It’s already a pain just to access diagnostic tools on modern cars, my current car needs a CAN Bus module that basically modifies the behavior of the module it replaced and allows you to access the bus unencrypted over the OBDII port.
Though admittedly there’s a decent argument that the manufacturer implemented this for real security concerns. Its real purpose as far as I can tell is to interpret signals from the infotainment system so it cannot send things it shouldn’t to the rest of the car. I’m not too concerned that my individual car is open to this, but if every car was there might be a worthwhile attack to disable them all etc. They could have easily made it disable itself when diagnostic hardware was detected IE a physical lockout that requires a specific resistance on a pin.
Considering modern cars have throttle by wire, brake by wire, electric power steering with assists all hooked up over CAN bus to an infotainment system that may have its own 5G modem it’s not too paranoid to consider that an attack vector that could compromise the safety of a vehicle, even if it’s slim. Which is unfortunate because I really want to just say make it all open so I can fix stuff and mess around with my car that I own.
Yeah, there’s definitely a solid safety argument for keeping modern car computers secure, but… I dunno, my feeling is that as the overall car population shifts towards the newer models, the more opportunities and motivations there will be for people to get around software limitations. That pressure isn’t quite there yet, I don’t think, because there’s still an awful lot of older vehicles on the road. Or around here there is, anyway, and there’s not much in the way of computerised elements on a 10+ year old car. But in 10 years time, when the majority of cars on the road are the models being released today, there is going to be a much larger desire to get around feature blocks.
I know a fair number of people who work with mobile phones, and those went through the same cycle. When the very first smartphones were released, it was hard to do quite a lot of things with them that we now take for granted. As smartphones became more popular and everybody had one, there were both more reasons to break through security blocks and more people trying to do it. There’s now a wide variety of tools available for modifying phones, which can break through manufacturer-installed blocks in minutes, which used to take hours to do without tools (if it was even possible at all). These days, when a new model is released, somebody has found a way to break through blocks within a few hours, and posted it online within 24.
Now, the majority of people won’t modify their cars, just like the vast majority buy a phone and never modify it. But enough people will want to - or need to in specific use cases - that will create a market for engineers and mechanics to figure out a way of doing it. It’s just human nature. So there’s going to be this push and pull between manufacturers saying “the car’s software needs to be locked down so malicious actors can’t mess with the brakes” and individuals saying “I don’t want to mess with the brakes, but I want to unlock the heated seats”. Bypasses for features that have been locked behind a paywall are going to be the most popular.
It’s already a pain just to access diagnostic tools on modern cars, my current car needs a CAN Bus module that basically modifies the behavior of the module it replaced and allows you to access the bus unencrypted over the OBDII port.
Though admittedly there’s a decent argument that the manufacturer implemented this for real security concerns. Its real purpose as far as I can tell is to interpret signals from the infotainment system so it cannot send things it shouldn’t to the rest of the car. I’m not too concerned that my individual car is open to this, but if every car was there might be a worthwhile attack to disable them all etc. They could have easily made it disable itself when diagnostic hardware was detected IE a physical lockout that requires a specific resistance on a pin.
Considering modern cars have throttle by wire, brake by wire, electric power steering with assists all hooked up over CAN bus to an infotainment system that may have its own 5G modem it’s not too paranoid to consider that an attack vector that could compromise the safety of a vehicle, even if it’s slim. Which is unfortunate because I really want to just say make it all open so I can fix stuff and mess around with my car that I own.
Yeah, there’s definitely a solid safety argument for keeping modern car computers secure, but… I dunno, my feeling is that as the overall car population shifts towards the newer models, the more opportunities and motivations there will be for people to get around software limitations. That pressure isn’t quite there yet, I don’t think, because there’s still an awful lot of older vehicles on the road. Or around here there is, anyway, and there’s not much in the way of computerised elements on a 10+ year old car. But in 10 years time, when the majority of cars on the road are the models being released today, there is going to be a much larger desire to get around feature blocks.
I know a fair number of people who work with mobile phones, and those went through the same cycle. When the very first smartphones were released, it was hard to do quite a lot of things with them that we now take for granted. As smartphones became more popular and everybody had one, there were both more reasons to break through security blocks and more people trying to do it. There’s now a wide variety of tools available for modifying phones, which can break through manufacturer-installed blocks in minutes, which used to take hours to do without tools (if it was even possible at all). These days, when a new model is released, somebody has found a way to break through blocks within a few hours, and posted it online within 24.
Now, the majority of people won’t modify their cars, just like the vast majority buy a phone and never modify it. But enough people will want to - or need to in specific use cases - that will create a market for engineers and mechanics to figure out a way of doing it. It’s just human nature. So there’s going to be this push and pull between manufacturers saying “the car’s software needs to be locked down so malicious actors can’t mess with the brakes” and individuals saying “I don’t want to mess with the brakes, but I want to unlock the heated seats”. Bypasses for features that have been locked behind a paywall are going to be the most popular.