There aren't many ways someone could connect to your car... actually, none. The only way to hack your car is if you do it yourself or have someone do it for you since you would have to physically modify it. It looks like the real issue here is that the car companies don't want you to be able to make modifications to your car. Reminds me of when I was waiting for some friends after work at a brew pub in Austin in 1999. It was crowded and some women offered to share their table with me. One of them was explaining that she quit her job and started a company to fix the year 2000 issue with cars. She was convinced that cars would stop working on 1/1/2000. She said it was the microcontrollers. I was a design manager for microcontrollers in the automotive division at the time. I told her that there was only one microcontoller in the car that knew what time it was and it didn't know if it was am or pm much less what year it was. She wouldn't listen to me so I moved to another table. I wonder how her company did.
I came across an interesting company recently that may offer a solution - albeit a bit extreme - for securing that automotive IC supply chain, Junko, particular in the context of the MCU.
I was talking with Olek Cymbalski, owner of OPC Technologies (www.opct.com). He described their service which secures the supply chain by taking in the MCUs to be used in a particular design, programming them here in the US using the required code, removing the ability to recode (securing them) then shipping them to the production line -- anywhere in the world. This, according to Cymbalski, takes the programming details out of the engineers hands, while at the same time ensuring the ICs aren't tampered with along the way from the MCU manufacturer to the production line.
A bit extreme, but I'm sure Olek can comment more on it.