Auto manufacturers are asleep at the wheel when it comes to security


There are many uninformed guesses in the comments.

Most vehicles don't put operational traffic on the diagnostic bus. You can't plug into the OBD2 port and (directly) control the brakes or engine.

A typical car might have a handful of CAN buses, only one or two of which are connected to the OBD2 port. The traffic between the ABS, engine, transmission and steering certainly isn't on the diagnostic bus. Nor is the real-time information for the airbag system, which often has dedicated links to the impact sensors. Sure, all of these modules will have links to the diagnostic bus, but that is a very indirect path. Just because you can read the steering angle sensor doesn't mean that you can force the steering wheel to turn.

There are certainly risks, but most are well understand by the people designing the systems. This paper doesn't identify any new ones.

