The FBI and the National Highway Traffic Safety Administration warned on Thursday that the rising use of computers in vehicles poses increasing risks of cyberattacks.
The warning comes eight months after a high-profile demonstration published by Wired showed how a Jeep Cherokee could be remotely controlled over the Internet. Fiat Chrysler later recalled 1.4 million vulnerable vehicles.
Manufacturers see great promise in designing vehicles with advanced networking capabilities for everything from entertainment to fleet management.
But computer security experts have criticized the industry for not taking stronger steps to prevent software vulnerabilities that could have lethal consequences.
The FBI said that although manufacturers are now trying to limit the communications that can happen between different on-board systems, the linkages can still provide “portals through which adversaries may be able to remotely attack the vehicle controls and systems,” the advisory said.
Third-party devices intended to be plugged into a vehicle diagnostic port can also “introduce vulnerabilities by providing connectivity where it did not exist previously,” the agency said.
Some insurance companies offer telematic control units (TCUs) that plug into a vehicles’ On-Board Diagnostics II (OBD-II) port. The unit can provide data to the insurance company, which can be used for risk profiling.
In August, University of California researchers showed how a dongle from Paris-based Mobile Devices Ingenierie could be remotely accessed. They were able to apply the brakes of a Corvette and turn on its windshield wipers. Mobile Devices Ingenierie issued a software update.
The FBI said consumers should pay attention if manufacturers issue software updates for their vehicles and also be cautious when connecting third-party devices.