When Mobility Goes Digital: New Challenges for Cybersecurity

How safe are connected vehicles, really?

July 8, 2026

It’s a normal workday. The service vehicles are already lined up in a company’s parking lot. The first employees are on their way, and more vehicles are leaving the premises. None of this seems out of the ordinary. In the background, however, a vast amount of data is being processed. This includes vehicle locations, routes, and charging and usage information. At the same time, additional data is converging in connected systems—ranging from customer data to appointment and order information to digital service processes. The vehicles themselves are operating completely normally. The attack takes place elsewhere: where data is stored, consolidated, and analyzed. In this way, a comprehensive picture of a company can be built up unnoticed. Modern vehicles have long been part of a connected digital infrastructure. However, this development also brings with it growing demands on cybersecurity.
Barbara Groll speaks with Prof. Dr. Hans-Joachim Hof from the Ingolstadt University of Technology about how cyberattacks on vehicles work, what impacts they can have, and what security measures are necessary to make future mobility more resilient and safer.

Professor Hof, how close are we already to such a scenario? Are attacks on connected vehicles already possible today, or is that still a long way off?

Prof. Dr. Hans-Joachim Hof: The scenario described at the beginning is intriguing. However, it must be said that it’s rather unrealistic to attack customer data directly through the vehicle. In fact, we’re seeing attacks primarily on the systems connected to the vehicle—so-called backend services. That’s where the real danger lies.
In fact, we’re already seeing such attacks today. For example, at the end of 2024, an incident came to light in which mobility and movement data from approximately 460,000 vehicles were compromised. In total, about 900 million geodata records from the years 2022 through 2024 were accessible.
The hackers were able to analyze this data and derive sensitive information from it. For example, it was demonstrated that employees of the Federal Intelligence Service (BND) could be identified using the movement data by analyzing which vehicles were regularly parked in the BND’s parking lot.
This example illustrates that such attacks are already occurring. However, the attack vector usually does not come directly through the vehicle itself, but rather through the backend systems connected to the vehicle.

Some people today refer to cars as “computers on wheels.” In what ways does this comparison with a laptop hold true, and where does it fall short?

Prof. Dr. Hans-Joachim Hof: The comparison arose primarily because software now plays a central role in vehicles. In the past, the focus was mainly on design and mechanics. Today, modern vehicles are equipped with a multitude of computer systems.
A few years ago, a vehicle often contained 120 to 140 microcomputers that were networked with one another. This created a highly complex system that was significantly more difficult to manage than a single laptop. It was more comparable to an entire IT landscape, such as one found in a company—including the networks connecting the individual systems.
However, current vehicle architectures are continuing to evolve. Instead of a multitude of small computers, manufacturers are increasingly relying on a few powerful central computers, supplemented by additional, simpler control units. As a result, vehicle architecture is indeed becoming more like a network of computers that collectively provide a vehicle’s various functions and services.

Where, then, does the actual risk lie for companies? Is it primarily about vehicle malfunctions, the leakage of sensitive data, or the danger of gaining access to other corporate systems via connected vehicle systems?

Prof. Dr. Hans-Joachim Hof: In IT and cybersecurity, we often ask the question “Cui bono?”—that is, “Who benefits?” Because there is usually a very specific motive behind attacks.
Many of the attacks we see today have a financial motive. A classic example is car theft. In such cases, attackers attempt to bypass modern remote-key or keyless-go systems in order to steal high-value vehicles.
We had such a case just recently at our university. An attempt was made to steal a vehicle belonging to a professor. However, thanks to effective video surveillance, the perpetrator was identified.

Can a hacker gain access to a company through the vehicle or the data processed within it?

Prof. Dr. Hans-Joachim Hof: In most cases, there is no direct path from the vehicle to the company’s network. While modern vehicles do have connected telematics systems, these are often operated by third-party providers and communicate with the respective backend systems via their own cellular connections.
The relevant data is generally not stored permanently in the vehicle but is processed and retained in the manufacturers’ or service providers’ backend systems.

So it’s not like a cell phone, which could potentially be used to gain access to other systems; the systems in the vehicle are generally more heavily protected and appropriately isolated?

Prof. Dr. Hans-Joachim Hof: In addition, the backend systems usually belong to the vehicle manufacturers—the so-called OEMs—and are connected to their infrastructure.
We see this in everyday life as well: For example, if you’re participating in a Teams meeting while in the car, you usually connect your smartphone to the vehicle. The car primarily functions as a speaker and hands-free device. The actual data connection is established via the smartphone and not via the vehicle itself.

"Future Threat: Autonomous vehicles are hacked and drive themselves to the vehicle thief. This creates a new use case in the field of cybersecurity that should not be underestimated."

Prof. Dr.-Ing. Hans-Joachim Hof
Vice President, Ingolstadt University of Technology

Okay, so does that mean the risks right now might not be as great as the scenario described at the beginning suggests?

Prof. Dr. Hans-Joachim Hof: It’s not quite that simple. One current and very concrete risk, for example, is car theft. Modern vehicles offer new vulnerabilities in this regard, such as keyless entry systems or digital payment functions at charging stations. Attackers have a direct financial interest here.
In addition, there are so-called hybrid threats. Although these are currently less common, they are becoming increasingly significant. They involve the possibility of hostile states using attacks on vehicles or vehicle fleets to exert targeted influence on transportation, logistics, or other critical infrastructure.
These attacks are not easy to carry out, but recent studies also show that the number of vehicles affected by cyberattacks is rising. While attacks used to frequently target individual vehicles, they are now increasingly directed at entire vehicle fleets. Against the backdrop of hybrid threats—such as those we are observing from Russia, for example—this is a scenario that we, as security experts, must address.
A vivid example of this is depicted in the film “Leave the World Behind,” starring Julia Roberts. In the film, vehicles are hijacked and deliberately deployed to paralyze transportation infrastructure. Although such scenarios are fictional, they illustrate possible developments that become conceivable with the increasing connectivity of vehicles.
Furthermore, the continued development of autonomous driving functions gives rise to new attack scenarios. For example, in the future, vehicles could not only become targets of theft but could theoretically even be made to act as thieves themselves. If cars can drive themselves, they can, in principle, also steal themselves. Currently, this is still a distant prospect, but it illustrates the new challenges that future mobility may bring.

What does this mean specifically for companies? Should fleet operators take measures today to better protect themselves against such risks?

Prof. Dr. Hans-Joachim Hof: This is indeed a challenge in automotive cybersecurity. After all, the ability to take proactive measures lies primarily with the vehicle manufacturers. Companies have only limited options for directly enhancing the IT security of their vehicles.
Unlike with a laptop, for example, it’s not possible to install additional virus scanners or firewalls. The scope for intervening in vehicle systems is limited.
The only concrete tip I can offer here concerns vehicle keys. Keyless-Go keys or similar cards should, if possible, not be kept directly in the entryway, but rather in a metal box or a so-called Faraday cage, for example.
The rationale behind this is an attack scenario in which attackers extend the radio connection between the key and the vehicle. Simply put, the attacker establishes a connection to both the key and the vehicle, relays the signals, and can thereby unlock the vehicle parked in front of the house. That would be the most important practical tip I would offer here.

I believe very few companies consider this attack scenario in their day-to-day operations. In that regard, thank you very much for this practical tip.

Prof. Dr. Hans-Joachim Hof: In fact, this is one of the most common attack scenarios. Keyless-go systems are repeatedly exploited for thefts, especially in high-end vehicles. Such cases are regularly reported, particularly in major cities like Berlin.
What’s interesting is that this attack method is still largely unknown to the general public, even though it has been in use for years.

You just mentioned that the biggest challenges lie not so much with the companies that use vehicles, but rather with the manufacturers. Where do you currently see the biggest blind spots there? Do they lie more in the technology, in the processes, or in the responsibilities?

Prof. Dr. Hans-Joachim Hof: The automotive industry is currently undergoing a fundamental transformation in the area of cybersecurity. A key driver of this is the UNECE R 155 standard, which requires vehicle manufacturers to establish a cybersecurity management system. Although the relevant processes have now been implemented in many places, it will still take about ten years for them to interlock efficiently and effectively.
In my opinion, it will take about ten more years before these processes are truly up and running, efficient, and fully effective. We’ve already seen a similar development in traditional IT. There, too, it took about ten years for the relevant processes to function really well.
Perhaps a little anecdote on this: I hold a research professorship in automotive cybersecurity and gave my inaugural lecture in 2016 at a major event in Ingolstadt. At that time, automotive cybersecurity was still a relatively new topic. The title of my lecture was: “You are not that special.”
The background was that I had already worked in many different areas of cybersecurity, such as power grids and industrial communication. Time and again, I heard the same argument: Standard solutions—some of which have been around for decades—could not be adopted because their specific field was, after all, something very special.
In my presentation, I therefore used various examples to show what kind of erroneous conclusions can result from this mindset, for instance in industrial communications or power grids.
Based on these experiences, I identified the mistakes that should be avoided at all costs. The only embarrassing part was this: Immediately before my presentation, a representative from an OEM had spoken and, while presenting his company’s strategy, had listed precisely the points I was about to warn against. At that point, I had no way to respond.
My most important advice, therefore, is to look at which solutions are already being successfully implemented in other fields. You shouldn’t just look at traditional IT, but also at how cybersecurity is implemented in power grids, industrial communication, mobile communications, or rail transport.
However, this requires a willingness to take in such experiences and apply them to your own requirements. And you need the right specialists. Cybersecurity is a highly specialized field. It’s not enough to simply reassign existing development roles. What’s needed are experts who understand both cybersecurity and the unique characteristics of vehicles.

Is the shortage of skilled workers making itself felt here?

Prof. Dr. Hans-Joachim Hof: On the one hand, the shortage of skilled workers is evident here; on the other hand, so is the high level of specialization in this field. Accordingly, there are so far only a few degree programs that specifically address these requirements. At the Ingolstadt University of Technology, for example, we offer the degree program in Aviation and Vehicle Informatics, which addresses precisely this intersection.
With the shift from the traditional vehicle to “software on wheels” or “computer on wheels,” the demand for qualified computer scientists is steadily increasing, including in the field of AI.

I’d like to touch on a term I came across while preparing for this discussion: the “Vehicle Security Operations Center,” or VSOC for short. What exactly does this entail?

Prof. Dr. Hans-Joachim Hof: Put simply, the VSOC is an operations center for cybersecurity in the automotive sector. Its task is to monitor vehicles while they’re in operation and detect potential security incidents early on.
This topic is becoming increasingly important for vehicle manufacturers. Under the R155 certification standard, they are required to monitor vehicles for potential cyberattacks even after they have been delivered. Such tasks are often outsourced to specialized providers. We, too, have developed our own VSOC at the Ingolstadt University of Applied Sciences.
You can think of a VSOC as an early-warning system. First, anomalies are detected and evaluated. If an attack is suspected, the relevant events can be investigated in greater detail. The goal is to determine whether a security incident has actually occurred, how it is unfolding, and which systems are affected.
The findings are then fed back to the development teams so that necessary countermeasures can be taken and security updates developed.

But that doesn't directly stop the intrusion, does it?

Prof. Dr. Hans-Joachim Hof: That depends on which functions and security mechanisms are available in the vehicle. If, for example, it’s possible to block certain network communications, rules can be configured to prevent suspicious connections. Another option is to selectively restrict individual services.
The key factor here is reaction speed. The VSOC concept we developed was based on a combination of automated decisions within the vehicle and centralized monitoring. The vehicle could react on its own within seconds, while the VSOC, with human support, typically operates on a timescale of minutes to hours.
Both levels complement each other. For example, the VSOC can decide to restrict certain functions as a precautionary measure. Thus, a driver assistance system that supports close-formation driving in a convoy could be temporarily deactivated if the situation is classified as a safety risk.

This means that such measures ultimately protect not only the systems but also the people in the vehicle.

Prof. Dr. Hans-Joachim Hof: Exactly. Ultimately, that is the most important protection goal in automotive cybersecurity: the safety of drivers, pedestrians, and other road users. The goal is to identify risks early on and prevent cyberattacks from endangering people’s safety.

In your view, is AI a real game-changer for automotive cybersecurity, or does it primarily create new risks?

Prof. Dr. Hans-Joachim Hof: For me as a user, artificial intelligence is, first and foremost, a real game-changer. For example, I enjoy using the voice assistant in my vehicle and interact with the system regularly.
Basically, two types of AI systems play an important role here. On the one hand, there are personal assistants that communicate with drivers. This raises the question of which functions these systems are allowed to access and how to prevent them from being influenced by manipulated inputs. At a conference, for example, it was demonstrated how voice assistants can be influenced by targeted vibrations of a vehicle’s window. While such attacks are relatively rare, they highlight the challenges associated with voice-controlled systems.
On the other hand, AI systems are increasingly being used for environmental recognition and in the field of autonomous driving. They process large amounts of sensor data and make decisions based on it. It is therefore crucial to protect these systems from manipulation or attempts at deception.
The manipulation of traffic signs is often cited as a classic example. In such cases, stickers or other physical alterations could cause an AI system to misinterpret a sign. In practice, such attacks are currently still difficult to carry out, particularly because vehicles continuously monitor their surroundings from various perspectives. Nevertheless, this example shows that as automation increases, new attack scenarios can also emerge.
Many of these risks are still largely a thing of the future. However, they illustrate that securing AI systems will be a central task for the mobility of the future.

Cybersecurity not only creates new challenges but also new business opportunities. Where do you currently see the greatest opportunities?

Prof. Dr. Hans-Joachim Hof: We currently see a high demand for specialized expertise in the area of testing. Vehicles must be thoroughly tested—both during development and during certification by organizations such as TÜV, DEKRA, or KÜS. Security and penetration tests, in particular, are becoming increasingly important.
Since comprehensive testing on actual vehicles is often only possible in late stages of development, this simultaneously creates significant opportunities for companies with expertise in digital twins—that is, virtual replicas of a vehicle. Such virtual vehicle models can also be used to conduct security tests. There are certainly many use cases here.
In addition, the demand for concrete security solutions for vehicles is growing. These include, for example, firewalls, intrusion detection systems, or specialized hardware components to support cybersecurity.
For new market entrants, however, breaking into this sector is not always easy. Security solutions require a high degree of trust on the part of vehicle manufacturers. Opportunities therefore arise in particular for companies that already have experience in other areas of cybersecurity. One example would be manufacturers of hardware security modules for smartphones who adapt their technologies to meet the specific requirements of the automotive sector.
Smartphones are a good example. Anyone who has ever gone skiing in cold temperatures is familiar with the problem: battery performance drops, and the device responds much more slowly. The reason is that smartphones are not designed for extreme temperature ranges.
The situation is different for vehicles. They must function reliably under a wide variety of conditions—they operate in places ranging from the Sahara to Siberia. In addition, there are areas inside the vehicle—such as near the battery or in the engine compartment—where significantly higher temperatures can occur. Accordingly, safety-critical components must also be designed for much more demanding environmental conditions.

In that respect, automakers do have a point when they say that their requirements are unique.

Prof. Dr. Hans-Joachim Hof: The requirements are indeed specific. I have never claimed that they are not. In cybersecurity itself, many fundamental concepts often evolve over long periods of time. Topics such as post-quantum cryptography were already being discussed during my undergraduate studies.
What makes cybersecurity particularly fascinating are the specific contextual conditions. This is precisely where, for example, vehicles, trains, and other technical systems differ from one another. The fundamental security principles often remain similar, but their implementation must be adapted to the specific requirements of the respective application area.
Anyone who wants to succeed in this field must have a very thorough understanding of these conditions and the unique characteristics of their respective industry.

Nevertheless, it’s worth looking beyond one’s own industry. Many solutions and experiences already exist in other fields. The challenge lies in applying these approaches to one’s own requirements and adapting them appropriately.

Prof. Dr. Hans-Joachim Hof: About ten years ago, I founded the Cybersecurity and Cars Symposium in Munich at Werk 1. The goal was to bring together cybersecurity experts with professionals from the automotive industry. At the same time, the aim was to facilitate dialogue among researchers in the fields of artificial intelligence and autonomous driving.
This exchange was extremely exciting and demonstrated how important it is to understand the specific conditions of the automotive industry. It is precisely these unique characteristics that determine how security solutions can be developed and implemented in vehicles.
That’s why, for me, automotive cybersecurity is one thing above all else: applied research. The fundamental concepts are often well-known; the challenge lies in successfully implementing them under the specific conditions of the automotive environment.

Back then, one of the biggest challenges was probably the language barrier, wasn’t it?

Prof. Dr. Hans-Joachim Hof: Yes, exactly. The goal was to bring together different disciplines. Back then, the idea that computer science was also needed for these topics was still relatively new.
The first conference actually drew over 100 participants. I organized it together with a colleague from BMW. We already had strong networks back then to bring the various stakeholders together.
The conference still exists today. It has since become part of an international cybersecurity conference. In that regard, we’ve certainly risen to the top.

What guidelines and regulations should companies in the automotive and mobility sectors be paying particular attention to right now?

Prof. Dr. Hans-Joachim Hof: A key regulatory requirement is UNECE R 155, which I’ve already mentioned. It requires vehicle manufacturers to implement a cybersecurity management system and defines basic requirements for handling cybersecurity.
It is particularly important that cybersecurity be considered throughout the entire life cycle of a vehicle. Responsibility therefore does not end with the delivery of the vehicle, but continues for as long as vehicles of that type are on the road.

If I understand you correctly, this requirement is primarily aimed at vehicle manufacturers. Are there comparable regulatory requirements for users as well?

Prof. Dr. Hans-Joachim Hof: No, there are generally no direct regulatory requirements here. However, the issue becomes relevant when companies modify vehicles.
This applies, for example, to the conversion of trailers into refrigerated trailers for trucks or to small and medium-sized businesses that make vehicles accessible for people with disabilities. As soon as electronic components or additional control units are integrated, the relevant requirements of UN R155 must be taken into account.
Purely mechanical modifications, on the other hand, are generally not subject to these requirements.

In your view, do such regulatory requirements tend to hinder innovation, or can they even promote it?

Prof. Dr. Hans-Joachim Hof: In my view, UNECE R 155 was urgently needed. The challenges surrounding cybersecurity in vehicles had been known for many years. A defining example was the so-called “Jeep hack,” which demonstrated that a vehicle could be remotely compromised. To this day, this incident is considered a major wake-up call for the industry.
Until then, the focus had primarily been on individual functions, such as immobilizers or electronic door locks. The issue was always viewed in very narrow terms. Cybersecurity, however, is not an isolated aspect but a system-wide characteristic. That is why it must be viewed holistically.
This is precisely where UNECE R 155 comes in. The requirements are very specific and leave the automotive industry little leeway. For example, the standard includes an appendix with attack scenarios that must be taken into account in every case. So you can’t simply argue that a particular attack is unrealistic. There is a list of scenarios that must be considered.
That’s why I clearly see regulation in this case as a driver of innovation. After all, it’s not just about the safety of individual vehicles, but also about protecting people, society, and critical supply chains.

Ultimately, this also creates new opportunities for companies.

Prof. Dr. Hans-Joachim Hof: Exactly. The key is collaboration among the various stakeholders. Companies should not be left to deal with these requirements on their own. This makes platforms that pool knowledge, promote the exchange of experiences, and bring the right partners together all the more important.
That’s why I consider organizations like Bayern Innovativ to be very valuable. We’ve held several joint events at the Ingolstadt University of Technology in the past and were able to establish numerous interesting contacts in the process. Such networks make an important contribution to advancing innovation and new collaborations.

When you think about the next ten years: In your opinion, which threats or attack scenarios are still underestimated today but could become significantly more important in the future?

Prof. Dr. Hans-Joachim Hof: Hybrid threats are the ones that particularly worry me right now. They will continue to evolve just as the technologies used in vehicles do.
One example of this is the so-called “plug-and-charge” process for electric vehicles. In this process, authentication and billing are handled automatically by the vehicle. This gives rise to new digital processes that also involve the processing of sensitive billing information. Where economically relevant data exists, new opportunities for attacks and fraud scenarios typically arise as well.
The second system that is likely to face more attacks in the future is autonomous driving. The more these technologies spread and the greater their economic value becomes, the more attractive they will be to potential attackers.
It’s important to remember that many attacks today are no longer carried out by hobbyist hackers. Most attackers pursue a specific goal, often of a financial nature, but in some cases also with state-sponsored motives. Accordingly, attack scenarios are increasingly aligned with the business models and technologies of the future.

To conclude, let’s think in terms of solutions once more: What technical and organizational changes are needed to make the increasingly software-defined vehicles of the future more resilient to cyberattacks?

Prof. Dr. Hans-Joachim Hof: In terms of processes, we’re on the right track. You have to have the processes in place. Now we need to go through three or four more iterations to further improve these processes so that, in the end, we achieve the best possible level of protection. But I think our industry is on the right track in this area.
From a technical standpoint, it would be great if the platform concept were to take hold in cybersecurity as well. After all, cybersecurity is essentially a systemic aspect—a quality aspect—of an overall system. That means we need this overarching perspective.
This works best with a platform strategy where we say: We have a toolkit for a platform from which we can draw standardized security mechanisms. For example, in Ingolstadt, we developed CARIAD for the entire Volkswagen Group in the software sector. It would be great if a security toolkit for the entire Volkswagen Group could also be developed there. Then there would be enough vehicles affected for the effort to be worthwhile, and at the same time, a large number of vehicles would be protected.
The major advantage is that the platform concept—or the modular principle—is already well-established in the automotive industry. So far, this has mainly been at the mechanical level, but the principle is well-established. That’s why, in my view, it can be put to very good use in cybersecurity as well.
And then, of course, I hope that vehicles will become just as secure as my cell phone. That means they’ll have strong hardware-based protection. Developing such chips isn’t exactly easy, but there are certainly ways to do it.
And finally, the quantum computer isn’t far off either. This means we’re facing many new cybersecurity threats. We already know today that these challenges are coming. Future-proof systems must therefore be protected today—that is, they must incorporate post-quantum cryptography or at least have the ability to be updated accordingly later on.
Otherwise, we’ll be starting all over again. And that’s exactly where the problem lies: Computers in vehicles are typically designed with very tight specifications. They have exactly as much computing capacity as they need—and no more.
Other industries have already made this mistake. One example is router manufacturers. When Wi-Fi was still brand-new, the chips in many routers were designed with such limited capacity that the security mechanisms barely functioned. When, shortly thereafter, the security algorithm in use was cracked and had to be replaced with a better one, it could no longer be installed on many devices.
The result was that users had bought devices they essentially would have had to replace immediately. Since, of course, hardly anyone does that, workarounds were implemented, which in turn were hacked relatively quickly.
For a router costing 300 euros, that might still be acceptable. But for a 60,000-euro car, that’s not an option. That’s why the necessary computing power must be designed from the outset to ensure that security mechanisms will still function in ten or twenty years.
As I mentioned earlier, the new registration regulations require that security be guaranteed throughout a vehicle’s entire lifespan. And after all, we have vehicles on the road that are several decades old.

Can the Free State of Bavaria play a similar role in the field of automotive cybersecurity in the future as it has in traditional automotive engineering? And if so, how?

Prof. Dr. Hans-Joachim Hof: The great thing is: We actually already have everything we need in Bavaria. Bavaria has laid the groundwork very well in this area. We have strong cybersecurity networks. Take the Munich Security Network, for example—if I recall correctly, around 100 companies are represented there, spanning a wide variety of sectors. That means if you’re an automaker looking for a partner, you’re very likely to find one there.
We have large companies like Rohde & Schwarz and Giesecke+Devrient, as well as an incredible number of innovative small and medium-sized enterprises. Furthermore, the scene isn’t limited to Munich. Regensburg, for example, also has a very strong cluster in this field.
We’re very well positioned in Bavaria in both cybersecurity and the automotive sector. We have the right resources. We have two OEMs in Bavaria—one in Munich and one in Ingolstadt. Ingolstadt is also home to the Volkswagen Group’s software development division. So we’re in a very strong position here as well.
On top of that, we’re incredibly well-connected in Bavaria. Bayern Innovativ is a great example of this. It features both a mobility platform and a cybersecurity platform. The universities are also very well connected with one another. At our university, for example, we’ve established the AI Mobility Hub and collaborate there with many other universities.
Furthermore, there are Bavarian funding programs that support applied research. Applied research is particularly interesting in the automotive sector because the vehicle system is already very well understood.
These funding programs have also helped bridge periods when federal funding for the automotive sector was less robust or when, following changes in government, new calls for proposals were only made available after a delay.
In fact, I see the greatest danger in the absence of funding programs over a period of several years. Universities of applied sciences, in particular, conduct intensive research in this area. However, they do not have adequate base funding for research; instead, they finance many positions through projects. If no funding is available for three to five years, a great deal of expertise will inevitably be lost. In my view, this is something we absolutely must prevent.

I gather that Bavaria already has very good conditions in the field of automotive cybersecurity and is in a strong position compared to the rest of Germany.

Prof. Dr. Hans-Joachim Hof: Yes, we took a closer look at this recently because we applied to establish an automotive cybersecurity cluster. It turns out that there are also strong structures in other regions of Germany—for example, in Wolfsburg in northern Germany or in Stuttgart in southern Germany. Of course, the major suppliers also play an important role there. I hadn’t even mentioned them yet. Companies like Continental are also key players here.
Overall, I see three major hubs for automotive development in Germany: one in the north and two in southern Germany. The southern German locations are very well connected with one another. And here in Ingolstadt, thanks to our connection to the Volkswagen Group, we also have close ties to the northern German region.
That’s why I’d say: The starting conditions we have here could hardly be better.

Which research gap in the field of automotive cybersecurity would you personally like to close the fastest?

Prof. Dr. Hans-Joachim Hof: I often focus on what I call the “forgotten systems.” These are systems that are deeply embedded within the vehicle but have a significant impact on cybersecurity. A current example is battery management systems. They control a vehicle’s battery. On the one hand, the battery is a valuable asset; on the other hand, it’s also critical to safety because, in extreme cases, it can catch fire. That’s why we need to examine these systems very closely.
This hasn’t been done very often so far because they’re difficult to access and, in real-world operation, are always connected to high-voltage technology. This creates additional challenges. My focus is therefore on investigating such systems and their connection to the outside world—in other words, the entire charging ecosystem. We have established a research focus in this area and are actively involved in five or six European research projects. The relevant expertise is very rare in Europe—or rather, it exists only twice in Germany. At this point, I should also mention my colleague Christoph Kraus.
A second topic we’re working on intensively is the question of how to assess which threats are actually relevant to a vehicle. This involves the TARA methodology—that is, Threat Analysis and Risk Assessment. We have found that the results of such analyses can depend heavily on who conducts them. For example, there are differences in risk assessment depending on educational background, as well as other forms of bias. That is why we are exploring how these processes can be made more objective without sacrificing their efficiency. This is important because these analyses play a central role in both identifying risks and approving vehicles for use.
The third topic has been a focus of mine since 2016: the so-called Hackbot. This is a system that automatically analyzes or attacks vehicles. Initially, we used more traditional AI methods for this, which have the advantage of producing reproducible results. These methods were applied in areas such as vehicle forensics. For example, the focus was on determining whether a vehicle had been properly broken in or whether certain damages were caused by usage patterns.
Today, we are increasingly focusing on issues related to driver assistance systems and automated driving functions. This involves, for example, investigating whether an autopilot contributed to an accident or whether the driver ignored certain system warnings. Such analyses were the starting point for our work. We now also use large language models for this purpose to further automate safety analyses and security tests.

And I gather that, in addition to technical questions, you’re also driven by some very personal research topics.

Prof. Dr. Hans-Joachim Hof: Yes, personal interests and research focuses certainly play a role here as well. Anyone interested in this can find quite a bit about it in our publications.
We also recently opened the Vehicle Forensics Innovation Center. There, we’re exploring how digital accidents can be investigated more effectively. There’s a great need for this in Germany. To this day, accident analysis is often still conducted in a very analog manner—based on skid marks, vehicle deformations, or aerial photographs of the accident scene.
We, on the other hand, are asking what additional information can be extracted from the vehicles themselves—and not just from the infotainment system. For example, airbag systems store a wealth of information at the moment of an accident that can be analyzed accordingly.
In the future, the analysis of autopilot systems will also play an increasingly important role. The question will often be whether or not there was a systemic error in the system. With Tesla, for example, it is known that there are certain locations where vehicles repeatedly perform unexpected emergency stops because a situation is misinterpreted. Being able to identify and document such phenomena may later become relevant in court, for example, in claims for damages.
To do this, we need to build up the necessary expertise, and that is exactly what we are currently working on. What’s particularly exciting is that we’re comparing different approaches. Two research assistants are working on modern methods of artificial intelligence, while another colleague is investigating these issues using traditional methods. In addition, a visiting researcher from Mexico will support us by contributing mathematical methods.
We then plan to compare the various approaches and, in particular, examine how transparent and robust the results are. Especially when such analyses are later to serve as the basis for expert opinions in court, evidentiary value and transparency are of central importance.

So I’m already realizing: Cybersecurity is an incredibly broad field. Thank you very much, Prof. Dr. Hof, for the interview. It was very insightful and demonstrated that cybersecurity in vehicles is no longer a marginal issue. It has become a central component of modern mobility—from connected vehicles and autonomous driving functions to new digital business models.

Prof. Dr. Hans-Joachim Hof: I’d also like to thank you for inviting me to this interesting conversation. And I’d like to take this opportunity to express my sincere gratitude to Bayern Innovativ. When I was appointed to the Technical University of Ingolstadt, I knew very few people in Bavaria. At that time, Bayern Innovativ helped me greatly in building a network and getting to know the relevant stakeholders.
Through the events and networking opportunities, I’ve made many exciting connections and met partners with whom I’ve since collaborated on numerous joint projects. Such networks are invaluable, especially for people who are new to a field or a region.

The interview was conducted by Barbara Groll, Media Relations, Bayern Innovativ GmbH, Nuremberg.

Listen to the full interview as a podcast:

Audio file length: 00:36:52 (hh:mm:ss)

Your Contact

Jennifer Reinz-Zettler
+49 911 20671-216
Head of Innovation network Mobility, Bayern Innovativ GmbH, Nuremberg
Bianca Sum
Innovation network Digitization, Project Manager, Bayern Innovativ GmbH, Munich
Barbara Groll
Barbara Groll
+49 911 20671-247
Press, Bayern Innovativ GmbH, Nürnberg