When I started playing Shadowrun, I was confused about this as well. Why can I remote access someone’s cyberarm to begin with? The damn thing should have exactly one data connection: To the user’s nervous system. That’s it.

Now that I work in IT, I can tell you that it’s actually extremely realistic.

Most of these systems (yes, even “hardened milspec stuff”) are highly complex tech that only megacorps can design. They aren’t designed for security. They’re designed to sell fast and with the minimum necessary design/production investment.

That wireless access you’re highjacking? It’s probably a maintenance access / private data siphon with a known unpatched CVE. Or an underpaid, overworked designer/dev forgot to remove the wifi module from the prototype spec and fixing that is “somewhere down the roadmap”.

If you try to flash your 'ware with secure FOSS software, you have to overcome safeguards that are designed to prevent it and risk bricking your own arm / inviting an armed “patent protection” corpo squad to your door.

Truly secure custom-build 'ware does exist, made by a small community of independent tech nuts, but making it without a full factory/devteam requires a hideous amount of work and they’re just plain-out inferior than the highly-funded, mass produced corpo crap that doesn’t bother with ITsec.

Most professional runners just have a good decker of their own who will run interference for them (increase RAM cost) or try to trace the hack and disable the source before it completes.