Modern vehicles, and in particular electric vehicles, are increasingly being equipped with interconnected computer systems, which collect information through vehicular sources and remote, Internet-connected services. Unfortunately, this creates a non-negligible attack surface, which extends even more when vehicles are integrated with smartphones to offer advanced services. In fact, embedded systems on vehicles have been developed to address safety, not security requirements. Furthermore, vehicles have real-time constraints, and the typical embedded architectures used on board significantly complicate security designs. In this paper, we introduce a communication framework that addresses these challenges and we demonstrate how a smartphone can interact with a vehicle in a secure and safe manner. To this end, we design a security session layer that ensures end-to-end security transparently. We conduct an experimental evaluation on a real implementation of our security layer, which shows that our solution is practical and easy to use, satisfies performance constraints, and meets real-time requirements by taking into account the limited capabilities of our target architecture. More precisely, we implement our approach for an electrically-powered two-wheeler manufactured by Piaggio, and show how a smartphone can interact via a wireless link with the battery-life controller in a secure manner. Interestingly, our approach is not limited to vehicles, but can be used in other application domains where a smartphone needs to securely interact with an embedded device.