As any hacker will tell you. There is no such thing as a secure system, only a system that has not been hacked yet.
About the exploit exposed by hackers on the Jeep from From Ausmotive
They were able to control minor things such as radio volume and HVAC controls. They could play with the Jeep’s windscreen wipers and, worryingly, they could control the steering, the brakes and cut all engine power.
The major issue with these systems is that they are in the hands of the owner/hacker of the vehicle.
ie the owner/hacker has unlimited time with the vehicle and its software to look for exploits.
John Deere and GM are already saying that the software in their vehicles does not belong to the owner, that the software is licensed.
Could this be the way that car manufacturers will try and control hackers?
Will they start prosecuting owners/hackers who attempt to hack/exploit the software in their systems?
But like anything, anyone who wants to commit a crime, for example using a car for nefarious purposes are not going to be affected by any laws, including those that say they are not allowed to look for weaknesses in a piece of software.
And it raises big questions about car insurance
Are car insurance companies going to be able to determine if a steering input came from a driver or from an external computer?
If an accident was caused by exploited software are the car manufacturers going to be held accountable by the car insurance companies?
Who exactly is responsible for the integrity of the software system?
Which party are car insurance companies going to go after in the event of an accident caused by a software problem?
And the question is increasingly pertinent if the software has been exploited.
Are car manufacturers going to wash their hands of the matter? Or will they take responsibility for the security weaknesses?
The whole situation looks to be a complete nightmare.
Even Windows, the most widely used operating system in the world, a piece of software you imagine would be attacked constantly and therefore be the most secure, is constantly having new security flaws found.
And Windows is on a PC or Laptop, it is not controlling a safety critical device like steering on car.
You can continue to use your Windows without the security patch without fear that your PC is going to get you into a massive accident.
You cannot say the same thing about driving around in a car with has not had the security patch.
Some will say it can be updated instantly over the internet, modern cars will be a WiFi hot-spot, always connected.
However I am not sure it is a good idea for a cars safety critical systems to be updated remotely with an internet connection……