Guess we’re re-learning the reasons for planned disclosure with every new thing that gets computerized.
GM chief product cybersecurity officer Jeff Massimilla hints to WIRED that performing the cellular update on five-year-old OnStar computers required some sort of clever hack, though he refused to share details. “We provided a software update over the air that allowed us to remediate the vulnerability,” Massimilla writes in an email. “We were able to find a way to deliver over-the-air updates on a system that was not necessarily designed to do so.”
Reminds me of a scene from The Martian by Andy Weir.
IIRC this is sort of how the Chrysler hack worked, the researchers were able to write their own version of the firmware and load it onto the car’s computer. I’m assuming the GM vulnerability was probably similar in nature, and then GM used the vulnerability to fix the vulnerability. Good thing they left that door open :)