Uh, what? If my infotainment system is capable of influencing my steering or any safety-critical function then malpractice has been committed. Infotainment needs only read (one-way) capability on the vehicle.
I do wonder about the CAN bus. there's no access control on the CAN network, there's one shared bus for the whole car, and any controller can starve the bus by spamming with a high address, unless that's changed.
you'd hope that there'd be some kind of filtering to prevent the infotainment system from sending (arbitrary) CAN messages, but I recall some crazy demos of researchers pwning a car's accelerator after rooting the center console.
Is that really a security issue, though? If someone has access to your center console, they have access to your car. If someone has access to your car, they can cut your brake lines or do a million other things that are impossible to defend against.
I agree that is a serious concern, then. I thought it sounded like voting machine hacking where the dramatic headlines are hiding the fact that the hackers had physical access to the machine.
That depends on the jurisdiction. When I voted in Maryland, there was a machine that I directly cast my vote into.
When I vote where I live now in Massachusetts, I fill out a paper form in private and then I manually feed the forms into a voting machine where I have only supervised physical access.
I think it's entirely possible to have machine-counted ballots without giving unfettered and unsupervised access to the counting machines and I prefer the MA system (for the reasons you describe), but I also recognize the Constitution is clear in its reserving the power to each state for how to conduct the election (at least for President) in Article 2, Section 1, Clause 2.
The Tesla Cybertruck doesn’t use CAN for steer-by-wire. It uses Gigabit Ethernet. According to my mechanic my ABS system is using something similar. CAN isn’t the only bus in the car. According to Wikipedia the LIN bus is intended to supplement CAN with non-critical components.
you'd hope that there'd be some kind of filtering to prevent the infotainment system from sending (arbitrary) CAN messages, but I recall some crazy demos of researchers pwning a car's accelerator after rooting the center console.