Kaspersky SAS 2025 - Sergey Anufrienko cover

Kaspersky SAS 2025 – Sergey Anufrienko talks about the risks of vehicle cyberattacks

By Hitech Century | November 3, 2025 |

At Kaspersky Security Analyst Summit (SAS) 2025, Sergey Anufrienko, Vulnerability Research Group Manager, Kaspersky ICS CERT talked about the theoretical possibilities for vehicle hacks. We have a word with Sergey about how close we are to that possibility happening in real life…

[Hitech Century] We often think of cybersecurity as something primarily for phones and computers but what does it mean when things like factories, public transport, power grids, water companies and even traffic lights are hacked?

Table of Contents

[Sergey Anufrienko] Games like Watch Dogs released by Ubisoft and the film Enemy of the State depicted such possibilities but they sounded fantastical for the time but they are slowly becoming a reality. For now, we rarely see such things as transportation hacking in practice but things like power plants and industrial systems are already being targeted and hacked so this is serious stuff. An example of this is the Stuxnet malware in 2010 that caused substantial damage to Iran’s nuclear programme.

[Hitech Century] Vehicles including EVs are becoming more connected than ever. Based on your research, what are the most surprising ways a car can be hacked today without cybercriminals even touching it physically?

[Sergey Anufrienko] In our research we explore not only local but remotely exploitable vulnerabilities as well so we also research into all aspects of wireless communications including modems and wireless chips as well as cellular networks.

The most surprising and new attack vector is related to EVs because you can hack them through charging stations to send and receive malicious payloads. While this hasn’t occurred yet, it is theoretically possible and there is public research available and was demonstrated to be a plausible avenue of attack.

[Hitech Century] Some people think vehicle hacking only affects EVs. Based on your findings, how vulnerable are conventional ICE and hybrid cars to these attacks? From a cybersecurity perspective, are traditional ICE vehicles safer than EVs?

[Sergey Anufrienko] The majority of vehicles on the road are conventional internal combustion engines (ICE) and many of them are pretty old. The lifespan of a car is maybe 10 plus years and the support period for many of these vehicles have most likely ended.

If there are security vulnerabilities that can be exploited, they probably won’t and can’t be fixed by vendors so there will likely be vulnerable cars on the road.In the case of older vehicles, users have to drive into a service centre to get these firmware and software updates which complicates matters.

However, EVs are relatively new compared to ordinary cars and manufacturers have a chance to make them more secure. As EVs belong to the connected cars category, manufacturers can issue OTA firmware updates and close security issues by releasing software updates.

[Hitech Century] You’ve analysed components from different car manufacturers in the course of your research. Are car makers taking security seriously enough?

[Sergey Anufrienko] In my experience, some car manufacturers are taking security seriously and others less so because they probably have timing restrictions as they need to release features to the market so they put a lower priority on security. Some do and implement them later but that leaves a window of opportunity for malicious threat actors.

[Hitech Century] For the average car owner in Malaysia, what are some basic cybersecurity precautions they can take to stay safe?

[Sergey Anufrienko] The best thing to do is to install updates as soon as they become available from the automotive maker and also do not connect to untrusted devices via Bluetooth and WiFi. While vehicle chargers with malicious payloads are a theoretical possibility, they haven’t appeared yet in any cases. [End]

Sergey Anufrienko, Vulnerability Research Group Manager, Kaspersky ICS CERT

You can also check out our other features at Kaspersky SAS 2025 about Dante spyware here, the BlueNoroff APT group here and critical cybersecurity flaws in connected vehicles here. You can also check out our prior interview with Sergey Lozhkin, Head of the Kaspersky Global Research and Analysis Team (GReAT) East at Kaspersky SAS 2025 here as well as our interview with Tatyana Shishkova, Lead Malware Analyst at Kaspersky GReAT here.

Posted in Enterprise and tagged Enterprise, Kaspersky, Kaspersky SAS 2025, Sergey Anufrienko