Now it takes a dealership visit and a supply chain to get a firmware update. Good luck getting that to fly in the era of day-one patches and 1.0 betas.

Why the fk does a car need a firmware update regularly enough that going to a dealership is a problem? I honestly find myself wanting dumber everything these days.

Tesla pushing out car features OTA seems to be quite popular.

Until it's exploited, then we will be wondering how we could be so dumb.

Not necessarily. A physical write-enable switch can work, too. (Not a software switch!)

Spring-loaded.

See the SR-71 fuel aft transfer switch. Maintaining a forward CG keeps the bird in the air. Control is intentionally manual.

https://www.sr-71.org/blackbird/manual/1/1-62.php

So, if it is still connected to the Internet and its vulnerabilities haven't been patched, how long will it take for the malware to reinfect it?

So don't connect it to the internet. That's the only way you're going to be able to secure a car. (Well, and don't run Bluetooth, and and and...) Let the car be a car. You want to be connected via your car? Your car is now insecure.

So basically infiltrate the supply chain which doesn't seem like a big deal lately