Think about driving an Electric Vehicle (EV) on a connected highway. It would be smart, efficient, and always talking to cloud systems, chargers, and sensors. Now imagine how that same car could suddenly speed up or slow down because a malicious command got to its motor controller. In today’s software-defined mobility ecosystem, what used to sound like science fiction is becoming an increasingly real worry.
The powertrain in modern EVs has become a cyber-physical system where software controls motion. This convergence of code and current introduces a new class of vulnerabilities often hidden beneath the surface. OEMs have made significant progress in securing telematics and infotainment systems, but the powertrain remains an open frontier, where a single cyber event could translate into real-world safety or performance consequences.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
What is hidden?
Telematics and over-the-air (OTA) updates let the motor controller send and receive data all the time to and from the battery management system (BMS), the vehicle network, and cloud services. This connectivity enables predictive maintenance, software upgrades, and improved performance. But every new connection could be a way for a vulnerability to arise. In principle, if a hacker got into a dealer portal, a cloud interface, or an OTA delivery system, they could send malicious code to the motor controller, change the torque outputs, turn off regenerative braking, or mess with the inverter’s functionality. These changes have physical effects, unlike data breaches that impair privacy. A malicious instruction may make the speed go up suddenly, cause unplanned power losses, or even cause the system to overheat, all of which would be directly dangerous. Researchers have already shown that these kinds of attacks are possible by faking Controller Area Network (CAN) communications or changing firmware to affect how vehicles move from a distance.
Why does it matter?
Recent years have revealed the susceptibility of the automotive ecosystem to cyber threats. In 2024, Kia’s connected vehicle portal contained an application programming interface (API) vulnerability that permitted unauthorized remote commands. Criminals also utilized cost-effective keyless entry simulators to hijack Hyundai and Kia vehicles, demonstrating how minor security vulnerabilities can be amplified. In early 2025, Jaguar Land Rover (JLR) experienced a significant cyber incident that compromised its IT systems and logistics operations in the UK. Although vehicles were not directly impacted, production was suspended and software updates were postponed, demonstrating that backend infrastructure is essential to both operational efficiency and vehicle safety.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataAccording to Upstream Security’s recent Global Automotive Cybersecurity report, cyber incidents in mobility increased by nearly one-third compared to the previous year. Many of the attacks targeted suppliers, telematics platforms, and charging networks, critical intermediaries connecting digital networks with vehicle control systems. These incidents highlight the growing importance of cybersecurity in the automotive industry, as vulnerabilities in these interconnected systems can have widespread consequences. All stakeholders must prioritize cybersecurity measures to ensure the safety and reliability of connected vehicles.
What to protect?
A complete strategy that covers hardware, networks, supply chains, and operational resilience is needed to keep the EV motor and inverter safe. Secure boot processes and digitally signed firmware make sure that only trusted code runs at the hardware level. Hardware Security Modules (HSMs) protect encryption keys from being changed. Powertrain systems in the car should work in separate domains from infotainment and external interfaces. Intrusion detection systems (IDS) should keep an eye on torque commands and communication patterns for any strange behavior. Equally important is the integrity of the supply chain. OTA updates, telematics systems, and service portals must all have robust authentication and extensive logging in place, since compromised credentials are still a typical way for attacks to happen. To make sure that only authenticated entities can talk to the car, EV chargers and Vehicle-to-Grid (V2G) systems should use mutual authentication. Lastly, vehicles should have safe fallback modes that immediately reduce torque or isolate damaged subsystems when they detect strange behavior. This will stop potential cyber incidents from becoming safety risks.
Toward a secure future
As electric mobility advances, cybersecurity and physical safety are becoming ever more tightly linked. Incidents such as the Kia API vulnerability and JLR cyber disruption demonstrate how minor breaches can significantly impact operations and undermine trust. Future EVs will establish deep connections with urban infrastructure, power infrastructure, and residential systems, thereby enhancing technological innovation and associated cyber risks. Safeguarding essential systems such as inverters and motor controllers is crucial to maintaining safe, resilient, and intelligent mobility.
Sarath Nair, Analyst, Powertrain
This article was first published on GlobalData’s dedicated research platform, the Automotive Intelligence Center.
