One thing I've not seen addressed in this context: If someone wants to create mayhem on a highway, why would they not go low-tech / low effort? There's a number of mechanical and electrical attacks that I can think of just off the top of my head.
Analogy: is it worth the time making a pick-proof lock for the front door when someone can just break a window?
(I'm not saying we should let car manufacturers off the hook, just offering a perspective on the realism of the threat.)
I'm sure there are some who might want to "create mayhem on a highway" and who would not choose this route. But when your potential attackers are [everyone with an internet connection] this kind of exploit has huge potential. Imagine if the vulnerability were bundled with a popular mobile website or if someone else cracked how to mass-distribute it. Countries that are at war could use it against their enemy. Al-Abu-ISIS-HAMAS-Nidal-Haram-Boko could use it against anyone/everyone.
>Analogy: is it worth the time making a pick-proof lock for the front door when someone can just break a window?
Yes, because not everyone can throw a rock from their house to yours, be nearly everyone can be connected to the internet.
There's also inhibitions to talk about. It's one thing to go lay a spike strip down in the middle of the road and it's another to do something over the internet.
Analogy: is it worth the time making a pick-proof lock for the front door when someone can just break a window?
(I'm not saying we should let car manufacturers off the hook, just offering a perspective on the realism of the threat.)