Sceptical about some of the statements
There are 2 attacks:
1. The battery drain one may be achievable by just attempting to connect to the in-car wireless (depends how the system is configured). Getting the Infotainment to trip the Wake-on-CAN.
2. The DOS attack would require either a compromised ECU or Diagnostic port interface.
I think they are trying to state that the OTA update system has been compromised, but if you could reprogram ECU's all bets are off.
"The denial-of-body-control attack is more pernicious. The attacker wakes up the ECU to make it respond to injected messages and then switches the bit-rate. According to the researchers, this generates errors on the ECU's Controller Area Network (CAN bus) and forces it to shut down.
Some but not all ECU units will be bricked as a result, depending upon the bus-off recovery specification, making the car unable to be turned on with an inserted key fob and leaving the doors locked.
As a mitigation, the researchers suggest car makers implement an intrusion detection system that operates even when the vehicle is off, though they acknowledge this could tax the car battery.
They're skeptical that MAC or message encryption will do much to prevent ECUs from being woken up because the encrypted message would still include the same 010 bit-sequence used for ECU activation."
Bricked my arse, CAN has been around for 30+years, bus-off recovery is simple, worst case pull the battery.
Besides the Door lock systems typically operate over LIN.
MAC will do nothing against WOC or DOS attacks yes, because it's not intended to, it's for spoofing attacks, to inhibit takeover of remote control functions.