Cybersecurity veteran Camellia Chan argues that you need to think of hardware as well as software when defending autonomous devices.
When once autonomous vehicles were merely the stuff of comic book fantasy, they’re now fully here and changing the way we move.
From self-driving cars weaving through bustling city streets to doorstep deliveries and drones supplying life-saving medical supplies, autonomous systems are becoming prominent across industries and daily life.
So, it’s with little surprise the combined market for autonomous vehicles across land, air and sea was valued at $62bn in 2022, with huge growth ahead.
However, it’s not all positive. Autonomous vehicles are also becoming targets for those on the dark side of the law.
As AI-powered mobility and opportunities expand, so does the risk of cyberthreats that could compromise not just autonomous vehicles’ operational integrity, but public safety and privacy.
Lessons from the real world
Software vulnerabilities are a universal challenge, and the types of threats are vast. From malware injection to the exploitation of unpatched systems, hackers have the potential to undermine the core algorithms that drive autonomy by seizing control or bringing operations to a halt. This risk is heightened by the interconnected design of these technologies, where just one breach can ripple across multiple vehicles or entire networks.
The impact? Vast disruption to operations, compromising safety and causing reputational havoc for innovators.
The urgency to address these challenges can be seen in an array of real-world incidents.
In 2015, two security researchers exploited software vulnerabilities of a Tesla Model S by remotely accessing and controlling its various functions, including the infotainment system. The researchers were able to shut off the car and force it to stop. Although Tesla quickly addressed the issues with over-the-air (OTA) updates, just four years later, the company was faced with another form of attack.
Regulus Cyber tested the Tesla Model 3, deceiving its navigation system through GPS spoofing. This is where attackers feed false signals to disrupt navigation, which can misdirect self-driving cars, drones or ships, causing all kinds of disruptions from accidents, delays or loss of valuable cargo. In Tesla’s case, this caused the vehicle to exit a highway unexpectedly, highlighting the risks of over-the-air attacks on navigation systems.
You’d hope that a decade on, such incidents would be a thing of the past. Yet in 2025, we’ve seen Waymo’s driverless taxis making headlines by putting heads in a spin. While in late 2024, GM axed its robotaxi project Cruise after a number of controversial accidents.
Technical issues, whether malicious or not, continue to undermine trust in autonomy.
These incidents are a wake-up call for the industry. As autonomous tech become more prevalent, ensuring cyber resilience isn’t optional – it’s fundamental to protecting public trust, operational continuity and innovation at scale.
Beyond software
Autonomous vehicles gather and transmit vast amounts of data, and their built-in self-awareness means they hold sensitive information such as passenger activity, location, routines and habits. This is made possible through a network of IoT devices, each representing a potential entry point for hackers and a way to get the access they need to infiltrate further.
In addition to the vehicles themselves, hardware, data centres and cloud servers that store user information are attractive targets for cyberattacks. The threat, therefore, is huge.
While software is often the first line of defence for protecting autonomous systems, it shouldn’t be the only one to rely on.
Unlike software, which still relies on human decision-making to operate, hardware-based protection is more like a secure, impenetrable vault built into the physical components of a system, near impossible to break and always one step ahead of the enemy. Its self-contained nature ensures it can continue to function and safeguard critical data even when other layers of security are breached.
Think of it like a digital lockbox inside the vehicle’s brain, monitoring anomalies at the source. For example, embedded sensors in hardware can identify attempts to access sensitive data and immediately lock down the system to prevent corruption.
When combined with intelligent AI that can spot unusual patterns and self-correct, hardware security enables real-time threat detection, isolation and response before the damage is done.
In the event of a threat every millisecond counts, which is why relying on software patches alone is like putting a plaster on a broken shield. It’s this dynamic pairing of AI-driven insight and tamper-proof hardware that offers a truly resilient security architecture.
Security by design
Moving forward, the autonomous industry must rally behind a shared mission: security by design.
Cybersecurity solutions should be dynamic, allowing them to respond to a variety of threats, and their implementation must be non-negotiable. Critically, a robust cybersecurity posture combines both hardware and software solutions.
In this setup, security isn’t stitched on, it’s embedded at every level. It means peace of mind that the future of autonomy is being built with security at its heart.
By Camellia Chan
Camellia Chan is the founder and CEO of Flexxon and X-Phy, two cybersecurity hardware companies. She has more than two decades of industry experience with a passion for innovation and entrepreneurship.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
