Unlike a website, a car requires access to a physical, proprietary interface to embedded components. You must craft an attack to the interface and ECU.
And there are chips that can have their memory permanently burned into them (I don't know if ECUs use them, however). Patches are impossible, but there's no risk of infection either. Just test it rigorously first.
>Unlike a website, a car requires access to a physical, proprietary interface to embedded components.
That's not necessarily true.
For example, my car's ECU can be reprogrammed using the instrumentation bus. The instrumentation bus can be accessed using the wires that interface with the CD changer. That means that the audio system is on the same network as the ECU -- and if I had a Bluetooth adapter, that'd likely be on the same network as well.
What I meant about it being impossible to patch the ECU was, if they used one of the single-write chips to store the firmware it couldn't be hacked/patched except by being replaced, or possibly manipulated from the inputs.
> Indeed, researchers can disable electronically controlled brakes via Bluetooth
That I didn't know. That's a major security problem, and another reason I'm glad for my 9 year old car.
A friend of mine worked at a company that made diagnostic computers for cars and he managed to brick a BMW that required an engineer from Germany to fix the issue (an upgrade of the BMW's firmware was interrupted by the power going out, leaving the car's computer in an inconsistent state).
