[bragr]

So are they talking about the Donkey car project? That's the only one that I'm aware of that aligns with what is said in the article.

[xbar]

I suppose they could be talking about any of a variety of drones.

They suggest up to millions of affected devices.

[bragr]

ArduPilot then? Or they are just inventing theoretic vulnerabilities to drum and panic/business. On a second read it feels more like the latter.

[tptacek]

None of these vulnerabilities are "theoretical" (they're maybe a bit stale, is the worst you could say about them).

A reasonable first approximation would be that all writeups about new vulnerabilities are intended to drum up something, so that's just about the least interesting thing you could say about a post like this.

[bragr]

Theoretical in the sense of actually existing in a widely deployed product such that it can't be responsibly disclosed.

[tptacek]

I have seen all of these vulnerabilities in widely-deployed products of varying sorts (this was my day job for many years). I don't know who these authors are, I'm just saying that the bugs aren't theoretical.

[bragr]

I'm not sure that we agree on what theoretical means. That these classes of bugs are probable does not make their existence in any particular software any less theoretical an in the absence of evidence. Which software? Which endpoint? Sample exploit? One example of a robot executing an unauthorized command? The authors do not say and only offer vague assertions and contrived examples.