(no title)

The root problem is that they were able to flash an ECU with custom code. From there they are 'trusted' on the vehicle network and can trigger or emulate any other component.

Requiring the firmware image to be signed, or not accepting a bootload from the physical interface that's connected to the internet would be a more comprehensive solution.