If you get phished or something, can attackers use this to turn off the car while driving? Or something lesd harmful like keep it on while you're at work and drain gas.
Maybe. There was a vulnerability [1] with BlueLink and that could have been an attack vector, but the article mentions:
> The attack can’t be done at scale, because the local network that the vehicle owner is using would have to be infiltrated by the attacker.
Wikipedia says BlueLink uses Bluetooth [2]. So I'm not sure what connection is actually used, but if it's Bluetooth/local wifi and there are no further security bugs, then it would be unlikely that someone else could connect to the car in the first place.
I can't speak on older BlueLink cars (article is from 2017), but my 2021 Elantra has GSM built-in and the commands are sent/received through the web - no bluetooth at all.
> The attack can’t be done at scale, because the local network that the vehicle owner is using would have to be infiltrated by the attacker.
Wikipedia says BlueLink uses Bluetooth [2]. So I'm not sure what connection is actually used, but if it's Bluetooth/local wifi and there are no further security bugs, then it would be unlikely that someone else could connect to the car in the first place.
[1] https://www.tomshardware.com/news/hyundai-blue-link-vulnerab... [2] https://en.wikipedia.org/wiki/Hyundai_Blue_Link