The malicious actions are just at the potential stage at the moment. Someone has the capability to mess with our buses by means of a remote software update.

Just like someone has the capability to do with virtually everything we have running software.