It’s always been a concern; just not enough of one to explicitly forbid working on a vehicle without specific training/licensing. Hence vehicle inspections/roadworthy tests; someplaces more strictly than others.
It’s possible that concern was part of the justification for not requiring manufacturers to make it easier. Spitballing.
As I said, I’m on the fence about it myself. Thing is, a vehicle on public roads has a lot of opportunity to injure or kill someone if a repair was made incorrectly. It’s about more than just a person and the thing they own.
Don’t take my word for it. Tear into any one of the dozens of black boxes in your car and take it apart. Analyze the chips soldered on the boards. You might get lucky and find all standard chips with information available from suppliers.
Try looking at the data going across any one of the several buses transiting your vehicle. OBD is easy. The others are usually encrypted and much higher speed.
Cars are legitimately complex. Don’t just listen to the manufacturers and scoff. Look up some research into breaking the communication protocols that MB or BMW use. Compare that with GM’s newest standard. Go ahead and practice your reverse engineering skills, because these things aren’t published.
If nothing else, it increases the time to attack and own the system. Networked modules are more efficient and higher performing than old systems. This is the price of progress.
Just one example is the ECU. Old analog engines were crude and inflexible. Simple environmental changes would cause engines to run out of their efficient zones and dump more or less fuel than is appropriate for the conditions they’re experiencing. Modern engines take pressures and temperatures (from several locations) into account, along with throttle desired by the user and calculated load to change the engine parameters on the fly. This is why a modern Mustang can hit 30 mpg on the highway with 500hp and the 80’s model struggles with 20mpg and less power than a current Civic.
These ECUs can be the difference between safely driving and unsafe unintended acceleration into a truck in front of you. We haven’t seen any attacks which turn ordinary occupied vehicles into missiles… yet. I have absolutely no doubt that we will experience one in the next 10 years. Encryption and security may be the difference between this being a rare occurrence conducted by powerful nation state actors and something script kiddies can perform with a laptop and a weekend.
Sounds like the problem is lack of regulations, not people repairing their own stuff. We are letting companies create unmanageable products then blaming owners for trying to take ownership. Encryption is a solved problem, and doesn’t require a black box to be secure, in fact is more secure when it isn’t. And this isn’t the first time that Cara breaking on the road a risk. If someone put after market breaks on their car and they failed, people would die too, yet somehow we allowed that. Car manufacturers are being allowed to make anti-consumer decisions and are blaming us for them.
I’m not getting the feeling that you actually know what you’re talking about.
This isn’t a discussion about encryption, it’s about pairing modules. Encryption is absolutely necessary and is already used widely across the industry. It might not be transparent (open, published standards), but it’s there.
Illegitimate and low quality parts have always been a concern. You don’t seem like you are a car enthusiast, so go on any car forum or facebook group and ask about some fake wheels or eBay special turbos. You’ll get roasted and start a real stupid discussion on if knockoffs are great for the money or if you’ll die in a fiery wreck. These are simple physical objects which you can fake by casting a mould and pouring something vaguely metallic inside. Fake car electronics can be cheaply remade in a similar fashion. How do you know if a replacement ECU is actually taking in one of the hundreds of datapoints in order to calculate the exact fuel trim to safely use in the millisecond you’re polling? How do you know if your rebuilt or replacement transmission is equipped with the proper logic modules to not cause you to drop into first on the highway, causing you to destroy your engine and probably cause a serious accident?
How do you know the manufacturer-supplied module is doing the work it’s supposed to without being able to verify it yourself? Boeing aircraft are having similar problems; if an industry that regulated is having issues, what is going to stop vehicle manufacturers from doing the same?
Give us the diagnostic tools and the parts. Operating with zero trust and verifying everything before and after install is the only way to be sure.
The problem with the black box approach is not only does it mess with right to repair, competition, and home build jobs, but even people who make cars! I’ve literally been to talks in car manufacturing events where a speaker from a large car manufacturing give talks about how hard it is making life for them. Does that car manufacturer do anything different? Nope. Whole culture is infected with “my secrets” thinking which makes everyone’s life hard. Things are at a complexity now, everything should be built to be debugged.
Cars have been home repaired since cars existed. It has never been a notable safety concern. Somehow it suddenly is?
It’s always been a concern; just not enough of one to explicitly forbid working on a vehicle without specific training/licensing. Hence vehicle inspections/roadworthy tests; someplaces more strictly than others.
It’s possible that concern was part of the justification for not requiring manufacturers to make it easier. Spitballing.
As I said, I’m on the fence about it myself. Thing is, a vehicle on public roads has a lot of opportunity to injure or kill someone if a repair was made incorrectly. It’s about more than just a person and the thing they own.
Emissions is the biggest concern honestly
Cars emissions is going to be a thing of the past when ICE cars are gone. Can’t wait.
Yeah hopefully so.
Even cheap cars now have hundreds of processors. Modules can throw errors, send the car into limp, or deactivate the vehicle entirely.
Plus, emissions.
It’s a different game now.
I’m sure that is what the car manufacturers claim.
Don’t take my word for it. Tear into any one of the dozens of black boxes in your car and take it apart. Analyze the chips soldered on the boards. You might get lucky and find all standard chips with information available from suppliers.
Try looking at the data going across any one of the several buses transiting your vehicle. OBD is easy. The others are usually encrypted and much higher speed.
Cars are legitimately complex. Don’t just listen to the manufacturers and scoff. Look up some research into breaking the communication protocols that MB or BMW use. Compare that with GM’s newest standard. Go ahead and practice your reverse engineering skills, because these things aren’t published.
They’re made that way so you can’t repair them. They don’t need to be that complex and nothing on a car needs to be encrypted.
Idk person, encryption on cars has a valid place.
If nothing else, it increases the time to attack and own the system. Networked modules are more efficient and higher performing than old systems. This is the price of progress.
Just one example is the ECU. Old analog engines were crude and inflexible. Simple environmental changes would cause engines to run out of their efficient zones and dump more or less fuel than is appropriate for the conditions they’re experiencing. Modern engines take pressures and temperatures (from several locations) into account, along with throttle desired by the user and calculated load to change the engine parameters on the fly. This is why a modern Mustang can hit 30 mpg on the highway with 500hp and the 80’s model struggles with 20mpg and less power than a current Civic.
These ECUs can be the difference between safely driving and unsafe unintended acceleration into a truck in front of you. We haven’t seen any attacks which turn ordinary occupied vehicles into missiles… yet. I have absolutely no doubt that we will experience one in the next 10 years. Encryption and security may be the difference between this being a rare occurrence conducted by powerful nation state actors and something script kiddies can perform with a laptop and a weekend.
Sounds like the problem is lack of regulations, not people repairing their own stuff. We are letting companies create unmanageable products then blaming owners for trying to take ownership. Encryption is a solved problem, and doesn’t require a black box to be secure, in fact is more secure when it isn’t. And this isn’t the first time that Cara breaking on the road a risk. If someone put after market breaks on their car and they failed, people would die too, yet somehow we allowed that. Car manufacturers are being allowed to make anti-consumer decisions and are blaming us for them.
I’m not getting the feeling that you actually know what you’re talking about.
This isn’t a discussion about encryption, it’s about pairing modules. Encryption is absolutely necessary and is already used widely across the industry. It might not be transparent (open, published standards), but it’s there.
Illegitimate and low quality parts have always been a concern. You don’t seem like you are a car enthusiast, so go on any car forum or facebook group and ask about some fake wheels or eBay special turbos. You’ll get roasted and start a real stupid discussion on if knockoffs are great for the money or if you’ll die in a fiery wreck. These are simple physical objects which you can fake by casting a mould and pouring something vaguely metallic inside. Fake car electronics can be cheaply remade in a similar fashion. How do you know if a replacement ECU is actually taking in one of the hundreds of datapoints in order to calculate the exact fuel trim to safely use in the millisecond you’re polling? How do you know if your rebuilt or replacement transmission is equipped with the proper logic modules to not cause you to drop into first on the highway, causing you to destroy your engine and probably cause a serious accident?
How do you know the manufacturer-supplied module is doing the work it’s supposed to without being able to verify it yourself? Boeing aircraft are having similar problems; if an industry that regulated is having issues, what is going to stop vehicle manufacturers from doing the same?
Give us the diagnostic tools and the parts. Operating with zero trust and verifying everything before and after install is the only way to be sure.
Encryption is a must if your car has anything-by-wire on it.
Acceleration is already commonly used this way.
If the car has internet, even more so.
I know, cars don’t need internet, but it’s there and it’s convenient and it’s easier to collect data that way…
The problem with the black box approach is not only does it mess with right to repair, competition, and home build jobs, but even people who make cars! I’ve literally been to talks in car manufacturing events where a speaker from a large car manufacturing give talks about how hard it is making life for them. Does that car manufacturer do anything different? Nope. Whole culture is infected with “my secrets” thinking which makes everyone’s life hard. Things are at a complexity now, everything should be built to be debugged.
One thing I’ve notice is you can’t modify the software “because of safety”, but breaks, fuel pipes, ignition systems, that all fine to modify!