I don't think you understand. Anyone in the world can do this. Right now. Any time.

Anyone could shoot up a public place... should amateur researches be showing up in malls with firearms to test preparedness?

This case is even worse the the one I mentioned as there is a really easy way to safely demonstrate this exploit.

If it were not demonstrated under real conditions, the car companies would just say "this was a fake test not representative of real-world conditions, isn't that true Mr. Journalist?" and the journalist would have to admit that that was true and then they would say "Under real-world conditions our cars are safe; customers have nothing to worry about."

This has been their playbook about everything for a long time so I don't know why you think it would be different in this case.

I don't mind that it was demonstrated under real world conditions; I mind that no safety precautions were taken, like, you know:

- Contact the police and let them know this experiment will be conducted; and ask for police support

- Conduct this experiment on a closed road

There is no way a "not real-world conditions" argument could be made if this same test was done on a test track. No automaker would even try it because it would generate even more bad press. The "researchers" did the test on a public, in-use highway for better press/cool factor. Completely irresponsible.

Look at what Toyota did with the whole unintentional acceleration thing. About as irresponsible as you can get.

Perfect point! The fact that you think that was the outcome of the investigation is due to the huge amount of money Toyota spent denying the problem.

Yeah, no. Check this out: http://www.edn.com/design/automotive/4423428/Toyota-s-killer...

Interesting! How does Toyota's code compare to other car manufacturers?

In response, the journalist would say "This was absolutely a real test; there was nothing fake about it. The conditions were as real-world as you can get: the vehicle was being operated at highway speeds with an average driver behind the wheel, the car's systems were connected to the internet in the exact same way as every other car of that model is, and the attackers were operating their exploit from a remote location as would be the case with every other vulnerable vehicle on the road. That the test was performed on a closed track is obviously for safety reasons as we did not want to endanger the public by causing the vehicle to fail in the middle of a busy highway."

For bonus points, throw in something like: "It's no different than your vehicle's advertisements displaying 'performed on a closed track' -- surely you're not arguing that the vehicle's performance in those advertisements is completely fake and you're deceiving consumers with said non-real-world advertising, are you?"

They could certainly have done a much better job of demoing this safely.

On the other hand, I'd rather that they be doing this work with the way they did it than not at all...

"On the other hand, I'd rather that they be doing this work with the way they did it than not at all..."

That's such a stupid tradeoff. Putting it as an either/or is silly. Doing this safely and demonstrating the alarming conclusion are not mutually exclusive.

I'd go as far as to say that the way they demonstrated this actually diminishes the message of the danger of this exploit and put's the focus on their stupidity.