Understanding the Changing Landscape of Automotive Software Vulnerabilities: Insights from a Seven-Year Analysis

• URL: http://arxiv.org/abs/2503.17537v1
• Date: Fri, 21 Mar 2025 21:04:39 GMT
• Title: Understanding the Changing Landscape of Automotive Software Vulnerabilities: Insights from a Seven-Year Analysis
• Authors: Srijita Basu, Miroslaw Staron,
• Abstract summary: This paper presents a study on automotive vulnerabilities from 2018 to September 2024.<n>1,663 automotive software vulnerabilities were found to have been reported in the studied time frame.<n>Our study provides the platform to understand the automotive software weaknesses and loopholes and paves the way for identifying the phases in the software development lifecycle where the vulnerability was introduced.
• Score: 2.0871483263418806
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The automotive industry has experienced a drastic transformation in the past few years when vehicles got connected to the internet. Nowadays, connected vehicles require complex architecture and interdependent functionalities, facilitating modern lifestyles and their needs. As a result, automotive software has shifted from just embedded system or SoC (System on Chip) to a more hybrid platform, which includes software for web or mobile applications, cloud, simulation, infotainment, etc. Automatically, the security concerns for automotive software have also developed accordingly. This paper presents a study on automotive vulnerabilities from 2018 to September 2024, i.e., the last seven years, intending to understand and report the noticeable changes in their pattern. 1,663 automotive software vulnerabilities were found to have been reported in the studied time frame. The study reveals the Common Weakness Enumeration (CWE) associated with these vulnerabilities develop over time and how different parts of the automotive ecosystem are exposed to these CWEs. Our study provides the platform to understand the automotive software weaknesses and loopholes and paves the way for identifying the phases in the software development lifecycle where the vulnerability was introduced. Our findings are a step forward to support vulnerability management in automotive software across its entire life cycle.

Related papers

• An AUTOSAR-Aligned Architectural Study of Vulnerabilities in Automotive SoC Software [6.313369851991342]
  This study analyzes 180 publicly reported automotive System-on-Chip (SoC) vulnerabilities.<n>We identify 16 root causes and 56 affected software modules, and examine layered delays across Common Weaknession (CWE) categories and architectural layers.<n>We uncover dominant vulnerability patterns and critical modules with prolonged patch delays, and provide actionable insights for securing automotive CPS platforms.
  arXiv  Detail & Related papers  (2025-10-09T08:38:06Z)
• Federated Learning for Cyber Physical Systems: A Comprehensive Survey [49.54239703000928]
  Federated learning (FL) has become increasingly popular in recent years.<n>The article scrutinizes how FL is utilized in critical CPS applications, e.g., intelligent transportation systems, cybersecurity services, smart cities, and smart healthcare solutions.
  arXiv  Detail & Related papers  (2025-05-08T01:17:15Z)
• SoK: Stealing Cars Since Remote Keyless Entry Introduction and How to Defend From It [57.22545280370174]
  This paper provides a Systematization Of Knowledge (SOK) on Remote Keyless Entry (RKE) and Passive Keyless Entry and Start (PKES)<n>To the best of our knowledge, this is the first comprehensive SOK on RKE systems, and we address specific research questions to understand the evolution and security status of such systems.
  arXiv  Detail & Related papers  (2025-05-05T15:07:23Z)
• Key Safety Design Overview in AI-driven Autonomous Vehicles [0.0]
  It is essential to maintain a high level of functional safety and robust software design.<n>This paper explores the necessary safety architecture and systematic approach for automotive software and hardware.
  arXiv  Detail & Related papers  (2024-12-12T01:48:45Z)
• Automatic Programming: Large Language Models and Beyond [48.34544922560503]
  We study concerns around code quality, security and related issues of programmer responsibility. We discuss how advances in software engineering can enable automatic programming. We conclude with a forward looking view, focusing on the programming environment of the near future.
  arXiv  Detail & Related papers  (2024-05-03T16:19:24Z)
• Software Repositories and Machine Learning Research in Cyber Security [0.0]
  The integration of robust cyber security defenses has become essential across all phases of software development. Attempts have been made to leverage topic modeling and machine learning for the detection of these early-stage vulnerabilities in the software requirements process.
  arXiv  Detail & Related papers  (2023-11-01T17:46:07Z)
• When Authentication Is Not Enough: On the Security of Behavioral-Based Driver Authentication Systems [53.2306792009435]
  We develop two lightweight driver authentication systems based on Random Forest and Recurrent Neural Network architectures. We are the first to propose attacks against these systems by developing two novel evasion attacks, SMARTCAN and GANCAN. Through our contributions, we aid practitioners in safely adopting these systems, help reduce car thefts, and enhance driver security.
  arXiv  Detail & Related papers  (2023-06-09T14:33:26Z)
• Camera-Radar Perception for Autonomous Vehicles and ADAS: Concepts, Datasets and Metrics [77.34726150561087]
  This work aims to carry out a study on the current scenario of camera and radar-based perception for ADAS and autonomous vehicles. Concepts and characteristics related to both sensors, as well as to their fusion, are presented. We give an overview of the Deep Learning-based detection and segmentation tasks, and the main datasets, metrics, challenges, and open questions in vehicle perception.
  arXiv  Detail & Related papers  (2023-03-08T00:48:32Z)
• Connected Vehicles: A Privacy Analysis [8.513938423514636]
  A modern car is capable of processing, analysing and transmitting data in ways that could not have been foreseen only a few years ago. We examine the telematics system of a production vehicle, and aim to ascertain some of the associated privacy-related threats.
  arXiv  Detail & Related papers  (2022-07-13T13:26:12Z)
• Security for Machine Learning-based Software Systems: a survey of threats, practices and challenges [0.76146285961466]
  How to securely develop the machine learning-based modern software systems (MLBSS) remains a big challenge. latent vulnerabilities and privacy issues exposed to external users and attackers will be largely neglected and hard to be identified. We consider that security for machine learning-based software systems may arise from inherent system defects or external adversarial attacks.
  arXiv  Detail & Related papers  (2022-01-12T23:20:25Z)
• LATTE: LSTM Self-Attention based Anomaly Detection in Embedded Automotive Platforms [4.286327408435937]
  We present a novel anomaly detection framework called LATTE to detect cyber-attacks in Controller Area Network (CAN) based networks within automotive platforms. Our proposed LATTE framework uses a stacked Long Short Term Memory (LSTM) predictor network with novel attention mechanisms to learn the normal operating behavior at design time. We evaluate our proposed LATTE framework under different automotive attack scenarios and present a detailed comparison with the best-known prior works in this area.
  arXiv  Detail & Related papers  (2021-07-12T16:32:47Z)
• A First Look at Class Incremental Learning in Deep Learning Mobile Traffic Classification [68.11005070665364]
  We explore Incremental Learning (IL) techniques to add new classes to models without a full retraining, hence speeding up model's updates cycle. We consider iCarl, a state of the art IL method, and MIRAGE-2019, a public dataset with traffic from 40 Android apps. Despite our analysis reveals their infancy, IL techniques are a promising research area on the roadmap towards automated DL-based traffic analysis systems.
  arXiv  Detail & Related papers  (2021-07-09T14:28:16Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• Machine Learning for Software Engineering: A Systematic Mapping [73.30245214374027]
  The software development industry is rapidly adopting machine learning for transitioning modern day software systems towards highly intelligent and self-learning systems. No comprehensive study exists that explores the current state-of-the-art on the adoption of machine learning across software engineering life cycle stages. This study introduces a machine learning for software engineering (MLSE) taxonomy classifying the state-of-the-art machine learning techniques according to their applicability to various software engineering life cycle stages.
  arXiv  Detail & Related papers  (2020-05-27T11:56:56Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.