A recent study conducted by researchers from the University of Washington and the University of California San Diego examines the safety of the modern automobile which contains a variety of electronics and software, much of which is designed to make the vehicle safer.
Instead of focusing on common automobile safety topics such as crashworthiness, active/passive restraint systems, or distracted driving, their research focused on the vulnerability of the computerized controls that form the platform of the vehicle and the interfaces, both physical and logical, that enable communication throughout the vehicle.
The research examines the connections, protocols and security controls for communicating with the vehicle and what damage could be done through gaining access to the vehicle's internal network.
In summary the team developed a software tool they named CarShark to send and receive messages to the Controller Area Network (CAN) bus as well as interface to the vehicle On-Board Diagnostics interface (OBD). They connected the software via a computer directly to the vehicle interfaces and were able to perform some disturbing actions such as disabling communication between electronic control units and reflashing electronic control units. They could also provide false readings on instrument panel such as fuel gauge showing empty and speedometer at its maximum as well as sending false readings and to other components in the vehicle. One aspect of the experiment I found particularly interesting was attacking one component with a seemingly valid action that caused it to communicate to other components in ways that make them fail or take incorrect action. This cause and effect relationship was such that they did not have to attack components directly to make them fail or result in a potentially catastrophic outcome. You can read the report to learn about all of the other things the team was able to do to the vehicle.
This analysis was presented at a recent IEEE Symposium on Security and Privacy.
The control that software has over the physical behavior of the vehicle was made more evident recently when it took just a software upgrade to correct a stability control issue with the Lexus GX 460 to allow it to pass the Consumer Reports road test.
Most of us don't expect a computer to be connected to our vehicle that we don't know about. But consider that a computer can be smaller than a deck of cards and with wireless capability the potential for remote controlled chaos is possible. There are also automotive OEM and add-on services in the market that provide great personal value but they themselves could be open to vulnerabilities. I can say from working with one of these OEM's in their vehicle telematics services area on a daily basis, security, access control, authorization, and ensuring all of the aforementioned are top of mind.
I expect the automotive industry to move to strengthen the standards for interfaces and protocols on automobiles. In the mean time I'll be looking for a hood lock to keep my CAN bus and OBD interfaces safe from would be hackers.