution engine to support multiple analysis operators such as sequence, parallel, extreme value, and difference, and conduct real-time processing and correlation analysis of massive vehicle logs.
1. Dynamic strategy adjustment: Based on AI's adaptive learning, it continuously optimizes threat detection rules to respond to novel attacks (such as 0-day vulnerability);
Alarm analysis assistant: Automatically associate the CVE/NVD vulnerability library, Auto-ISAC threat intelligence, generate alarm summary and disposal suggestions (for example: automatically match CVSS score and recommend patch strategy).
Data insight assistant: Support natural language interaction (such as "show high-frequency attack sources in the past 7 days"), automatically generate visual charts, and accelerate operational decision-making.
Knowledge base Q&A: Integrate automotive safety knowledge base to answer operational questions such as compliance processes and incident handling specifications, and reduce personnel training costs.
Baidu's Vehicle Security Operations Center (VSOC)
AI risk assessment: When the VSOC receives events reported by IDPS, it only means that an event has occurred. Whether this event really poses a security risk can be automatically assessed by a foundation model, and a recommended solution can be given.
Alarm noise reduction: Based on the AI foundation model, the alarms can be whitened, deduplicated, aggregated, and automatically ignored to reduce noise.
Operation robot - Copilot: The VSOC integrates a natural language interactive robot dubbed Copilot based on a foundation model, which can guide the VSOC to perform automated statistics, report generation, risk interpretation, work order creation, security response, etc. through natural language.
With the continuous evolution of AI technology, the application of agents in security operation has moved from concept verification to actual implementation. In the existing intelligent operation system (such as the VSOC), agents mainly assume the following roles:
Automatic handling of simple events: For standardized and common security events with clear rules, agents can complete rapid detection, correlation analysis, and disposal based on preset rules and self-learning strategies, greatly avoiding manual intervention.
Complex event decision-making assistance:For security events with complex correlations and wide-ranging impacts, agents can integrate multi-source data, draw preliminary analysis conclusions, and provide decision-making references for operators. Finally, manual confirmation and optimization are carried out to achieve efficient response under human-machine collaboration.
With the continuous advancement of the deep integration of the VSOC and agents, security operation is evolving towards "agent centralization". A more efficient and intelligent security operation model will consist of VSOC + agent center + a small number of elite operators.
3. The application of post-quantum cryptography technology in the automotive industry has moved from technical accumulation to industrialization
The application of post-quantum cryptography technology in the automotive industry has moved from technical accumulation to industrialization under the impetus of both quantum threats and intelligent cybersecurity demand. In the short term, chip performance and standard unification should be handled. In the long term, a full-stack protection system of "algorithm-chip-communication-cloud platform" will be formed. OEMs should give priority to the layout of hybrid encryption, automotive chip certification and V2X security upgrades to cope with quantum security challenges in the next 10 years. The post-quantum cryptography migration strategy of the US NIST clearly states that for important infrastructure and business systems, the existing PKI algorithms will be replaced in 2028-2030.
Traditional asymmetric encryption algorithms like RSA and ECC are indeed vulnerable to attacks from quantum computers using algorithms like Shor's. This means that, if powerful quantum computers become a reality, public key cryptography systems relying on these algorithms for vehicle-to-cloud communication, OTA updates, and identity authentication could be compromised. The life cycle of a car is as long as 10-15 years, and quantum computers may break through in the next 10 years, so post-quantum protection should be deployed in advance.
One way to establish a quantum security system is to design Post-Quantum Cryptography (PQC), such as lattice cryptography and hash cryptography, and build a new public key cryptography system on this basis. Another way is to apply Quantum Key Distribution (QKD) technology that guarantees security with physical laws.
QKD does not rely on certain mathematical problems and can achieve absolute security of information theories. Under such security, no matter how powerful the eavesdropper's computing power is (even if s/he has a quantum computer), s/he cannot crack the quantum key generated by QKD.
Case 1: In June 2025, Geely officially released the world's first quantum security technology for intelligent connected vehicles, pioneering the integration of quantum-resistant encryption, quantum secure communication and other technologies, from identity authentication to communication encryption, from command transmission to data protection, and then to behavior monitoring, to build a comprehensive security protection chain, and create a security foundation with quantum security as the core. Geely plans to connect data centers in Hangzhou, Huzhou, Deqing and other places to the national wide-area quantum security backbone network, using quantum state superposition, indivisibility, and non-cloning physical properties to produce and distribute quantum keys, and advance the security line to the initial stage of data generation, transforming the paradigm to "Security as a Service".
Case 2: In March 2025, UNI-SENTRY officially released the world's first "SPHINCS+ post-quantum cryptographic accelerator hardware IP" that supports mainstream MCUs, providing chip-level solutions for the next-generation information security through a software-hardware collaborative architecture. It enables all hardware, and uses specially optimized high-performance parallel cores and fully pipelined hash cores (SHA256) to accelerate the core components of SPHINCS+. In addition, compared with high-performance processors (Intel E3-1120 @ 2100MHz), it is more than x260 times faster than C code implementation.
On April 26, 2025, UNI-SENTRY and SemiDrive signed a strategic cooperation agreement. By integrating the hardware trust root of the dual-mode encryption engine (supporting Kyber key encapsulation and Dilithium digital signature), it will enable E3650 to better meet the millisecond-level response requirements of zonal controllers, chassis domain controllers, and intelligent driving domain controllers under the protection of post-quantum cryptographic algorithms. Based on E3650, they jointly developed a variety of flexible and configurable information security solutions that can meet the UN WP.29 R155, the national standard GB 44495-2024 and enterprise standards, and support national encryption algorithms.
In May 2025, UNI-SENTRY's solution of Sphincs+ post-quantum cryptographic algorithm was fully adapted to Renesas RH850 U2X. In June 2025, UNI-SENTRY officially released the world's first "ultra-lightweight 3-in-1 (Kyber+Dilithium+SHA3)" post-quantum cryptography (PQC) hardware accelerator IP. This product integrates the NIST standardized algorithm Kyber (key encapsulation) and Dilithium (digital signature) into a single IP core, providing a chip-level post-quantum attack solution for smart cars, covering core controllers for the power domain, intelligent driving domain, chassis domain, cockpit domain, and body domain.
4. Stricter policies and regulations force OEMs to make safety design in advance, shifting from "after-the-fact remediation" to "full life cycle safety design"
Since the release of the "Data Security Law" in 2021, national ministries and commissions have issued a total of 39 policies and regulations related to data security in the automotive industry (such as "Several Provisions on Automotive Data Security Management (Trial)", "Guidelines for Detecting Important Data in Connected Vehicles and Autonomous Driving", GB/T 41871-2022 "Information Security Technology - Security Requirements for Automotive Data Processing", GB/T 44464-2024 "General Requirements for Automotive Data", GB/T "Intelligent Connected Vehicles - Data Security Management System Specifications" (under preparation)) and 7 standards, so that the industry's data security management system is becoming perfect.
At present, the data security challenges faced by OEMs include a wide variety of data types and diverse attacks, such as 0-day attacks, supply chain risks (OEMs share data with many partners and suppliers, so third-party risks become an important source of data leakage), and human factors (employees' weak security awareness and operational errors are also important causes of data leakage). Therefore, it is necessary to construct a data protection and governance system for the entire life cycle, and it is recommended to strengthen the construction in the following aspects (see the figure below).
For example, Agile Technology's data life cycle security protection solution with the data guard system (DGS) as the core includes data classification and grading, data encryption and decryption, data leakage prevention, outbound control, watermark traceability, log audit and other functional modules, effectively preventing data leakage and providing integrated data security protection and management for OEMs. Agile Technology's data security protection solution has currently protected the data security of industry benchmark OEMs including FAW, Changan, Dongfeng, Geely, Hozon, smart, Wuling, and Yutong.
In addition, security provider Eagle Cloud has developed its own integrated office security platform based on the SASE architecture - Eagle Cloud Hub, which integrates Zero Trust Network Access (ZTNA), Data Leakage Prevention (DLP), Extended Detection and Response (XDR), and Unified Endpoint Management (UEM), providing a comprehensive, flexible and secure SASE integrated office security solution. Its customers include Geely, SERES, Leapmotor, Avatr, WeRide and others.
Table of Contents
Definition
1 Automotive Information Security
1.1 Current Security Risks of Intelligent Connected Vehicles
Security Issues Of Intelligent Vehicles
Vehicle Attacks
Classification of Internet of Vehicles Security Risks
Summary of Major Global Intelligent Vehicle Cybersecurity Events
Attack Classification (1)
Attack Classification (2)
Attack Classification (3)
1.2 Automotive Information Security Vulnerability Trends
Authoritative Cybersecurity Vulnerability Platforms at Home and Abroad
Vulnerability Rating Mechanism in the Automotive Industry
1.3 Supply Chain Security
Comparison of Software Component Detection Tools
Software Bill of Materials (SBOM) (1)
Software Bill of Materials (SBOM) (2)
Software Supply Chain Security
Software Security and Compliance Scenarios in the automotive industry
1.4 Recommendations for Automotive Information Security Compliance System
Role of TARA in Automotive Cybersecurity
Specific Application Examples of TARA in Automotive Cybersecurity
Case of Foundation Model Reconstructing TARA Platform (1)
Case of Foundation Model Reconstructing TARA Platform (2)
Case of Foundation Model Reconstructing TARA Platform (3)
