IEEE Spectrum, a bit late to the party, report on the automotive security work carried out jointly by the security groups at UW and UCSD:
“Researchers at the University of California at San Diego and the University of Washington say that in their
tinkering research, they hit upon a cyberattack method by which thieves could cause large groups of cars to report their vehicle identification numbers (from which it is easy to determine the cars’ years, makes, and models) and GPS coordinates. Having learned where the most prized vehicles are parked, the technique would allow criminals to issue another set of commands that remotely bypass the cars’ security systems, unlock their doors, and start their engines. A similar technique, said the researchers, could be used to listen in on a driver’s phone conversations, or worse, to disable one or multiple cars’ brakes as they travel at highway speeds.
“Automakers say they have gotten the message. A Chrysler spokesman says the company is seeking the advice of security experts in order to identify its cars’ vulnerabilities. Ford says it is ‘working to ensure that we’ve developed [cars that are] as resistant to attack as possible.'”