A recent report uncovered a massive security flaw affecting millions of vehicles across multiple manufacturers, thanks to a remote exploit known as PerfektBlue. The attack targets over-the-air (OTA) firmware update systems and opens the door to full remote control of vulnerable vehicles — including brakes, steering, and drive controls — without physical access.
This is a terrifying reality that hasn’t gotten nearly enough attention from consumers.
The root of the problem lies in closed-source firmware. Unlike software on your phone or PC, vehicle systems are rarely scrutinized by independent cybersecurity researchers. Manufacturers tightly guard their code, and most updates are handled internally or through slow, dealership-only processes. That lack of visibility means vulnerabilities can go unnoticed — or unpatched — for years.
What’s worse, the proposed “fix” path for many of these vulnerabilities involves using built-in satellite internet connections or subscription services that owners may not even be aware of. In other words, you may have to pay extra to make your car secure — and even then, it’s not clear whether the patch process is timely or effective.
As cars become more like rolling computers, they also become part of your digital attack surface. And unlike a compromised laptop, you can’t just reinstall the OS and move on.
While there’s nothing most drivers can do immediately, this incident should raise serious questions about transparency, security accountability, and long-term support for connected vehicles. It also highlights the growing need for independent oversight of embedded systems — especially when physical safety is at stake.