This paper presents a comprehensive analysis of the external attack surface of modern automobiles, revealing that remote exploitation is feasible through various attack vectors, including mechanics tools, CD players, Bluetooth, and cellular radio. The study demonstrates that wireless communications channels allow long-distance vehicle control, location tracking, in-cabin audio exfiltration, and theft. The authors also discuss the structural characteristics of the automotive ecosystem that contribute to these vulnerabilities and highlight the practical challenges in mitigating them. Modern cars are controlled by complex distributed computer systems with millions of lines of code running on tens of heterogeneous processors connected via internal networks like CAN. While this structure offers benefits in efficiency, safety, and cost, it also creates opportunities for new attacks. Previous research has shown that attackers connected to a car's internal network can bypass computer control systems, including safety-critical elements like brakes and engines. However, the threat model underlying this research has been criticized for assuming an attacker's ability to physically connect to a car's internal network, which is considered unrealistic. The authors' research seeks to address this question by systematically analyzing the external attack surface of a modern automobile. They find that remote exploitation is feasible through various attack vectors, including indirect physical access, short-range wireless access, and long-range wireless access. For example, they demonstrate that an attacker can compromise a car via vulnerable diagnostics equipment used by mechanics, through the media player by playing a specially modified song in WMA format, via vulnerabilities in hands-free Bluetooth functionality, and by calling the car's cellular modem and playing a carefully crafted audio signal encoding both an exploit and a bootstrap loader for additional remote-control functionality. The authors also consider the "utility" of these vulnerabilities to an attacker, demonstrating multiple post-compromise control channels, including TPMS wireless signals and FM radio, interactive remote control via the Internet, and real-time data exfiltration of position, speed, and surreptitious streaming of cabin audio. They also explore potential attack scenarios and assess whether these threats are purely conceptual or have plausible motives that transform them into actual risks. The study highlights the structural characteristics of the automotive ecosystem that contribute to these vulnerabilities and provides concrete, pragmatic recommendations to improve automotive system security. The authors also discuss the challenges of reverse engineering automotive systems, including the use of tools like the OBD-II port, Bluetooth, and cellular networks. They demonstrate that vulnerabilities in these systems can be exploited to gain remote control of a vehicle, highlighting the need for improved security measures in the automotive industry.This paper presents a comprehensive analysis of the external attack surface of modern automobiles, revealing that remote exploitation is feasible through various attack vectors, including mechanics tools, CD players, Bluetooth, and cellular radio. The study demonstrates that wireless communications channels allow long-distance vehicle control, location tracking, in-cabin audio exfiltration, and theft. The authors also discuss the structural characteristics of the automotive ecosystem that contribute to these vulnerabilities and highlight the practical challenges in mitigating them. Modern cars are controlled by complex distributed computer systems with millions of lines of code running on tens of heterogeneous processors connected via internal networks like CAN. While this structure offers benefits in efficiency, safety, and cost, it also creates opportunities for new attacks. Previous research has shown that attackers connected to a car's internal network can bypass computer control systems, including safety-critical elements like brakes and engines. However, the threat model underlying this research has been criticized for assuming an attacker's ability to physically connect to a car's internal network, which is considered unrealistic. The authors' research seeks to address this question by systematically analyzing the external attack surface of a modern automobile. They find that remote exploitation is feasible through various attack vectors, including indirect physical access, short-range wireless access, and long-range wireless access. For example, they demonstrate that an attacker can compromise a car via vulnerable diagnostics equipment used by mechanics, through the media player by playing a specially modified song in WMA format, via vulnerabilities in hands-free Bluetooth functionality, and by calling the car's cellular modem and playing a carefully crafted audio signal encoding both an exploit and a bootstrap loader for additional remote-control functionality. The authors also consider the "utility" of these vulnerabilities to an attacker, demonstrating multiple post-compromise control channels, including TPMS wireless signals and FM radio, interactive remote control via the Internet, and real-time data exfiltration of position, speed, and surreptitious streaming of cabin audio. They also explore potential attack scenarios and assess whether these threats are purely conceptual or have plausible motives that transform them into actual risks. The study highlights the structural characteristics of the automotive ecosystem that contribute to these vulnerabilities and provides concrete, pragmatic recommendations to improve automotive system security. The authors also discuss the challenges of reverse engineering automotive systems, including the use of tools like the OBD-II port, Bluetooth, and cellular networks. They demonstrate that vulnerabilities in these systems can be exploited to gain remote control of a vehicle, highlighting the need for improved security measures in the automotive industry.