McAfee has published a report called “Caution, Malware Ahead”, which describes security threats in auto information systems. There is no doubt that we live in a world where the number of connected devices is set to explode. If you think that it has already exploded, wait and see what the next 10 years will look like. Last year, there was 1 Billion connected devices, and Ericsson expect that we’ll have 50 Billion in 10 years. Due to many reasons, including very long design cycles and qualifications, cars have not been very connected, yet. However, it is likely going to happen, and when it does, the security risks will skyrocket along with the connectivity. Today, you may already be able to start the car with your phone, but in the future computers will attend to much more than that. Cars are expected to monitor our behavior, and make sure that we are not distracted by a phone call, or loud music. They may even sense our health (or sleep) status in real-time.
Fortunately, most of these systems are separated from the computers and sensors that help drive the car. At the moment, those critical systems are designed to be closed so that tempering with them would often require having a physical access to the car.
So, yes, in-car computing will need security too, but at the moment, most system aren’t really designed with that in mind, and it would be better to include security from the ground up, rather than as an afterthought.
That said, don’t panic. At the moment, the critical driving components are well separated and there is no known mass-attack for those. [McAfee report (pdf)]