Max Cheng, Chief Executive Officer With a laser-sharp focus on automotive cybersecurity, VicOne is the go-to provider for organizations that demand top-of-the-line solutions that deliver robust and future-proof cybersecurity. Backed by Trend Micro arsenal of threat research and vulnerability detection capabilities, VicOne is well-equipped to take on the cybersecurity challenges of today and tomorrow.
The Prevailing Issue
According to Max Cheng, CEO of VicOne, the increasing complexity and interconnectedness of modern vehicles have made the automotive industry more vulnerable to cyber-attacks than ever before. Consequently, all stakeholders in the industry should be focused on identifying and proactively addressing potential cybersecurity issues. However, original equipment manufacturers (OEMs) and Tier 1 suppliers face significant challenges in enhancing cybersecurity.
#1: Intricate Automotive Supply Chain
The first challenge relates to the intricate automotive supply chain, which poses a rugged terrain to navigate when it comes to cybersecurity. The average vehicle includes dozens of ECUs from multiple suppliers, and a single modern luxury vehicle can integrate as many as 150 ECUs and over a hundred million lines of code. With the involvement of more and more automotive stakeholders and suppliers, it also presents ample opportunities for malicious actors to exploit weak links in the supply chain.
Early last year, for example, Toyota had to shut down production because of a cyberattack on one of its suppliers. Incidents involving the deployment of malicious code in corporate monitoring and management software are also becoming more common. Since the negative impact of attacks is lost productivity, this not only highlights the importance of vulnerability management across the automotive supply chain but also forces OEMs and suppliers to pay attention to the importance of early detection of advanced attacks such as ransomware or malicious code injection.
#2: Ever-Evolving Cyber Threats
The second challenge pertains to customers who must remain vigilant against ever-evolving cyber threats as car manufacturers seek to enhance the user experience. "Connecting everything" technology can deliver a more personalized driving experience to meet the specific preferences of individual drivers. However, it also significantly expands the attack surface of a vehicle from telematics systems, Wi-Fi, Bluetooth, ultra-wideband (UWB), on-board diagnostics (OBD-II), GPS, cell phones, and even charging stations, making it harder to defend.
As connected cars accumulate vast amounts of valuable data, such as personal information and driving history, malicious actors can misuse this data for financial gain and potentially use it to launch cyberattacks that compromise the vehicle and its driver. As such, Attack Surface Risk Management presents a new frontier for the automotive industry to rethink cybersecurity. It enables OEMs to think from a hacker's perspective and gain centralized visibility over complex vehicle ecosystems. It facilitates continuous hunting, detection, investigation, and response to threats in a single platform.
Fueled by Innovation
VicOne partners with OEMs and Tier 1 suppliers to support them in implementing an effective cybersecurity strategy and eases the burden of addressing the above challenges through its innovative solutions, making VicOne a reliable partner.
"If there's one thing that automotive stakeholders have in common, it's their shared goal to safeguard their vehicle, including its brand and the values it represents, from potential cyber-attacks. VicOne is fully committed to achieving this for a future-ready automotive cybersecurity landscape," said Max Cheng, CEO of VicOne.
“As the automotive industry becomes more connected, software-oriented, and personalized, the door becomes wider for attackers and the pressure becomes greater on OEMs and Tier 1 suppliers to rethink their own cybersecurity capabilities."
Vehicle Protection Across Complex Supply Chain
According to Max, VicOne solutions ensure product quality and safety in the automotive supply chain. These solutions help identify potential risks, including known and undisclosed vulnerabilities, malware, and backdoor attacks. With xZETA, VicOne's cloud-based security management tool, vehicle software is scanned to identify vulnerabilities and analyze malicious behavior to mitigate any potential risks. Unlike other similar solutions that only collect public vulnerability information, VicOne's xZETA can detect not only possible malicious code injection but also provide zero-day vulnerability and non-public vulnerability threat intelligence. xZETA allows OEMs to scan a vendor's firmware at multiple levels, reducing the attack surface.
If There's one Thing that Automotive Stakeholders have in Common, It's their Shared Goal to Safeguard their Vehicle, Including its Brand and the Values it Represents, From Potential Cyber-Attacks. Vicone is Fully Committed to Achieving this for a Future-Ready Automotive Cybersecurity Landscape
In addition, equipped with xCarbon, an intrusion detection and prevention system (IDPS) for ECUs, VicOne not only provides frictionless and superior detection and protection in vehicles but also can provide virtual patches and other effective post-production mitigations. In contrast to conventional IDPS solutions, VicOne's xCarbon distinguishes itself with its innovative "virtual patching" feature, which delivers timely vulnerability patches to reduce risks. This feature allows VicOne to grant clients an additional 102 days to work on their vendor patches or devise a mitigation strategy. Such a capability is crucial for automotive OEMs to respond promptly to potential breaches throughout the vehicle life cycle. Max believes that with these solutions, OEMs and Tier 1 suppliers can confidently demonstrate that they have complied with the requirements set by UN R155, ISO/SAE 21434, and other industry standards and regulations.
Holistic Visibility Over Complex Threats
To go against ever-evolving cyber threats, VicOne provides centralized visibility with actionable intelligence over complex vehicle ecosystems. This enables OEMs to detect threats accurately by analyzing cross-layer data and responding to evolving threats. These solutions help OEMs create a future-oriented UN R155 compliance strategy that not only complies with regulatory requirements but also provide protection for potential future cyberattack.
“As more technological developments arise in the automotive industry, more challenges and situations expose security gaps and risks that cybercriminals are only too eager to exploit,” said Cheng. “It’s imperative, then, for automotive stakeholders to establish a strong cybersecurity foothold from which they can make further progress to protect their connected car ecosystems and deployments from threats. VicOne equips OEMs with the foundation and framework they need to build a future-ready security strategy amid fast-paced developments in the industry.”
VicOne’s xNexus, a cloud-based extended detection and response (XDR) platform, is designed to analyze cross-data for vehicle security operations centers (VSOCs) to help build awareness mechanisms and early warning for incoming attacks.
By combining data from xCarbon and xZETA, xNexus can achieve advanced threat correlation, including high-fidelity telemetry from multiple vehicle endpoints, system events, ADAS-related events, and firmware vulnerability information all consolidated on one platform, providing more context and information for rapid threats investigation.
VicOne’s xNexus is supported by VicOne's unique Automotive Attack Mapping (inspired by MITRE ATT&CK®). This Automotive Attack Mapping is the way to ensure the accuracy of detection engines and generate detection rules and machine models. As a result, VSOC security analysts can identify the root causes of issues across the connected car ecosystem, better understand the attack context across different electronic control units (ECUs), and even detect potential threats before the attack chain is fully executed. This can expedite investigations, enabling analysts to identify system vulnerabilities preemptively.
Cybersecurity Coverage for Complex Ecosystem
To stay ahead of threats, Max further adds that VicOne is expanding its threat intelligence, which aims to provide Automotive Foresight by easily assessing the impact of security incidents on customer vehicles. Be more proactive in uncovering potential threats before the attack chain is complete with our unique Automotive Attack Mapping. Switch from vendor to virtual patching with 102-day average preemptive protection by combining the XDR platform and on-board IDPS.
-
As more technological developments arise in the automotive industry, more challenges and situations expose security gaps and risks that cybercriminals are only too eager to exploit
Supported by over 10,000 independent researchers at ZDI, an extended vulnerability research community spanning over 100 countries, it systematically collects global vulnerabilities 24/7. This provides VicOne with the unparalleled capacity to discover potential zero-day vulnerabilities in the automotive industry and facilitates the promptest resolution upon their discovery. In 2021, ZDI disclosed 64% of zero-day vulnerabilities reported globally.
Cybercrime is the highest risk factor for the automotive industry. VicOne also works with law enforcement agencies like Europol, Interpol, and the FBI to help them detect cybercriminal activities at the earliest phase and turn it into our unique threat intelligence.
The collaborative efforts of OEMs, Tier 1 suppliers, and customers are crucial in mitigating the risks associated with automotive cybersecurity, given the high stakes involved, where the safety and security of drivers and passengers are critical. VicOne's automotive cybersecurity research team has more than three decades of threat research experience, with proven automotive threat intelligence to support large-scale connected car deployment, providing foresight for OEMs and Tier 1 suppliers, and committed to protecting its customers against increasingly complex and sophisticated cyber threats.
Copyright © 2025 AutoTech Outlook. All Rights Reserved | Privacy Policy | White papers | Subscribe | Sitemap | About us | Feedback Policy | Editorial Policy 
DALLAS & TAIPEI, Taiwan --VicOne, an automotive cybersecurity solutions leader, today launched its Smart Cockpit Protection Solutions for automotive original equipment manufacturers (OEMs) to protect their customers’ data privacy.
With the increasing use of in-vehicle infotainment (IVI) systems and car companion applications, cyber attackers can exploit leaked personally identifiable information (PII) to eavesdrop on private, in-car conversations, commit identity theft or even steal customers’ vehicles. Safeguarding personal data is crucial for OEMs to earn car users’ trust and protect their brand image.
VicOne’s new Smart Cockpit Protection Solutions enable OEMs to:
• Maintain positive brand image by enabling customers to safeguard PII and privacy via a downloadable app or preinstallation on IVI systems
• Create new revenue streams by monetizing cybersecurity
• Extend attack-surface visibility from the system level to the application level for future threat detection and response
“Car users are very concerned about the security of their personal data. If OEMs are to capitalize on the significant new revenue opportunities presented by software-enabled services, they must first win the confidence of their car users,” said Max Cheng, chief executive officer of VicOne. “We have developed our modular Smart Cockpit Protection Solutions to provide OEMs with breakthrough capabilities to protect their customers’ data privacy all the way from the IVI systems to their car companion apps.”
According to Gartner Research, cybersecurity is an increasing priority for automakers driven by the growing surface area susceptible to attack. Rapid uptake of connected vehicles across global markets has increased OEMs’ risk of significant brand and financial damage with the growth of updatable vehicle functions controlled by software. Attackers can access and exploit car users’ PII in multiple ways. For example, when they are on the road, car users often use web browsers to perform tasks such as ordering food or checking stock prices. Attackers can leverage browser vulnerabilities and install backdoors into customers’ IVI systems, enabling access to in-car conversations, contacts, pictures and text messages, as well as other sensitive data such as email addresses, bank-account numbers and credit-card details. Attackers also can craft malicious apps in the form of seemingly innocuous apps, to lure OEMs’ customers into installing them on their IVI systems.
Gartner notes that OEMs are increasing their focus on vehicle cybersecurity to both adapt for the new threat landscape and comply with international regulatory pressures such as the United Nations (UN) regulation 155 (R155), which specifies engineering requirements for vehicle cybersecurity and maps closely to the ISO/SAE 21434 standard.
VicOne’s Smart Cockpit Protection Solutions are made up of two products: Smart Cockpit Security App to secure data privacy in IVI systems and Smart Cockpit Mobile SDK (software development kit) to protect OEM car companion apps. Combining with other VicOne cybersecurity solutions conveys to OEMs exceptional multilayered cybersecurity protection, from the system level to the application level and extending attack-surface visibility for future threat detection and response. VicOne’s xCarbon intrusion detection and prevention system (IDPS) secures vehicles’ on-board electronic control units (ECUs), and the company’s xNexus platform delivers extended detection and response (XDR) for vehicle security operations centers (VSOCs).
Together, the VicOne Smart Cockpit Protection Solutions offer OEMs comprehensive capabilities to provide their customers with security for IVI privacy and identity, detection of IVI app vulnerabilities, monitoring of IVI app performance, protection of car companion apps, detection of malicious URLs and 24/7 surveillance of personal data.
VicOne is showcasing its new Smart Cockpit Protection Solutions with a live demonstration during EcoMotion Week 2023 in Tel Aviv, Israel, May 22-24 at Booth 377.