Kickstarting a car-hacking tool that lets you take control of your own vehicle

Originally published at: http://boingboing.net/2017/02/27/pro-circumvention.html

…

This is not a good idea.

Cars are dangerous, and not just to their owners and drivers.

If you bought a car, how do you know it’s firmware hasn’t been fiddled with? How do you know they haven’t h4x0r3d the breaks for maximum drifting and minimum stopping?

How will auto-insurers be able to price your policy (which is based on the kind of car you drive) if the owner may have (possibly unintentionally) disabled the anti-lock brakes or the airbags? Will they start doing random firmware audits?

How will inspectors check your emissions when they know you may be able to turn the emissions control system on and off at will. I seem to remember some recent scandals with these kinds of firmware hacks which cost billions of dollars and maybe even (statistically at least) killed some people.

I like Cory a lot, I’ve bought his books and been to his signings, but I’m starting to think his ownership-centric view of these kinds of things is narrow-sighted.

The example in this kickstarter, making an electric car, sounds like a cute, fun project. However, it gets less cute and fun when you realize that an electric car which gets in an accident might have it’s batteries explode in an unnecessarily harmful way.

And in all actuality, I can’t think of any serious use for such a thing. It would be a fun project, but do you really want people driving their hobby-projects down the road at 70 mph past a school bus?

We have laws about what makes cars street-legal and I would highly support laws which make modifying your car’s firmware grounds for revoking its registration, or at minimum requiring special licensing.

Just imagine the dangers of reselling one of these. Computer engineers will tell you that designing safe, reliable firmware for real-time systems is a no-joke hard thing to do, are these hobbyists going to put their firmware through 10,000 hours of testing? How can consumers know their car’s firmware is stock and not riddled with spyware?

We should not normalize the modification of systems which have a broadly accepted convention of functionality and safety. It is dangerous to future users and nearby users.

We don’t want massive metal objects behaving like our fragmented computer ecosystem, with inconsistent diligence and shoddy implementations. It’s one thing for hacked up websites to leak user data, it’s another for hacked up cars to splatter brains on pavement.

Is this the thing where the car wakes up and drives you straight to prison?

That’s some high quality concern trolling there. In the '70’s, anyone with a few simple hand tools could work on their car. I’m not sure a shift back in that direction is really worthy of all that hand-wringing.

There are any number of “hacks” that can be done to a car in a Saturday afternoon spent in a Pep Boys parking lot.

Inspectors will have to up their game, I guess, just as they have had to do in light of other car-modding (i.e. chipping). Or they’ll decide that it’s not worth the trouble because very few people are actually doing it, which is probably the case.

This does not need to be personal. Just because Cory posts an article doesn’t mean that he’s responsible for the project. And his opinion of why it might be good is easily responded to by posting your own opinion why it’s bad.

An ownership-centric (aka right to hack) view is really about consumer rights vs corporate rights. Yes there are going to be consequences, but the principle is more important than any specific consequences. And boundaries can still be set by law, rather than being defined by an EULA.

This is just an OBDII port reader. Granted it’s much more customizable than most of the devices on the market, but it isn’t hacking your car in any meaningful sense of the word. It’s generally not circumventing DRM either.

Not only do they drive them down the street, sometimes they launch them into the air or fly them through the skies over major centers of population.

Are you just as concerned about the 1922 roadsters that people still drive even though every single safety feature in it is more dangerous than safe?

In the 70’s the gas pedal attached to the carb via a cable, not a drive by wire system that utilized a closed throttle plate with a separate computer control idle air control valve to manipulate idle based no multiple inputs…

I don’t see it as concern trolling once you realize that we have pushed cars to be simplistic in design and complex in electronics. Could we have built better handling cars by using better suspension systems, tire compounds, spring rates, ect…? Sure, but why do all that when you can use the ABS system to create vehicle stability control and then up charge people to magnetic damper system for a nicer ride. How does it handle if that’s disabled? How long is the longevity of your engine affected if you adjust the fuel/air mix leaner to get better gas mileage?

Unless manufactures are willing to offer factory OEM firmware free of charge I think it has the real ability to open a pandora’s box of problems.

It’s concern trolling because this device is a one way street. It just reads the diagnostic codes from a user accessible port.

We better start issuing licenses for computers too. Darn horribly complex beasts they are.

It might be great if instead of more devices like this (OBDII readers already exist), we force car manufacturers to publish their proprietary error codes so off-the-shelf software can diagnose issues.

Case in point: I have an OBDII reader for my VW. Recently the check engine light came on, and I was under the assumption that I’d be able to read the error code. Nope! Turns out my best bet was VCDS–which costs about $500 and only works because those guys have been reverse engineering the VW systems for 20 years.

The overall result was I bit the bullet and took it to the dealer. Turns out it was an exhaust issue under a recall warranty and it didn’t cost me a dime to fix. This time.

If it was something as dumb as “air filter needs to be changed”, it’d cost me $80 to read the error code at a dealer.

I’ve tinkered with motorbikes a bit, and although they were old models and seemed mechanically straightforward, there are pitfalls, and not knowing what you do can kill you. I think most people who do their own repairs can grasp that.

For instance, I caused an “innocent” (or, to put it another way, “idiotic”) electrical fault once, that caused arcing on my steel mesh enclosed silicone front wheel brake line… luckily I noticed what was going on when brake pressure was going away.

That said, what if you do not trust the companies you buy from? Did you trust Volkswagen on their emission sheets? Did you trust Toyota on their brake pedal things? People need to be enabled to at least check a machine in which they literally put their and their families lives. This is not a bad thing.

People have burned their houses down and got deadly shocks from doing home repair on their house electrical wiring. The solution to that is not to outlaw screwdrivers.

This topic was automatically closed after 5 days. New replies are no longer allowed.