Malware In Cars

If you know of an example that ought to be in this page but isn't here, please write to <webmasters@gnu.org> to inform us. Please include the URL of a trustworthy reference or two to present the specifics.

Here are examples of malware in cars.

Tesla used a universal backdoor in its software to limit customers to using just part of the battery of some cars.

While remotely allowing car “owners” to use the whole battery capacity did not do them any harm, the same back door would permit Tesla (perhaps under the command of some government) to remotely order the car to use none of its battery. Or perhaps to drive its passenger to a torture prison.
Audi's proprietary software used a simple method to cheat on emissions tests: to activate a special low-emission gearshifting mode until the first time the car made a turn.
Caterpillar vehicles come with a back-door to shutoff the engine remotely.
Volkswagen programmed its car engine computers to detect the Environmental Protection Agency's emission tests, and run dirty the rest of the time.

In real driving, the cars exceeded emissions standards by a factor of up to 35.

Using free software would not have stopped Volkswagen from programming it this way, but would have made it harder to conceal.
DRM in cars will drive consumers crazy.
The Nissan Leaf has a built-in cell phone modem which allows effectively anyone to access its computers remotely and make changes in various settings.

That's easy to do because the system has no authentication when accessed through the modem. However, even if it asked for authentication, you couldn't be confident that Nissan has no access. The software in the car is proprietary, which means it demands blind faith from its users.

Even if no one connects to the car remotely, the cell phone modem enables the phone company to track the car's movements all the time; it is possible to physically remove the cell phone modem though.
Security researchers discovered a vulnerability in diagnostic dongles used for vehicle tracking and insurance that let them take remote control of a car or lorry using an SMS.
Crackers were able to take remote control of the Jeep “connected car”.

They could track the car, start or stop the engine, and activate or deactivate the brakes, and more.

I expect that Chrysler and the NSA can do this too.

If I ever own a car, and it contains a portable phone, I will deactivate that.
It is possible to take control of some car computers through malware in music files. Also by radio. More information in Automotive Security And Privacy Center.
Computerized cars with nonfree software are snooping devices.
Proprietary software in cars records information about drivers' movements, which is made available to car manufacturers, insurance companies, and others.

The case of toll-collection systems, mentioned in this article, is not really a matter of proprietary surveillance. These systems are an intolerable invasion of privacy, and should be replaced with anonymous payment systems, but the invasion isn't done by malware. The other cases mentioned are done by proprietary malware in the car.
Tesla cars allow the company to extract data remotely and determine the car's location at any time. (See Section 2, paragraphs b and c.). The company says it doesn't store this information, but if the state orders it to get the data and hand it over, the state can store it.