That’s pretty well explained in the article. @doctorow goes on to suggest that remote access is not to be considered out of the question. I dislike “what if” scenarios, but it’s not a big leap considering industry practices. The Jeep / Chrysler hack was done precisely because of earlier work on the CAN bus in automobiles, and suggestions that there was “no way” to exploit them remotely. It took a year to prove that to be untrue.
There is a repeated cycle we go through with security in new devices, where it seems all of the lessons of the past are forgotten or ignored. How long has it been that network segmentation and air gapping have existed as concepts in computer science? Yet designers of cars stack everything on the CAN bus, from engine control to the entertainment system. How confident are you that these problems don’t exist with J1939 and all of the “features” companies have decided to piggyback onto it?
