In this episode, Kate dives into the latest automotive cybersecurity headlines — from wireless tire pressure monitoring vulnerabilities to supplier ransomware and SBOM validation breakthroughs. She unpacks critical issues affecting OEMs, Tier 1 suppliers, and dealerships, while highlighting the real-world implications of Bluetooth Low Energy attacks, supply chain risks, and continuous software validation.

Whether you’re an engineer, cybersecurity practitioner, or dealership IT lead, this episode delivers a fast-paced, expert breakdown of what’s shaping the automotive security landscape right now.

Key Takeaways

• TPMS (Tire Pressure Monitoring Systems) still transmit unencrypted signals, leaving room for spoofing and tracking vulnerabilities.
• Supplier cyber incidents, such as those impacting Jaguar Land Rover, show how attacks ripple through the entire automotive supply chain.
• Bluetooth Low Energy (BLE) weaknesses continue to expose vehicles to unauthorized access — secure pairing and token rotation are essential.
• Ransomware groups like Akira are increasingly targeting distributors and service providers within the automotive ecosystem.
• Continuous SBOM validation and integration with threat intelligence are key to proactive risk management under ISO/SAE 21434 and UNECE R155.
• Machine learning intrusion detection systems (IDS) show promise but require realistic datasets and careful tuning to avoid false positives.

Quotes

“Safety signaling that can be faked is a problem. When drivers start to ignore warnings, we’ve already lost the battle.”

“If your dealer network still relies on flat networks because printers — this is your sign to fix that.”

“Your SBOM program isn’t about paperwork. It’s about knowing what’s in your software so you can fix what matters.”

Timestamps

(01:29 ) Wireless threats to tire pressure monitoring systems (TPMS)

(06:00 ) Supplier cyberattacks disrupting Jaguar Land Rover’s production

(08:30 ) Pen Test Partners’ guide to hacking Bluetooth Low Energy

(11:00 ) Ransomware attack on Harbor Diesel & Equipment

(13:42 ) Advances in SBOM validation and continuous vulnerability management

(17:25 ) Machine learning intrusion detection for the Internet of Vehicles

(20:32 ) Practical takeaways for OEMs, suppliers, and dealerships

(23:50 ) Community questions and call for industry collaboration

Referenced Links

• Automotive Cybersecurity Standards: ISO/SAE 21434
• UNECE Regulation No. 155 – Cybersecurity and Cybersecurity Management Systems
• UNECE Regulation No. 156 – Software Updates
• Pen Test Partners – Practical Guide to Hacking BLE
• Ransomware.live – Akira Group Listing
• Kaspersky: A Decade of Vehicle Hacks Report

Please Leave Us a Rating and Review

If you enjoyed this episode of Security Breaks, please take a moment to rate and review us on Apple Podcasts — it helps others in the automotive cybersecurity community discover the show.

Connect With ASRG (Automotive Security Research Group)

🌐 ASRG.io

💼 ASRG on LinkedIn

📧 Contact: securitybreaks@arg.io