Connected Cars, Unsecured Roads: India's 10 Million Vehicle Security Blind Spot

India's automotive sector is undergoing a digital transformation of unprecedented scale. With projections indicating that the country will host over 10 million connected vehicles on its roads by 2028, the convergence of automotive engineering and cybersecurity has never been more critical. Yet, as the industry accelerates toward this connected future, a significant blind spot remains: the security of the vehicles themselves.

This week, HackersEra, a cybersecurity firm specializing in automotive IoT, launched its Vehicle Security Operations Centre (VSOC), a dedicated facility designed to monitor, detect, and respond to cyber threats targeting connected vehicles. The VSOC aims to provide real-time threat intelligence, incident response, and vulnerability management for automakers, fleet operators, and aftermarket device manufacturers. The launch underscores a growing recognition that connected cars are not just vehicles—they are complex networks of sensors, controllers, and communication systems that can be exploited.

The timing is strategic. India's connected car market is expected to grow at a compound annual growth rate (CAGR) of over 20% through the end of the decade, driven by increasing consumer demand for infotainment, telematics, and advanced driver-assistance systems (ADAS). However, with this growth comes an expanded attack surface. Each connected vehicle is essentially a mobile IoT device, equipped with dozens of electronic control units (ECUs), cellular modems, Bluetooth and Wi-Fi interfaces, and often, cloud-based backend services.

One of the most overlooked vulnerabilities in this ecosystem is the subscription-based feature model. Automakers increasingly offer features—such as remote start, navigation, and even performance upgrades—as paid subscriptions. When a subscription expires, the feature is deactivated, often through a software command sent over the air. This process, while convenient for revenue models, introduces a potential attack vector. If an attacker can intercept or spoof these deactivation commands, they could disable critical safety features or, conversely, enable unauthorized access to vehicle systems.

Apple's recent iOS 26.4 update, which added two new features to CarPlay, highlights the trend. While CarPlay itself is not a direct vehicle control system, its integration with vehicle infotainment units creates a bridge between the smartphone ecosystem and the car's internal network. As CarPlay evolves to support more vehicle functions, including climate control and instrument cluster displays, the security of these integrations becomes paramount. A compromised CarPlay session could potentially be used as a foothold to attack other vehicle systems.

For cybersecurity professionals, the implications are clear. The automotive sector is no longer just about mechanical safety; it is a critical infrastructure domain that demands the same level of security rigor as power grids or financial networks. The VSOC model, already common in enterprise IT and industrial control systems, must now be adapted for the unique challenges of automotive environments: high mobility, limited compute resources, and the need for real-time response.

HackersEra's VSOC is designed to address these challenges. It aggregates telemetry data from vehicles, analyzes it for anomalies, and provides actionable intelligence to automakers and fleet operators. The center also offers forensic analysis capabilities, enabling investigators to reconstruct attack timelines and identify root causes. For aftermarket device manufacturers, the VSOC provides a standardized security assessment framework, helping to ensure that third-party components meet minimum security requirements.

The broader ecosystem, however, still faces significant hurdles. Many automakers lack dedicated cybersecurity teams, and the supply chain for automotive components is notoriously opaque. A single compromised ECU or telematics unit can expose millions of vehicles to risk. Moreover, the regulatory landscape in India is still evolving. While the government has introduced guidelines for connected vehicle security, enforcement remains inconsistent.

For the global cybersecurity community, India's connected car boom serves as a bellwether. If the country can successfully implement robust security measures for its 10 million connected vehicles, it could set a precedent for other emerging markets. Conversely, a major security incident could undermine consumer trust and slow adoption worldwide.

HackersEra's VSOC launch is a step in the right direction, but it is not a silver bullet. The industry needs a multi-layered approach: secure-by-design principles, regular software updates, incident response plans, and cross-sector collaboration. As one analyst put it, 'The road to 10 million connected vehicles must be paved with security, not just asphalt.'

For now, the focus is on awareness. Automakers, fleet operators, and consumers must recognize that connected cars are not immune to cyber threats. The question is not if an attack will happen, but when—and whether the industry will be ready.