The CAESS said its report focused on a "moderately priced sedan."
"We iteratively refined an automotive threat model framework and implemented complete, end-to-end attacks along key points of this framework," the authors wrote. "For example, we can compromise the car’s radio and upload custom firmware via a doctored CD, we can compromise the technicians’ PassThru devices and thereby compromise any car subsequently connected to the PassThru device, and we can call our car’s cellular phone number to obtain full control over the car’s telematics unit over an arbitrary distance."
The group added a disclaimer that "many of the specific vulnerabilities identified in this paper have or will soon be addressed."
The full CAESS report can be read here.