[AlexandrB]

> Surely there's a way to make this information read-only.

There absolutely is a way. Just off the top of my head you could relay the information from the high-sec CAN bus to a low-sec one with a micro-controller. So the low-sec bus can only receive messages from the high-sec one.

Not enabling firmware loading over CAN on the relay is a must as well for obvious reasons, but the key is the code on the relay microcontroller can be kept very simple (easier to audit/secure).

[romaniv]

Isn't that what the hacked car already doing? I don't know about Jeep specifically, but most cars have several CAN busses and some micro-controller passing messages from high-speed control network to low-speed infotainment network.

Problem is, most automotive engineers are clueless about security and most "hackers" are clueless about automotive hardware, software and protocols. There is no dialog.

I wish articles like these posted at least some specifics. A lot of these hacks in the past were completely impractical. Yes, yes, they had shown some interesting possibilities, but it was disingenuous to present them as real-life attacks (which many media outlets did).