Re: "Ford and VW"
Somewhere around here is a post I made which is somehow approved but hidden.
Basically good luck fiddling the buses from the Ford infotainment, the hardware is partitioned and the QNX bit has no access to CAN, it goes via datapool in shared memory to another board that can explicitly only read and write specific messages.
And you can't fiddle the infotainment software without either getting straight to the eMMC or having the correct certificate to sign any file you want to upload via the USB. But reading what's built into the factory image is easy because it's all in the upgrade packages you can freely download. There is/was a discoverable root password but the production image has no way to connect a debug console (doesn't try to start the ethernet dongle) so that's pretty useless too.
And funnily enough the CAN is all partitioned so you can't just wander around trivially, and some of the critical control buses are physically isolated. You can get around the general access security (though not the stuff needing privileged access) by reverse engineering the workshop tool protocols but that doesn't gain you much beyond what the workshop tool already does, except the ability to accidentally brick the modules.
Hur hur we canz hack it isn't quite as simple as it appears when it comes to actual exploits.