OBD standard makes it easier for drivers to get their vehicles diagnosed and repaired but it also brings security concerns. Researchers at the University of Washington and University of California examined the security around OBD, and found that they were able to gain control over many vehicle components via the interface. This means the vehicles can be controlled by others besides the owners. There have been reports of thieves using specialist OBD reprogramming devices to enable them to steal cars without the use of a key.
Besides, the researchers were able to upload new firmware into the engine control units. Their conclusion is that vehicle embedded systems are not designed with security in mind. The main causes of this vulnerability lie in the tendency for vehicle manufacturers to expand the bus for purposes other than those for which it was designed, as well as the lack of authentication and authorization in the OBD specifications, which instead rely largely on security through obscurity.