CYBERSECURITY needs to be upgraded for electric vehicles (EVs) and in-vehicle infotainment systems, according to cybersecurity company Trend Micro.
“The Philippines faces cybersecurity gaps due mainly to a lack of strict regulations and security frameworks for connected vehicles and EV infrastructure. The EV ecosystem continues to expand, and with it, its attack surface,” Myla Pilao, director of Trend Research, said in an e-mail.
About 4% of the estimated 500,000 vehicle purchases this year are expected to be EVs, Chamber of Automotive Manufacturers of the Philippines President Rommel R. Gutierrez said in February.
As more countries adopt EVs, attackers are likely target EV components and in-vehicle infotainment. This could lead to compromised vehicle controls, data breaches, and potential financial losses.
“Attackers will most likely target personal data, GPS (global positioning system) location, payment credentials, and remote access controls, which are the tip of the iceberg regarding the data collected by used modern vehicles,” Ms. Pilao said.
In the last decade, about 83% of reported automotive-related vulnerabilities worldwide involved onboard components like operating systems and chipsets, according to a report by VicOne, a subsidiary of Trend Micro.
To gain unauthorized access, attackers usually exploit weak authentication, outdated software, or unsecured communication protocols to gain unauthorized access, Ms. Pilao said.
Once inside, attackers can deploy malicious code to control vehicle functions, steal sensitive data, or disrupt operations, while remaining undetected.
Artificial intelligence (AI) can also be used to attack EVs and in-vehicle infotainment systems.
“While AI can enhance security, researchers have found that AI-powered threats could manipulate sensor data in autonomous vehicles and bypass security measures,” according to Ms. Pilao.
Car companies and vendors must deploy stricter supplier evaluations, and conduct security assessments and vulnerability scans, Trend Micro said.
For their part, vehicle owners must ensure regular software updates and multi-factor authentication.
EV charging stations are also vulnerable as they are connected online, and interact with payment systems and power grids.
“If not properly secured, they could be exploited to access in-vehicle systems, steal payment information, and disrupt charging processes,” the company said in its Trend Micro Security Predictions for 2025 report.
Derrick John Tolentino, vice-president and general manager at EV solution startup EVOxCharge, said it is implementing robust security measures through multiple protection layers.
“While industry frameworks like the NIST Cybersecurity Framework and ISO 21434 provide guidance, the rapid expansion of charging networks introduces new security challenges,” he said in an e-mail.
EVOxCharge is a unit of logistics company Transnational Diversified Group. It supplies, operates and maintains EV charging infrastructure.
Its practices include end-to-end encryption, multi-factor authentication, regular software updates and pricing, network segmentation, threat monitoring and incident response, and secure payment processing. — Beatriz Marie D. Cruz