The Threat Landscape of Connected Vehicles

Don Nalin Dharshana Jayaratne; Qian Lu; Abdur Rakib; Muhamad Azfar Ramli; Rakhi Manohar Mepparambath; Siraj Ahmed Shaikh; Hoang Nga Nguyen; Suraj Harsha Kamtam

doi:10.1007/978-3-031-82031-1_13

The Threat Landscape of Connected Vehicles

Don Nalin Dharshana Jayaratne
, Qian Lu
, Abdur Rakib
, Muhamad Azfar Ramli
, Rakhi Manohar Mepparambath
, Siraj Ahmed Shaikh
, Hoang Nga Nguyen
, Suraj Harsha Kamtam

Centre for Future Transport and Cities

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding › peer-review

1 Citation (Scopus)

Abstract

As connected vehicles (CVs) play an increasingly pivotal role in modern transportation, cybersecurity threats targeting these systems have become a critical area of concern. This study systematically identifies and classifies vulnerabilities from the National Vulnerability Database (NVD) and the Automotive Attack Database (AAD) using a semi-automated filtering process. Our analysis identifies a total of 508 vulnerabilities across these databases, which are categorised based on ISO/SAE 21434 impact categories: safety, financial, operational, and privacy. A key finding reveals that 14.6\% of these vulnerabilities have systemic implications, meaning they have the potential to cause widespread disruption across multiple vehicles or the broader transportation network. Furthermore, 45\% of the vulnerabilities are associated with remote attack vectors, significantly increasing the risk of large-scale exploitation. This research contributes an updated database of automotive vulnerabilities, providing a valuable resource for the cybersecurity community. The findings highlight the need to enhance current automotive cybersecurity standards, such as ISO/SAE 21434, to address the complex inter-dependencies and systemic risks within connected vehicle ecosystems.

Original language	English
Title of host publication	Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence
Subtitle of host publication	Proceedings of the 16th International Conference on Global Security, Safety and Sustainability, London, November 2024
Editors	Hamid Jahankhani, Biju Issac
Publisher	Springer
Pages	227-247
Number of pages	21
ISBN (Electronic)	978-3-031-82031-1
ISBN (Print)	978-3-031-82030-4
DOIs	https://doi.org/10.1007/978-3-031-82031-1_13
Publication status	Published - 2025
Event	16th International Conference on Global Security, Safety & Sustainability - Duration: 25 Nov 2024 → 27 Nov 2024

Publication series

Name	Advanced Sciences and Technologies for Security Applications
Volume	Part F414
ISSN (Print)	1613-5113
ISSN (Electronic)	2363-9466

Conference

Conference	16th International Conference on Global Security, Safety & Sustainability
Abbreviated title	ICGS3-24
Period	25/11/24 → 27/11/24

Bibliographical note

This document is the author’s post-print version, incorporating any revisions agreed during the peer-review process. Some differences between the published version and this version may remain and you are advised to consult the published version if you wish to cite from it.

Funding

This work was supported by Coventry University and the A*STAR Research Attachment Programme (ARAP).

Funders
Coventry University
The Agency for Science, Technology and Research of Singapore

Keywords

Automotive cybersecurity
Connected vehicles
National Vulnerability Database
Vulnerability classification
Vulnerability impact assessment

ASJC Scopus subject areas

Computer Science(all)

Themes

Security and Resilience

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-031-82031-1_13

Cite this

Dharshana Jayaratne, D. N., Lu, Q., Rakib, A., Ramli, M. A., Mepparambath, R. M., Shaikh, S. A., Nguyen, H. N., & Kamtam, S. H. (2025). The Threat Landscape of Connected Vehicles. In H. Jahankhani, & B. Issac (Eds.), Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence: Proceedings of the 16th International Conference on Global Security, Safety and Sustainability, London, November 2024 (pp. 227-247). (Advanced Sciences and Technologies for Security Applications; Vol. Part F414). Springer. https://doi.org/10.1007/978-3-031-82031-1_13

The Threat Landscape of Connected Vehicles. / Dharshana Jayaratne, Don Nalin ; Lu, Qian ; Rakib, Abdur et al.
Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence: Proceedings of the 16th International Conference on Global Security, Safety and Sustainability, London, November 2024. ed. / Hamid Jahankhani; Biju Issac. Springer, 2025. p. 227-247 (Advanced Sciences and Technologies for Security Applications; Vol. Part F414).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding › peer-review

Dharshana Jayaratne, DN , Lu, Q , Rakib, A, Ramli, MA, Mepparambath, RM, Shaikh, SA, Nguyen, HN & Kamtam, SH 2025, The Threat Landscape of Connected Vehicles. in H Jahankhani & B Issac (eds), Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence: Proceedings of the 16th International Conference on Global Security, Safety and Sustainability, London, November 2024. Advanced Sciences and Technologies for Security Applications, vol. Part F414, Springer, pp. 227-247, 16th International Conference on Global Security, Safety & Sustainability, 25/11/24. https://doi.org/10.1007/978-3-031-82031-1_13

Dharshana Jayaratne DN , Lu Q , Rakib A, Ramli MA, Mepparambath RM, Shaikh SA et al. The Threat Landscape of Connected Vehicles. In Jahankhani H, Issac B, editors, Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence: Proceedings of the 16th International Conference on Global Security, Safety and Sustainability, London, November 2024. Springer. 2025. p. 227-247. (Advanced Sciences and Technologies for Security Applications). Epub 2025 May 14. doi: 10.1007/978-3-031-82031-1_13

Dharshana Jayaratne, Don Nalin ; Lu, Qian ; Rakib, Abdur et al. / The Threat Landscape of Connected Vehicles. Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence: Proceedings of the 16th International Conference on Global Security, Safety and Sustainability, London, November 2024. editor / Hamid Jahankhani ; Biju Issac. Springer, 2025. pp. 227-247 (Advanced Sciences and Technologies for Security Applications).

@inproceedings{3493b935c971474b83757c27a5acb661,

title = "The Threat Landscape of Connected Vehicles",

abstract = "As connected vehicles (CVs) play an increasingly pivotal role in modern transportation, cybersecurity threats targeting these systems have become a critical area of concern. This study systematically identifies and classifies vulnerabilities from the National Vulnerability Database (NVD) and the Automotive Attack Database (AAD) using a semi-automated filtering process. Our analysis identifies a total of 508 vulnerabilities across these databases, which are categorised based on ISO/SAE 21434 impact categories: safety, financial, operational, and privacy. A key finding reveals that 14.6\textbackslash{}\% of these vulnerabilities have systemic implications, meaning they have the potential to cause widespread disruption across multiple vehicles or the broader transportation network. Furthermore, 45\textbackslash{}\% of the vulnerabilities are associated with remote attack vectors, significantly increasing the risk of large-scale exploitation. This research contributes an updated database of automotive vulnerabilities, providing a valuable resource for the cybersecurity community. The findings highlight the need to enhance current automotive cybersecurity standards, such as ISO/SAE 21434, to address the complex inter-dependencies and systemic risks within connected vehicle ecosystems.",

keywords = "Automotive cybersecurity, Connected vehicles, National Vulnerability Database, Vulnerability classification, Vulnerability impact assessment",

author = "\{Dharshana Jayaratne\}, \{Don Nalin\} and Qian Lu and Abdur Rakib and Ramli, \{Muhamad Azfar\} and Mepparambath, \{Rakhi Manohar\} and Shaikh, \{Siraj Ahmed\} and Nguyen, \{Hoang Nga\} and Kamtam, \{Suraj Harsha\}",

note = "This document is the author{\textquoteright}s post-print version, incorporating any revisions agreed during the peer-review process. Some differences between the published version and this version may remain and you are advised to consult the published version if you wish to cite from it.; 16th International Conference on Global Security, Safety \& Sustainability, ICGS3-24 ; Conference date: 25-11-2024 Through 27-11-2024",

year = "2025",

doi = "10.1007/978-3-031-82031-1\_13",

language = "English",

isbn = "978-3-031-82030-4",

series = "Advanced Sciences and Technologies for Security Applications",

publisher = "Springer",

pages = "227--247",

editor = "Hamid Jahankhani and Biju Issac",

booktitle = "Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence",

address = "United Kingdom",

}

TY - GEN

T1 - The Threat Landscape of Connected Vehicles

AU - Dharshana Jayaratne, Don Nalin

AU - Lu, Qian

AU - Rakib, Abdur

AU - Ramli, Muhamad Azfar

AU - Mepparambath, Rakhi Manohar

AU - Shaikh, Siraj Ahmed

AU - Nguyen, Hoang Nga

AU - Kamtam, Suraj Harsha

N1 - This document is the author’s post-print version, incorporating any revisions agreed during the peer-review process. Some differences between the published version and this version may remain and you are advised to consult the published version if you wish to cite from it.

PY - 2025

Y1 - 2025

N2 - As connected vehicles (CVs) play an increasingly pivotal role in modern transportation, cybersecurity threats targeting these systems have become a critical area of concern. This study systematically identifies and classifies vulnerabilities from the National Vulnerability Database (NVD) and the Automotive Attack Database (AAD) using a semi-automated filtering process. Our analysis identifies a total of 508 vulnerabilities across these databases, which are categorised based on ISO/SAE 21434 impact categories: safety, financial, operational, and privacy. A key finding reveals that 14.6\% of these vulnerabilities have systemic implications, meaning they have the potential to cause widespread disruption across multiple vehicles or the broader transportation network. Furthermore, 45\% of the vulnerabilities are associated with remote attack vectors, significantly increasing the risk of large-scale exploitation. This research contributes an updated database of automotive vulnerabilities, providing a valuable resource for the cybersecurity community. The findings highlight the need to enhance current automotive cybersecurity standards, such as ISO/SAE 21434, to address the complex inter-dependencies and systemic risks within connected vehicle ecosystems.

AB - As connected vehicles (CVs) play an increasingly pivotal role in modern transportation, cybersecurity threats targeting these systems have become a critical area of concern. This study systematically identifies and classifies vulnerabilities from the National Vulnerability Database (NVD) and the Automotive Attack Database (AAD) using a semi-automated filtering process. Our analysis identifies a total of 508 vulnerabilities across these databases, which are categorised based on ISO/SAE 21434 impact categories: safety, financial, operational, and privacy. A key finding reveals that 14.6\% of these vulnerabilities have systemic implications, meaning they have the potential to cause widespread disruption across multiple vehicles or the broader transportation network. Furthermore, 45\% of the vulnerabilities are associated with remote attack vectors, significantly increasing the risk of large-scale exploitation. This research contributes an updated database of automotive vulnerabilities, providing a valuable resource for the cybersecurity community. The findings highlight the need to enhance current automotive cybersecurity standards, such as ISO/SAE 21434, to address the complex inter-dependencies and systemic risks within connected vehicle ecosystems.

KW - Automotive cybersecurity

KW - Connected vehicles

KW - National Vulnerability Database

KW - Vulnerability classification

KW - Vulnerability impact assessment

UR - https://www.scopus.com/pages/publications/105007090285

U2 - 10.1007/978-3-031-82031-1_13

DO - 10.1007/978-3-031-82031-1_13

M3 - Conference proceeding

SN - 978-3-031-82030-4

T3 - Advanced Sciences and Technologies for Security Applications

SP - 227

EP - 247

BT - Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence

A2 - Jahankhani, Hamid

A2 - Issac, Biju

PB - Springer

T2 - 16th International Conference on Global Security, Safety & Sustainability

Y2 - 25 November 2024 through 27 November 2024

ER -

The Threat Landscape of Connected Vehicles

Abstract

Publication series

Conference

Bibliographical note

Funding

Keywords

ASJC Scopus subject areas

Themes

UN SDGs

Access to Document

Other files and links

Embargoed Document

Fingerprint

Cite this