[casylum]

OBD-II diagnostics are mandated by law, but manufactures often connect almost all microcontrollers to that connector. This allows updating all of your firmware from one port. That can be a security problem when connected to the internet.

[nickbauman]

I was not aware of this; I assumed it was read-only except for reset flags, thank you for pointing this out.

[xenadu02]

There are numerous holes in various firmware that allow cross-talk between the various CAN busses anyway. I don't think anyone who set out to research automotive security has ever had to move on to another vehicle due to lack of exploitable flaws.