The state of the art in cyber-attacks against automobiles and automotive systems has been well summarized in academic research (see e.g., https://digital.lib.washington.edu/researchworks/bitstream/handle/1773/26024/Koscher_washington_0250E_13805.pdf, http://www.autosec.org/pubs/cars-oakland2010.pdf, and http://www.autosec.org/pubs/cars-usenixsec2011.pdf). Attackers are using the design features of in-vehicle communications networks to interfere with safe and normal vehicle (including cars and trucks of all classes) operations.
The chief in-vehicle network deployed in the United States and globally is the controller area network (CAN) bus, which is one of the five protocols used in the on-board diagnostics (OBD)-II vehicle diagnostics standard. OBD-II has been required on vehicles sold in the United States since 1996. Europe adopted a similar standard in 2001 for gas powered vehicles and 2004 for diesel vehicles.
The CAN bus system was designed to handle safety issues; however, it does not take into account the possibility of an adversary, deliberately using the system for unauthorized purposes (see e.g., http://www.autosec.org/pubs/cars-oakland2010.pdf). Researchers have demonstrated attacks that allow malicious actors to manipulate the brakes in a moving car, manipulate the engine, and cause other dangerous scenarios (see e.g., http://www.autosec.org/pubs/cars-oakland2010.pdf and http://www.autosec.org/pubs/cars-usenixsec2011.pdf).