Over-the-air code exec is fine. Unless it's in a car. Then it's not fine.https://twitter.com/c7zero/status/890729494167908353 …
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Isn't that basically the problem? Everything is connected by a CAN bus and nothing is hardened against internal attacks.
Sort of - usually there are two CAN busses, safety critical and not, and the serious problems happen when components are bridging them
So back when @stevecheckoway et al did their work, they weren't sure about whether one was "safety critical" or just higher speed.
In any case, I recall that so many insecure devices bridged the two buses that it wasn't much of a protection.
One of those devices being the telematics unit, weirdly enough (given this current vuln). But all this is old and refers to a dif't car.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.