Beyond the Dashboard: Unseen Cybersecurity Vulnerabilities Caused by User Behaviour in Connected and Autonomous Vehicles Systems
archive: archived pipeline: cataloged verified
Get this paper ↗ (DOI — opens at the source; we link to it, we don't host it)
Summary
This paper addresses the overlooked cybersecurity vulnerabilities in Connected and Autonomous Vehicles (CAVs) that stem from routine user behaviors rather than technical system flaws. While existing research focuses on securing hardware, communication protocols, and cryptographic authentication, this study introduces the concept of the “behavior-driven cyber-risk layer.” This layer represents a hidden vulnerability surface created by everyday digital habits, such as ignoring software updates, pairing insecure personal devices, reusing credentials, and oversharing trip data. The authors argue that these behaviors undermine sophisticated security architectures by allowing attackers to exploit predictable user routines to introduce false data, manipulate trust decisions, or gain unauthorized access to vehicle functions. The study employs a structured analysis of how user behaviors interact with CAV security mechanisms, including Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communications. The authors evaluate existing user awareness strategies, demonstrating their ineffectiveness in high-convenience environments where users expect seamless automation and often disregard complex security warnings. To address these gaps, the paper proposes the Behavior-Driven Cyber Risk Layer (BDCRL) framework. This framework integrates user interaction monitoring with existing security mechanisms across three domains: user interfaces, onboard systems, and cloud services. It utilizes Behavioral Risk Indicators (BRIs) to identify risky actions, such as repeated update postponement or frequent pairing with unknown devices, and performs cross-layer risk correlation to detect compound threats. Key findings reveal that attackers can circumvent cryptographic trust by exploiting compromised user interfaces. For instance, attackers may manipulate cloud-based navigation data to redirect vehicles or exploit Bluetooth connections to inject malicious commands into infotainment systems. The study demonstrates that traditional awareness-based defenses fail because they rely on reactive user vigilance, which is unreliable in safety-critical transportation systems. In contrast, the proposed BDCRL framework enables proactive mitigation through behavior-aware trust adjustments. When elevated risks are detected, the system can automatically increase verification thresholds, isolate compromised subsystems, or enforce critical updates without requiring manual user intervention. Scenario-based validation shows that this approach successfully detects high-risk conditions before they impact V2V or V2I trust models. The significance of this work lies in its redefinition of CAV cybersecurity as a design-level issue rather than a user compliance failure. The authors conclude that cybersecurity cannot be achieved solely through technical robustness; it must account for the human element. The proposed framework shifts responsibility from reactive end-user actions to proactive system-level processes, ensuring that legitimate vehicles do not unintentionally act as carriers of malicious data. This approach has broader implications for trust management in vehicular networks and suggests that certification frameworks must extend beyond technical compliance to include interface design and secure integration with personal devices.
Provenance
The full processing record for this entry. Every stage of this paper's journey through the pipeline is logged — what ran, with which tool and model, how many attempts it took, and when it last completed.
| Stage | Outcome | Tool | Model | Prompt | Attempts | Completed |
|---|---|---|---|---|---|---|
| discover | success | Crossref | — | — | 1 | 2026-06-19 |
| archive | success | canonical_url | — | — | 1 | 2026-06-26 |
| extract | success | cached | — | — | 2 | 2026-06-26 |
| clean | success | clean | — | — | 1 | 2026-06-20 |
| chunk | success | chunk | — | — | 1 | 2026-06-20 |
| embed | success | embed | Qwen/Qwen3-Embedding-8B | — | 1 | 2026-06-20 |
| promote | success | — | — | — | 1 | 2026-06-19 |
| summarize | success | llm | qwen3.6-27b-prismaquant | summ-v5 | 1 | 2026-06-26 |
| tag | success | vector_similarity | — | — | 6 | 2026-06-20 |
| verify | success | — | — | — | 1 | 2026-06-26 |
Summary generated by qwen3.6-27b-prismaquant on 2026-06-26; verification: verified.
Topics
Ranked by relevance to this paper. Hover a topic for its definition.