The IoT gets scarier and scarier.
I’d be very curious if ConnectedDrive links in with the rest of the car. I’d wager it’s on the CAN bus.
The CAN bus on most cars, mine included, does no actual signing/verification of messages; it assumes that valid CAN messages are valid. This isn’t too much of a problem for me because my car is also old enough that the only possible input, short of breaking a window and attaching hardware, would be Radio Data System. I know there’s some good research in this area (seriously everyone go bookmark Oona’s blog right now) but I don’t think it’s immediately attackable.
But if an attacker could get onto my CAN bus, they’d be able to do anything from reprogramming all my keys (bricking my car until I payed $2000 or so), reflashing my engine software, mashing on my brakes… who knows what else.