I think a lot of it applies to Tesla. This was from a security thesis paper about how to hack Tesla M3 specifically and ID various attack vectors.
Virtually all chassis, body, motor and charging communication is via a can connection. Ethernet is used for Autopilot ( makes sense given the amount of data) along with external connections ( think over the air updates and such things) and cameras.
Interesting quote in the document "Car uses 3 main separated CAN networks connected via security gateway. These networks are used for parts that control driving and safety of the car."
2nd most interesting quote "CAN network does not encrypt communication by design 3.1.4. Connecting to this network means that attacker can see all traffic. He can also send messages to the network if he wants"
3rd interesting point - "Traffic on BroadR-Reach network is without any protection. Communication on this network is exposed similarly as traffic on older CAN bus network. Despite better technology no encryption is used on local network. To exploit this vulnerability dissembling of the dashboard and dedicated hardware is needed but its potential is still huge."
No encryption on the ethernet was found.. however, you do need to pretty much take the car apart to get to it.. I bet someone did a risk based assessment and decide that if someone was taking the car apart to access the ethernet, there were much bigger issues at play.
My point to all of this is the can protocol is insecure and not easily fixed. It was never designed to be a secure protocol and it was never designed or intended to be used the way it is being used today. Like a good many things. The plus side is we get cool things like Ghost adapters and Bonus adapters ( I use that myself)
I will also admit this paper is somewhat dated.. ie.. 2017. But, I have yet to find anything that says much has changed.
View attachment 846067