http://www.theverge.com/2015/8/11/9130203/wireless-hack-corvette-brakes-insurance-dongle

“‘We acquired some of these things, reverse engineered them, and along the way found that they had a whole bunch of security deficiencies,’ says Stefan Savage, the University of California at San Diego computer security professor who led the project. The result, he says, is that the dongles ‘provide multiple ways to remotely…control just about anything on the vehicle they were connected to.'”

So how paranoid does the average consumer really have to be?  Well, the truth is, not all that paranoid.  Right now, attacks like this have to be focussed, you have to know who you are going after, there has to be a personal connection of some kind.  They take research and consideration (they have to find your car, they have to figure out what kind of device you have implanted, if any, they then have to do some work to get access to that specific device, etc) so these are not “off-the’cuff” style hacks that can be thrown out willy-nilly like some *sshat firing off pepper-spray into a crowd of Black Friday shoppers.

The real risk will come when you get an enterprising soul who finds a way to hack 10,000 cars at once, then you are into hostage taking/hush money territory.  THAT’s when you have to worry about whether or not you should get the “good driver” discount by adding that wireless dongle to your dashboard.

It’s too late for the current crop of devices that are out there.  They are int he wild already, the security flaws have already been laid bare.  The real value in exposures like this is in encouraging companies to make sure they have at least passable security up front (many of these hacks are discovering close to NO security, security through obscurity, as it were), rather than adding the locks after the horse is already out of the barn.