You can indeed "hack" your car. In fact, ECU flashing is one of the most common upgrades for people who want more power out of their cars because it requires no physical parts.

It's generally done commercially [1][2] though there are attempts at user-configurable software [3]. Now I'm no expert on ECU flashing so these links are just examples.

[1] http://changegears.wordpress.com/2011/05/17/apr-stage-1-ecu-... [2] http://www.velocityfactor.net/scripts/prodview.asp?idproduct... [3] http://www.tactrix.com/index.php?option=com_content&view...

That doesn't mean that the security issue doesn't exist. Via wikipedia:

"Researchers at the University of Washington and University of California examined the security around OBD, and found that they were able to gain control over many vehicle components via the interface. Furthermore, they were able to upload new firmware into the engine control units. Their conclusion is that vehicle embedded systems are not designed with security in mind."

Hence the use of "majority".

Thank you for finding that link, I was trying to find this[1] presentation for my comment, but couldn't.

[1] - http://users.cis.fiu.edu/~carbunar/teaching/cis5374/slides/a...

This. It's read-only, as far as I'm aware.