[driverdan]

This is a great example of why it's terrible to have a car that can be remote controlled including the ability to push arbitrary updates. It should not be possible to use XSS to compromise a vehicle.

[trilila]

Following this logic, nothing should be remotely controlled because there might be security risks. Including OS updates to laptops.

[driverdan]

Correct. No one should be able to push out arbitrary code without explicit user approval.

[SquareWheel]

Users have a terrible habit of not running updates. Years of botnets suggest that automatic updates are probably the way to go.

[Sohcahtoa82]

In a perfect world, where all users are smart, sure.

But we're living in a world where there are still people running unpatched Windows XP boxes still vulnerable to MS08-067.

If it weren't for Windows automatically installing updates, I imagine at least half of home users would still be vulnerable to Eternal Blue.

[Marinlemaignan]

sure but your laptop isn't gonna drive you straight into a wall, would he ?

[gowld]

XSS compromised a remote web app, not the vehicle. The vehicle hacked Tesla HQ, not vice versa