Your Car Could be so H4XX0red

Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car’s two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car’s telematics unit and that will completely erase any evidence of its presence after a crash.

In their FAQ for the paper, "Experimental Security Analysis of a Modern Automobile", the Center for Automotive Embedded Systems Security (CAESS) does point out that it takes "considerable sophistication" to carry out any of the attacks they outline in the study, but far more people drive than are fitted with pacemakers, which were similarly found to be hackable.