Comment Re:So where are the CVE/Vuln reports for this?Oh,w (Score 4, Informative) 165
There have been public demonstrations, some televised, of certain models of modern car that allow you to change things like timings and injection sequences, via OBD, over Blueooth, using default passcodes.
I'm sure they're all patched now. Of course. No more will that ever happen again.
There's also been demos of being able to DoS certain buses in the car remotely and wirelessly, preventing everything from in-car entertainment to immobilisers from working, etc. using similar techniques.
These things are all out there. Go look. And that's just OBD. God knows what happens when you start tying in Wifi into the car speakers, joining that to the satnav for Internet updates, joining those to the car etc.
You can see cars on the market today, not even particularly unusual or modern ones, that pull in OBD information into the electronic dashboard which also doubles as a music interface and a satnav and a fuel gauge and a Bluetooth phone interface and everything else. It's not at all hard to imagine that such things haven't covered every single possible hole where information from one can leak to another.
And anything OBD-writing is potentially dangerous. As in "blow up your engine" dangerous. Most older OBD systems are nothing more than read-only technical data. Newer ones do more to allow flashing, firmware updates, and even modification of settings that control emission levels (e.g. fuel injectors, exhaust re-introduction pumps, etc.). Add that together and you have one big mess waiting to happen.
There's a reason that you don't buy mod-chips for your engine nowadays that you can swap out to pass emissions test and then swap back to get the "sports performance" of your car. Because they don't need to swap the chips physically any more.