Unfortunately it's pretty much industry standard that once you have physical access to the relevant CAN bus you can read (and write) everything. The normal protection which is mostly deployed is that the end-user only has access to the CAN bus on the ODB2 interface, which is behind a gateway and should not expose safety critical things. Some car manufacturers however might also only use a single CAN bus for everything, just to save the cost for the gateway.

I'm pretty sure we will see encryption in the future. But currently I'm only aware of efforts for authenticating CAN (and other signal based) communication. If anybody is interested, look for Autosar SecOC module. I'm not too deeply into it, but if it prevents tempering around with the system (like shown in the linked article) it's already a way forward.

"Unfortunately"? I get what you're saying, but encryption will just mean that hobbyists will be completely locked out of everything. It's not like the manufacturers will go through the trouble of making it possible for a car owner to decrypt the bus traffic in their own car.

You can always DoS a node by forcing it into the bus off state with an error flag whenever it transmits. Allows plenty of mayhem without needing to break any authentication.

> This seems like a critical hack. Is this normal of all (non-ford) cars as well?

There is naked access to CAN all over the vehicle, it only firewalls the OBDII port because it's function is primarily to observe the vehicle (error codes, states, etc) with small exceptions such as clearing codes.