The National Highway Traffic Safety Administration and the FBI warned this week that the increasing use of computers in autos pose more risks of cyberattacks.
This warning follows a high profile demonstration of eight months ago published by Wired that showed a Jeep Cherokee being controlled remotely on the Internet. Shortly afterwards, Fiat Chrysler recalled over 1.4 million vulnerable vehicles.
Manufacturers see excellent promise in making vehicles with network capabilities that are advanced for everything from fleet management to entertainment.
However, experts in computer security have been critical of the industry for not taking steps that are strong to prevent vulnerabilities that might have consequences that are lethal.
The FBI announced that although the car makers are currently attempting to limit communications that could happen between two different systems on board, the linkage could still give portals via which the adversaries might be able to attack remotely the vehicle systems and controls.
Third party devices that are plugged into a diagnostic port of a vehicle can introduce other vulnerabilities through providing connectivity where it was not in existence before, said the agency.
Some insurance companies offer TCUs or telematic control units, which plug into the vehicle’s On-board Diagnostic port.
That unit is able to provide data to an insurance company, which then can be used in risk profiling.
Researchers from the University of California in August showed how a dongle from Mobile Devices Ingenierie in Paris was remotely accessed.
They succeeded in applying the brakes to a Corvette and turned the windshield wipers on. At that time, an update in software was issued by Mobile Devices Ingenierie.
Officials in the FBI have said that consumers need to pay more attention if the manufacturer issues an update to its software for their particular vehicle and should be very cautious when connecting devices that are third party.