<i>"As a note of caution, if manufacturers regularly make software updates for vehicles available online, it is possible that criminals may exploit this delivery method."</i><p>Right. This may be the beginning of the end of remote software updates for "security fixes". The backdoor implicit in remote software updates may be a bigger risk than the existing hole. If anybody ever gets (or already has) Microsoft's or Apple's signing key, there's going to be big trouble.
So why do any of the things mentioned in an article need any form of network connection? All the monitoring could be done at a standard mechanic like how cars are already checked over, the unlock system doesn't need to work over more than a few metres (what's the chance anyone is going to want to legitimately unlock a car from miles away?) and stuff like the entertainment system could be kept self contained.<p>Then it wouldn't be an issue how 'insecure' the OS is, since a thief would have to be physically near the vehicle to do anything.<p>But hey, thanks to the obsession with 'smart' devices and the internet of things and all that stuff, everything seems to have an internet connection chucked in for no real reason.
Imagine what would happen if a hostile government, organized crime, someone who hated you, or a bored teenager controlled your car. And also your oven, your air conditioner, and your garage door. Welcome to the Internet of Things, folks!
You know all those things that make it really easy for Grandma to have her identity stolen when checking her email?<p>They're coming to car/refrigerator/toaster near you.
The crime is the NTSB not taking these unsafe vehicles off the road. Drivetrains should be air gapped. Period. You want a multimedia display it should be read only off the CAN bus.