"Previous research showed that an adversary can seriously impact the safety of a vehicle if he or she is capable of sending packets on the car’s internal wired network ... and numerous other papers have discussed potential security risks with future (wired and wireless) automobiles in the abstract or on the bench," the study continued. "To the best of our knowledge, however, we are the first to experimentally and systematically study the externally-facing attack surface of a car."
The CAESS said its report focused on a "moderately priced sedan."
"We iteratively refined an automotive threat model framework and implemented complete, end-to-end attacks along key points of this framework," the authors wrote. "For example, we can compromise the car’s radio and upload custom firmware via a doctored CD, we can compromise the technicians’ PassThru devices and thereby compromise any car subsequently connected to the PassThru device, and we can call our car’s cellular phone number to obtain full control over the car’s telematics unit over an arbitrary distance."
The group added a disclaimer that "many of the specific vulnerabilities identified in this paper have or will soon be addressed."
The full CAESS report can be read here.