Breaking News
News & Analysis

Automotive ECU Updates: Keeping the Hackers Out

1/23/2017 10:31 AM EST
More Related Links
View Comments: Newest First | Oldest First | Threaded View
User Rank
Re: Bad for the aftermarket
disenchanted   2/5/2017 7:30:12 PM
Couldn't agree more.

I've been working with computer based OBD II scan tools. But only investigating the actual ECM available mods for my vehicle. Due to medical issues I haven't persued re-chipping and/or flashing my vehicle's computer yet.

I have read headlines that caught me eye, about newer vehicle's onboard computers that are unnerving.

1. Vehicle owner doesn't own and/or control access to their own property:

There is too much consumers DON'T KNOW about their new cars, in regards to the computer controlled boxes the cars now contain.

a. First, according to state laws, access to these boxes is not the owner's.

(I think I read years ago that only 1 state ruled that the ecm in a vehicle owner's vehicle was the OWNER'S property. I thought it was Kansas, but I don't readily recall)

(also, in the case of an RV, if parked at the time, might be SAFE from ecm data-seizure if it met the status of a domicile. Protected against unlawful search and seizure, like a house would be)

The vehicle owners in the other 49 states apparently do NOT own nor control access to,  their car's computer assemblies.

So their vehicle's "black boxes" could be accessed without their permission nor consent!?

Most likely time this would happen is  after an accident.  

b. To find out just WHAT DATA is logged, that investigators can connect to, download and discover from your vehicle's ecm units,  just google terms like:

ecm forensics

vehicle forensics

obd forensics.

In any case, an ever growing amount of the vehicle owner's driving data and possibly personal ddata, since gps, cell phones and wifi are now onboard.

So theoretically your vehicle's black boxes could be used to testify against you in court perhaps? (Unless vehicles are also equipped with driver's angle/view cameras, the black box data is only PART of the story. The sensor's story). 

What about calibration? How accurate is the gps? +/- 10 feet? 20 feet?

In any accident, if it is off even just a few feet, that could implicate vehicles that shouldn't be implicated. 

2. vehicle buyers have no say:

How many vehicles are out there these days that offer the same options you had in your old vehicle? Perhaps you had just:  4-wheels, engine and 1 basic ecm box?  None.

Can you even order your vehicle w/o the stuff you do not want, like [examples] no wifi, no cellphone connection, no bluetooth, no multimedia, etc? Doubtful as these extras are now becoming more and more standard.

3. remote access:  It's been 10-15 years ago, but the technology existed, and car deaers install/used it, to remotely DISABLE a car.

I remember one TV expose that slammed the car dealer that DISABLED some single parent's vehicle "remotely", as they were driving their infant or small child to receive medical care.

4. Car makers won't disclose what is inside:

Label things "proprietery secrets" and you don't have to tell consumers, and apparently 3rd party scan tool makers, what's going on.

This helps:

a. bring profits back to dealerships that HAVE the diagnostic tools needed to fix your vehicles.

b. stiffles 3rd party testing tools for small father and son garages that can't afford 

new scan tools and/or annual access to software/firmware from the vehicle maker.

c. Stops the shade tree mechanic from doing anything but perhaps replace their own oil and filters.


5. wifi jacking - what about those sick folks that feel someone has wronged them, so they spoof an authorized connection into their target's wifi. Then text or email threats to [whoever]. Then because the wifi traced bck to a specific vehicle, police could obtain gps data of said veehicle and deploy SWAT?

What if the target has their whole family inside said vehicle, then are suddenly surrounded ? Or worse, harmed?

I have been in the IT world for over 25 years and taken digital forensics for computers. 

None of this is far fetched.

Vehicle's today are now becoming MOBILE DATACENTERS: internet accessable, cell phone accessable, gps enabled, "commuter enclosures" that can travel on streets and highways.

User Rank
Bad for the aftermarket
JimmyJimJames   2/1/2017 6:06:38 PM
As a car enthusiast who has aftermarket software used to reprogram their ECM for performance modification, this sounds like a chilling end to my freedom!

There was a legal battle over who owns the software a few years ago, where the manufacturers tried to use the DMCA to prevent users from modifying their software, but the end users won.  With these changes, we won't be able to modify our software.

Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed