i’m aware that on this case there was something even dumber, an unsecured api endpoint, but as far as i know, if you’ve managed to reach the system you can do anything with any other connected device. there should not be a way to be able to do whatever you want just because you have access to the network.
I recall reading that some cars are now using TCP/IP for connecting some of their systems. A _super_ quick search on this topic yields some results speaking to this [0].
[0] - https://www.techrepublic.com/resource-library/whitepapers/tc...