I was operating on the assumption that if someone had in fact "hacked" my ECM, it seems like it would be someone who could actually profit from it, rather than someone hacking for fun or whatever.
I'd like to see it done. I want to see how much effort it would take. I am not sure where the STS falls on the vulnerable scale. Look at my Roadmaster. It's got early GM LAN for practically nothing at all. You couldn't do anything with it. You can flash through the DLC but you know how long that takes. Not practical.You take over the radio (IPM) and have it do whatever you want. Better yet, take over the OnStar module remotely so you don't even need to be near the car.
Like that FCA thing. They did exactly what I'm talking about and took over multiple modules and disabled that Jeep remotely.
And then the FCA thing - I'm going to say, without any evidence, that that vehicle has a generation or two newer architecture that looks much more like modern computers and networks. I feel like that significantly increases the chances of starting with a massive off the shelf advantage in terms of tools, known entry points and stuff like that.
So where would my STS fall? If we focus on the attack vector in question, nav head firmware, you'd have to know some things about that to say how vulnerable it actually is. How big is the firmware? It's not like it is a general purpose computer with a lot of compute resources. Rather you are probably flashing a specific firmware on a specific controller. It is the firmware inside of a nav unit, and I don't think all of it is even flashable. I'd like to see if it would even be possible to flash a firmware in there, have it go successfully and otherwise not indicate that anything suspicious has happened, and then "take over" the IPM so that you could potentially control the high speed network. The car probably wasn't built for cyber resiliency (nor am I sure it needed to be), but how possible or easy is it? The car already has some level of detection/failsafe when modules don't communicate properly.
What is also possibly an important detail is that the nav firmware is updated via disk. Unlike ALL other modules in the car, I suspect the firmware itself is pretty isolated from the actual GM LAN. In fact I would be surprised if you could actually get from a hacked nav firmware to the low speed LAN at all and if not, that is a 100% firewall. Even if the firmware had a path to the IPM, it would have to actively launch an attack on it and "take it over" by means of modifying its executed code (via low speed network side). Is that even possible on my IPM? It is not a general purpose computer or network device with an IP address.
If we were talking about a module flashed via DLC with firmware from a questionable source, I guess that would be more interesting since those bits are by definition already touching the network. The nav firmware update has nothing to do with the network. In theory, you should probably be more concerned about plugging in a scan tool from China to the DLC (no I'm not concerned about my Tech 2 clone). I do not think it is at all equivalent to plugging an unknown USB device into a protected network.
Now we could talk about GPS spoofing firmware and stuff but for car applications, and since my car has no self driving or anything like that, also a non-starter in my opinion, at least as far as my actual care factor. Even if you compromised the IPM, I'm not sure it has the ability to actively simulate network traffic from another module. Best you could probably do is cause the equivalent of a high speed network storm and render the car undrivable. Also, the OnStar module has its own GPS receiver anyway, at least 99% sure. I do not think the OnStar module receives GPS and makes that available on the network. The STS is just too old for that kind of stuff (at least based on car network sophistication). My point there being that the nav system firmware and the OnStar module have nothing at all to do with each other, other than they use different GPS sources to accomplish different things.
My STS may be "fancy" but modern stuff is FAR more integrated and vulnerable imo. Like Bill's Camaro even. Someone should research Global A and see what that architecture looks like.