Going from the incidences of pure-computer attacks, the main issues are:

1. Ability of attackers to probe many systems for vulnerabilities safely. Someone walking down the street pulling handles to check for unlocked cars can only get at so many cars.

2. Physical distance of the attacker from the victim and their property. Specifically, they can be in a different legal jurisdiction, making it very hard to prosecute them, and therefore reducing the deterrent effect of law enforcement.

3. Abstract nature of the act from the criminal's perspective. The decision to commit a crime, and the processes that deter it, are not entirely rational, and have to do with things like social anxiety, perceived safety of the environment, etc. Just like trolls say things online that they would never say I'm person, some online attackers do things they would never have the nerve to do on person, even with the same level of actual risk.

As to motives, these are fairly well-studied, and some are very applicable to this class of vulnerabilities.

1. Direct acquisition of valuable goods/information. Doable with this vuln, but not for someone sitting in Russia. Strike it off the list.

2. Extortion. Most DDoS attacks are aimed at this. You can't get anything directly by causing someone harm, but you can (and many people do) perform a "demonstration" attack to show capability, then call you up and make demands. Very doable with these attacks.

3. Ideological motives. This tends to lead people to want to hurt others in particularly visible ways, so I can see the psychological appeal of using this kind of vulnerability for a terrorist attack. A bit out there in terms of probability, but possible.

4. Nation-state action. Not many consumers worry about this too much, but I think the appeal of this vulnerability to an intelligence agency is pretty clear.

Thanks, good response - this is what I'm trying to get at. Initial reaction to this threat is very much "OMG people are gonna die". And I'm going to be honest, I think people will, at some point, be killed because someone targets a vehicle computer system remotely. But it's not a law of nature that vulnerable systems will be compromised to cause the maximum casualties possible; it will take someone deliberately setting out to do it. This is a means; someone else has to supply a motive.

> Actions are untraceable? Crime has no consequences?

In a sense, yes. The risk to the attacker is reduced so significantly, and the consequences are so remote, that people on the internet will do something horrible just for fun. Basically, distance, anonymity, and lack of consequences seems to turn a lot of people into sociopaths.

People develop in a society, face to face, where your actions have consequences to you and to others around you, and ultimately to your relationships with people you interact with directly. I think the internet provides some evidence that if we didn't have that, a lot more people would act horribly to one another.

Granted, that's not Chrysler's fault. But providing a "crash my car over the internet" button is handing those people a very powerful tool, and that seems like negligence to me.

Let's put it this way: would you drive a car you know someone could hijack and crash over the internet at any time? Wouldn't you like a reasonable assurance that your car has been designed to prevent that?

It's interesting that that sounds more like a flaw in the Internet than a flaw in the Jeep :)

Arguably, it's a flaw in human nature.

It's an avoidable risk - there's no reason it has to be possible to remotely affect a vehicle like this from over the internet. It's also a risk that can grow exponentially once discovered in ways physical threats can't. How long after shellshock was announced did everyone start seeing exploits in their server logs? Not very long.

So maybe instead of using this to kill people, someone decides to cause small accidents for the insurance money. Or there's a way to use it to listen to people through the voice recognition software and people spy on their exes or employees with it. Or just load a trojan onto people's smartphones when they dock it into the onboard charger that gives them root access to the thing they use to check their bank statements, or who knows what? Don't think of it as just a car, rather think of it as an exploitable network with the added benefit of potential collision damage.

THERE's a proper threat model - I like it! Can I take control of the Jeep behind me in traffic, cut off its brakes and cause it to collide with me for the insurance money? Okay - now we're talking. A realistic threat we can work to counter.

> Because the internet differs from the real world in that... Actions are untraceable? Crime has no consequences?

Precisely. And you said one of the reasons it must remain that way:

> It crosses borders

The alternative is for any connection to the network to require a real-world identity, and to bear liability for information they transit if they can't identify who it came from. This is politicians' wet dream (more control/power), but it is utterly impractical as it simply can't scale, cross jurisdictional boundaries, or actually stop bad actors (who just steal someone else's credentials). Never mind the inevitable effects on free speech and cementing the idea that individuals cannot opt out being tracked and recorded.

It's a long-held design principle to assume that the Internet is full of malicious intelligences, and that your software should act accordingly. Even if everybody in the world were completely benevolent, this would still be a prudent assumption for robustness against weird coincidences between context domains. Putting one's fingers in their ears and then crying to influential friends about "hackers" doesn't absolve one of responsibility for adhering to this principle.

I think one thing to consider is the attacker's leverage. In the physical world, an attacker might attack one victim at a time. However in the digital world, the attacker could attack multiple vehicles in a similar amount of time.

Right. To what end? Who's the threat here? Someone looking to cause a mass casualty event? So terrorists and psychopaths, then. So what liability does a car manufacturer have in such an event?

Attacker: Nice car company you have here. Btw, I've got control over 300k of your vehicles. Want to pay up?

> So terrorists and psychopaths, then. So what liability does a car manufacturer have in such an event?

I'm not sure, but a large number of vehicles turning into bricks during rush hour would probably be a big enough problem for one of the many catch-all "things that undermine national security" (criminal) laws to be relevant.