curious if this is just against legacy car makers or whether it also works against tesla, rivian, lucid (or any other almost software first car company). presumably not?
Nearly everything has multiple can busses because CAN is too slow for many/most usecases nowadays. Some car manufacturers you can even feel the random lag in everything from the accelerator to the brake lights due to the canbus being so full it adds a half second delay before updating everything.
Automotive ethernet is faster and might be back to a single bus...
Because the kind of vulnerability being exploited here is basic "software engineering 101" that even a non-technical person should be able to figure out. It's the equivalent of putting something in a safe and then duct-taping the key to the safe itself.
i don't know anything about how cars work but the article says "At the moment, impacted vehicles are generally wide open to these sorts of attacks. The only proper fix would be to introduce cryptographic protections to CAN messages, Tindell told Motherboard in an email. This could be done via a software update, he added"
and i'm kinda expecting software first companies to already have this stuff in place? also stolen car media seems to focus on legacy autos being stolen not so much the newer ones, hence the question but maybe the theives target better build quality, who knows.
Wasnt the mindset of computer security that "if they can access the hardware then it is over"?