The FBI and US National Highway Traffic Safety Administration have issued a bulletin warning that motor vehicles are "increasingly vulnerable" to hacking.
"The FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and after-market devices – to maintain awareness of potential issues and cyber security threats related to connected vehicle technologies in modern vehicles," the agencies said in the bulletin.
In July 2015, Fiat Chrysler recalled 1.4 million US vehicles to install software after a magazine report raised concerns about hacking, the first action of its kind for the car industry.
Also last year, General Motors issued a security update for a smartphone app that could have allowed a hacker to take control of some functions of a plug-in hybrid electric Chevrolet Volt, like starting the engine and unlocking the doors.
In January 2015, BMW said it had fixed a security flaw that could have allowed up to 2.2 million vehicles to have doors remotely opened by hackers.
"While not all hacking incidents may result in a risk to safety – such as an attacker taking control of a vehicle – it is important that consumers take appropriate steps to minimise risk," the FBI bulletin said Thursday.
NHTSA Administrator Mark Rosekind told reporters in July 2015 that car makers must move fast to address hacking issues.
The Fiat Chrysler recall came after Wired magazine reported hackers could remotely take control of some functions of a 2014 Jeep Cherokee, including steering, transmission and brakes.
The NHTSA has said there has never been a real-world example of a hacker taking control of a vehicle.
Two major US auto trade associations — the Alliance of Automobile Manufacturers and Association of Global Automakers — late last year opened an Information Sharing and Analysis Centre.
The groups share cyber-threat information and potential vulnerabilities in vehicles.
The FBI bulletin warned that criminals could exploit online vehicle software updates by sending fake "e-mail messages to vehicle owners who are looking to obtain legitimate software updates. Instead, the recipients could be tricked into clicking links to malicious Web sites or opening attachments containing malicious software."