As software becomes more important to how cars work, the question is how much thought went into security? The answer is, as you'd expect, "none". Security wasn't an afterthought, it wasn't thought of at all.
Well, researchers are now turning their attention to the problem, and what they're finding is pretty horrifying. Like Computer worms that could hop from car to car, shutting off the engine and causing traffic jams from hell:
The idea would be to launch a worm that would spread on the Internet (in any of a number of well explored ways) looking for vulnerable smart phones. Smart phones have GPS devices in, so the worm, having infected the phone, could ensure it was only operating in some geographic area of interest (eg the US, or a particular city). The worm could then check if it was on a smart phone that happened to be plugged into a car, and if so compromise the car. It could then use whatever wireless opportunities were available to compromise any other cars within the attack range. It could also disable the car (eg by locking up the brakes, stopping the engine, etc).For extra credit, examine the effect of adding "Smart" electric power meter attacks to the rolling TEOTWAWKI. For maximum effect, make sure the code includes a 7 day delay, to allow the maximum spread, both to cars and homes. Then the logic bomb goes off.
The idea would be that the worm would seed itself into the small minority of cars that are Internet vulnerable and from there spread into the larger majority that are not.
If this worked correctly, the end result would be a city with all its major freeways and surface streets full of disabled cars, a situation that would paralyze almost all commerce. It would probably take weeks to straighten out the mess.
This is the sort of scare scenario that gets security a bad name. We're a bunch of Cassandras, always looking at the downside - arguing about who killed who ...
"Plausible", as the MythBusters might say. The reason is well known:
Usually, when the security community comes across some new domain whose practictioners lack any understanding of security, it turns out that there are very large numbers of vulnerabilities of all kinds that are pervasive throughout the system.Development teams are penalized for their feature not being ready for the new model year. Teams are not penalized if there's a huge, gaping security hole in their architecture (say, user devices like phones able to be attached to the network that accesses the engine and brakes).
Another reason to get that sweet GTO.