" If two engineers can put their heads together and make changes that get implemented on production motors..."
Prepared to be shocked... I would not be surprised at all.
I've been developing embedded systems for over 30 years, much of that as a consultant, so I've seen what goes on in scores of embedded systems projects.
I've seen a few (let's just say more than one) project where one engineer holds sway over critical bodies of code that could kill people, be that in moving machinery, vehicle control or power systems.
It is comforting for the Great Unwashed believe the embedded systems that go into safety critical devices are thoroughly audited and double or quadruple checked. Not so. At the end of the day it just boils down to one or two engineers touching the code that goes into these safety critical systems.
Of course a whole lot of paperwork gets generated to provide certification, but that's done the same way as your tax bloke prepares your accounts to give to the tax department.
It's pretty easy to see what could have happened here without needing a from-the-top conspiracy. Here's a perfectly plausible scenario:
The team working on ECU firmware get some feedback from the QA folk that the latest version of software they're testing has slightly worse emissions than the last version. Last time it was just passing, this time it is just failing.
One of the engineers is assigned to look at this.... Now the emissions test in the QA process has been an ongoing thorn in the teams side forever, so our clever-clogs engineer decides to deal to the problem forever and puts in a few lines of if... then ... to detect an emissions, test sneakily tweak the engine and get the monkey off their back.
The "fix" works. QA never complains again and eventually the software goes live.