UPDATE: Car hacking could be the new carjacking
Last year, Fiat Chrysler(FCA.MI) set up a "bug bounty" program to pay hackers for information on flaws that could allow unauthorized access, but the company won't say if that has identified any vulnerabilities. Ford Motor Co.(F) and other global auto makers also have active programs to counter vehicle hacking.
What level of threat?
For now, analysts inside and outside the auto industry agree the systemic risk to cars is limited. Most attacks have been contained to a specific vehicle, and usually require close physical proximity and an intimate knowledge of which connectivity technology is being used. All of the known penetrations of vehicles were orchestrated by cybersecurity experts for demonstration purposes.
These "white hat" hackers are more interested in exposing auto makers' vulnerability and hubris than causing any harm to drivers. And even "black hat" hackers may be more of a nuisance than a danger, doing things like disabling a rear camera or erasing a digital-music library.
Security officials say criminal hackers are more likely to remain focused on targets such as financial institutions that can be penetrated remotely, at greater scale and for some sort of financial payoff.
And some auto-industry representatives say the threat of systemic hacks is overblown, noting that so far there has never been a successful "commercial hack" by criminal groups.
"Yes, it provides some potential vulnerabilities," Dave Schwietert, executive vice president of the Alliance of Automobile Manufacturers, an industry lobby, said at the June conference in Washington. But "the benefits, we believe, far outweigh the downside risks."
Consumers are willing to accept that trade-off when it comes to smartphones and other connected devices, and cars are the next logical frontier for the internet to conquer. But as those connections to the outside world proliferate, so does the potential for exposure to bad actors, says Craig Smith, research director of transportation security at Rapid7 Inc.,(RPD) a Boston-based security-data and analytics firm, and author of a guide for penetration testers, "The Car Hacker's Handbook."