Connected vehicles demand stronger cybersecurity and common standards

The ban on three Chinese-origin EV apps has exposed cybersecurity risks in connected vehicles, underscoring the need for robust standards like AIS189 and stronger digital safeguards

e-rickshaw,e rickshaw, electric rickshaw
Obtaining cybersecurity approval will be a prerequisite for putting new vehicles on the road. | Source: Vahan
Business Standard Editorial Comment
3 min read Last Updated : Jul 08 2026 | 10:12 PM IST
A recent hacking incident, which resulted in the ban of three Chinese-origin smartphone apps, has highlighted cybersecurity concerns centred on the automobile industry. The apps — BAT-BMS, Lossigy, and Epoch-i-ion — were designed for electric-vehicle (EV) battery management, but they can be misused to remotely disable the vehicles. Following the incident, the Union government, as reported by this newspaper, has asked automobile and parts makers to audit the software and devices in connected cars and EVs. Connected vehicles are those connected to the internet directly or via Bluetooth to smartphones. Automobiles without cyber firewalls present critical security vulnerabilities, and hackers have demonstrated such bugs for at least a decade. There is a global annual cybersecurity event, Pwn2Own Automotive, which focuses on demonstrating vulnerabilities in vehicles. In January, security researchers earned $516,500 after demonstrating 37 “zero-day” vulnerabilities in different vehicles on the first day of Pwn2Own Automotive 2026. (A zero-day is a previously undiscovered bug.)
 
Connected cars can be tracked and hijacked by hacking infotainment systems, wireless keys, or Cloud servers of manufacturers. Even sensors that track things like tyre pressure can be exploited. A recent draft notification by the Ministry of Road Transport and Highways proposed a phased rollout of cybersecurity standards for connected vehicles starting October 1, this year. The cybersecurity framework of AIS189 (Automotive Industry Standard 189) is modelled on the UN R155 regulation, which the European Union introduced in 2022. China and South Korea have introduced similar frameworks recently. Under AIS189, any new vehicle must meet specified cybersecurity standards.
 
Obtaining cybersecurity approval will be a prerequisite for putting new vehicles on the road. By October next year, AIS189 compliance will be mandatory for new models. By October 2028, it will apply to all passenger vehicles. This may require over-the-air updates and comprehensive overhauls of the electronic architecture of older models. Remote auto services are quite common. Many vehicles offer remote app functions to control heating, ventilation, and air conditioning, and EVs have remote battery-management functionality. Bluetooth vulnerability may allow anyone within range (10-15 metres) to take control of the vehicle. While the government advisory focuses on connected vehicles, every modern vehicle presents cybersecurity concerns. All use a multitude of sensors to collect diagnostic data, and they have hands-free mics and external cameras.
 
It is pragmatic to think of a modern vehicle as a mobile computer. Apart from enabling manufacturers to monitor diagnostic data and improve service and overhaul standards, the data stored in memory reveals a lot about the driver’s travel habits and presents significant privacy concerns. One complication in setting up digital firewalls is the lack of standardisation for connected vehicles. Many manufacturers create proprietary connected vehicle ecosystems, developed in-house or with technology partners. Auditing these systems is difficult compared to common smartphones or personal computers because they may have widely different software. Consumer-facing digital auto services in India have developed technology with various service providers. Each of these systems may present vulnerabilities, and plugging gaps could be difficult. Vehicular cybersecurity could likely become a race among regulators, security experts, and bad actors. Thus, implementing AIS189 would be a beginning.
   

One subscription. Two world-class reads.

Already subscribed? Log in

Subscribe to read the full story →
*Subscribe to Business Standard digital and get complimentary access to The New York Times

Smart Quarterly

₹900

3 Months

₹300/Month

SAVE 25%

Smart Essential

₹2,700

1 Year

₹225/Month

SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months

Super Saver

₹3,900

2 Years

₹162/Month

Subscribe

Renews automatically, cancel anytime

Here’s what’s included in our digital subscription plans

Exclusive premium stories online

  • Over 30 premium stories daily, handpicked by our editors

Complimentary Access to The New York Times

  • News, Games, Cooking, Audio, Wirecutter & The Athletic

Business Standard Epaper

  • Digital replica of our daily newspaper — with options to read, save, and share

Curated Newsletters

  • Insights on markets, finance, politics, tech, and more delivered to your inbox

Market Analysis & Investment Insights

  • In-depth market analysis & insights with access to The Smart Investor

Archives

  • Repository of articles and publications dating back to 1997

Ad-free Reading

  • Uninterrupted reading experience with no advertisements

Seamless Access Across All Devices

  • Access Business Standard across devices — mobile, tablet, or PC, via web or app

Topics :Business Standard Editorial CommentEditorial CommentBS OpinioncybersecurityElectric VehiclesData Privacy

Next Story