Automakers and suppliers are making progress in protecting vehicles from cyber attacks, but the car-hacking threat is still real and could get increasingly serious in the future when driverless vehicles begin talking to each other.
A worst-case scenario would be hackers infiltrating a vehicle through a minor device, such as an infotainment system, then wreaking havoc by taking control of the vehicle's door locks, brakes, engine or even semi-autonomous driving features.
Such a scenario was shown to be possible in a 2015 remote hacking demonstration involving a Jeep Cherokee that rocked the industry and prompted Fiat Chrysler Automobiles to send UBS sticks with software patches to the owners of 1.4 million cars and trucks.
A large-scale vehicle hacking resulting in death and destruction was depicted in last year's "The Fate of the Furious" action movie.
"That's Hollywood sensationalizing it, but that is not really that far-fetched," said Joe Fabbre, a director with Santa Barbara, Calif.-based Green Hills Software, which makes operating systems software for vehicles with a focus on security. "There are very skilled hackers out there who can beat through a lot of medium and low levels of robustness in terms of security that is present in a lot of cars today."
In response to the hacking threat, more vehicles are gaining the ability to wirelessly download security patches, similar to how computers and smartphones have been getting software updates for years.
These over-the-air updates allow auto companies to respond to threats – and newly discovered vulnerabilities – faster than having to direct customers to bring their vehicles to dealerships.
Automakers also have become more receptive to tips about hacking vulnerabilities coming from outside researchers, engineers or mechanics, said Beau Woods, an organizer with I Am The Cavalry, a grassroots cybersecurity organization.
In years past, well-meaning individuals who pointed out software flaws in vehicles sometimes faced cold receptions or even cease-and-desist letters, he said.
"Sometimes there is fear among automakers that if they say they accept vulnerabilities, it will encourage people to do more research and hack vehicles in the wild, which is rarely the case," Woods said.