Abstract: This essay first analyzes the current cyber security threats faced by smart connected cars from four dimensions: Telematics cloud service platform, Telematics communication, invehicle terminals, and externally connected terminals. Secondly, in order to fully understand the current cyber security level of smart connected cars, 10 different mainstream car manufacturers’ smart connected cars are selected from the market and penetration tests are conducted based on six attack vectors: TCU, HU, invehicle network, radio, TSP and car control APP, and the test results are sorted and analyzed to assess their cyber security level. Then, the corresponding security protection strategies are proposed from four aspects: the security of the Telematics cloud service platform, the security of Telematics communication, the security of invehicle terminals and the security of externally connected terminals. Finally, based on the constantly diverse and unpredictable characteristics of automotive cyber security attack vectors, an outlook on the cyber security of smart connected vehicles is provided.

Key words: intelligent networked vehicles, cyber security, security threats, penetration testing, security protection

摘要： 首先，从车联网云服务平台、车联网通信、车载终端、外部连接终端4个维度分析当前智能网联汽车所面临的网络安全威胁.其次，为了充分了解当前智能网联汽车的网络安全水平，从市场上选取10款不同主流车企智能网联汽车，基于TCU、HU、车载网络、无线电、TSP、车控APP 6大攻击载体进行渗透测试，并对测试结果进行梳理分析，评估其网络安全水平.然后，从车联网云服务平台安全、车联网通信安全、车载终端安全、外部连接终端安全4个方面，提出相应的安全防护策略.最后，基于汽车网络安全攻击载体不断多样性、不可预测性特点，对智能网联汽车网络安全进行了展望.

关键词: 智能网联汽车, 网络安全, 安全威胁, 渗透测试, 安全防护