By on May 7, 2014

nomoarpower

According to someone that I consider to be an impeccably reliable source, you can say goodbye to being able to fiddle with your car’s electronic control devices to make it go faster because chip tuning and the open CAN bus that allows it are going away.

When I saw that the University of Michigan’s Mobility Transformation Center (part of the university’s Transportation Research Institute) was going to have a groundbreaking for the new Michigan Mobility Transportation Facility, a 32 acre, simulated urban traffic environment where automotive connectivity and autonomous vehicles will be able to be tested by students, faculty and industrial engineers, I wasn’t sure if I wanted to attend. It was only a ceremonial groundbreaking, held about a 1/4 mile from the actual site of the MMTF, and there was likely just going to be some speeches from officials at the university and from Michigan’s Department of Transportation, which is paying half the cost of the $6.5 million facility. It didn’t seem that there’d be much real news at the event that couldn’t be gleaned from a press release (like the fact that several companies are joining the UMMTC as industry partners, including Bosch, Verizon, Ford, General Motors, Toyota and Xerox). Still, it was really the first nice day all spring, after a long, brutal winter, and I like Ann Arbor, having lived there for almost a decade years ago. Also, there are a number of fun-to-drive routes between my house and UofM’s north campus. While the event turned out to have as little “news” as predicted, I did find out something that will be of interest and concern to car enthusiasts, particularly those of us who like to tune their cars for more performance.

The University of Michigan’s college of engineering has had a close relationship with the auto industry that dates back about a century. The domestic auto companies and their executives have endowed engineering faculty positions as well as funded quite a bit of research at the University. Michigan’s engineering school is a major reason why Toyota, Hyundai/Kia and Mitsubishi all have their North American R&D centers in the Ann Arbor area. That’s why in addition to the various university and government employees at the ceremony, lunch and afternoon conference on the new facility that followed, there were also a number of engineers from a variety of automobile companies, vendors and firms whose business touches on vehicle connectivity.

mtf_illust_with_callouts

The vendor presence explains why an old friend of mine was there. Way back in the 1980s, before the “World Wide Web”, when the “internet” meant just email and Usenet newsgroups, I was a staff member for a religious educational organization with a handful of offices around North America. It seemed like a good idea to set up a computer bulletin board system so that we could share information and communications internally as well as making our resources available to the nascent online community. I was a computer neophyte then but a friend referred me to a mutual acquaintance that I’ll call Ruby, who was a computer security professional and sat on some of the committees that established standards for the young internet. Ruby not only mentored me about early DOS based machines and software, he donated an IBM 5150 (later known as the IBM PC) with a 10 megabyte hard drive to the non-profit that I was working with, to host the BBS. Before I met him, Ruby had worked as a systems analyst and programmer for one of the major automobile companies at a time when the automobile industry was beginning to embrace the digital age in a big way. He was involved in some of the early working groups that digitally connected the auto industry. Besides the fact that he knows more about computers than anyone else that I know personally, he’s also one of the smartest people in general that I know. He’s the only person that I know who can program a computer, true a bicycle wheel and build a harpsichord.

Since then, Ruby’s worked for a variety of computer security firms, which is why he was at the event today in Ann Arbor. A few years back, a major network and data provider bought his employer and they’re now actively involved in the whole connected car thing. I spotted him at the lunch following the ceremony and when I said hello we started talking about autonomous cars. I was speaking from the perspective of a car enthusiast and I said that autonomous cars didn’t worry me. They’d probably reduce accidents from poor drivers and that all the moaning and wailing from car guys about the death of enthusiasm due to autonomous cars is a bit premature. After all, I told Ruby, when electronic ignition, electronic fuel injection and digital engine control devices came in, enthusiasts were worried that they wouldn’t be able to tinker with cars for performance, but since then we’ve seen car guys go from changing carburetor jets to “chip tuning”, making changes to the way the car’s ECU operates the engine.

auto_networks

That’s when Ruby said, almost matter of factly, “Yeah, but all that’s going away. The open bus will be gone in two model cycles.” Automakers currently use something called the CAN bus. Years ago computer designers decided to use the word bus (from the Latin omnibus, “for all”) to describe something that lets one part of a computer to talk to another part of the computer. The Controller Area Network is a bus standard used by automakers to allow electronic devices in a car or truck to communicate with each other. Because it is an “open” bus that allows data to flow in both directions, the CAN bus is also what lets you plug your tuning gizmo into the OBD port and change the engine mapping.

1274462204_chip-tuning

I pressed him and said that hackers would likely still be able to access control systems, and he replied, with dead seriousness, “The systems will be hardened. The only features that you’ll be able to modify are those that the automakers and regulators will let you modify.” While you might be tempted to dismiss that as conspiracy talk, the source is indeed one of the world’s experts on computer and electronic communications security. When I asked him for a reason, he said that he couldn’t get into details then and there, that we should speak later, but in brief it has to do with safety, liability and regulatory compliance. Liability seemed to be the biggest concern. With their deep pockets, any safety issue caused even by a third party application will end with litigation targeting the automakers. He noted that even Ford’s OpenXC open source interface, which encourages third party application development, only gives passive access to vehicle data and can’t control vehicle systems.

image001

In TTAC’s recent discussion of the “line lock” feature that Ford will be offering on the 2015 Mustang, our readers touched on the topic of “Easter eggs” and hacks that let you, via the car’s infotainment system, alter some of the control systems. From what my computer security expert tells me, built in features like line lock may proliferate but while automakers may offer some trick software features with one hand, the other hand is tightening its grip over what third parties and users will be able to do. Since some of the restrictions seem to be related to the implementation of vehicle connectivity, I guess this is another reason why car enthusiasts won’t like autonomous cars.

Ronnie Schreiber edits Cars In Depth, a realistic perspective on cars & car culture and the original 3D car site. If you found this post worthwhile, you can get a parallax view at Cars In Depth. If the 3D thing freaks you out, don’t worry, all the photo and video players in use at the site have mono options. Thanks for reading – RJS

Get the latest TTAC e-Newsletter!

83 Comments on “Exclusive: Say Goodbye to Chip Tuning – Open CAN Bus Going Away in Two Model Cycles...”


  • avatar
    VoGo

    Thanks for the intel, Ronnie. It seems unfortunate that while the most successful business models go to great lengths to enable and encourage open development by third parties, automakers are going in the opposite direction.

    I understand the need to protect safety. No one wants Norm to accidentally go on a rampage because his Trifecta tuned Buick went wide open throttle as he approached a pedestrian walkway.

    But when it comes to infotainment options, and tuning preferences, it -seems that Detroit’s usual Not-Invented-Here mentality is reimposing itself.

    The human soul aches to be creative outside the structures of corporate malaise, especially when it comes to cars. Hopefully, an automaker will see this as an opportunity to go in the opposite direction, and court an auto-creative customer base.

    Mazda maybe?

    • 0 avatar
      stuki

      It has nothing to do with safety. Al it is, is a desperate attempt by the automakers to try to keep a dollar or two out of the hands of lawyers. Litigation risk is driving this, not concern for safety.

      We need open source standards for electronic control and sensor systems. That way, those who wishes can do their own thing, while those who don’t can buy a prepackaged, locked down version. Where even the latter will be able to benefit from the millions of iterations attempted and tested by users of the open systems.

      Locking things down, is NEVER, even theoretically, in the interest of end users. The more opportunity for experimentation, the better the end result will be.

    • 0 avatar

      Two short items:
      any lockdown greatly favors OE, and not independent shops. I heard from my indy mech (great guy) that he pays 10K per year for software to read computers…he can, and for a home guy, non starter….

      Locking down the car’s OS is the first step to integration with a government module…..

      • 0 avatar
        Scoutdude

        If he is spending 10K per year that includes a service information and likely shop management system too. Or he is needlessly purchasing a bunch of OE stand alone equipment.

  • avatar
    Short Bus

    It’ll get hacked, like all the other “unhackable” electronic systems.

    The absolute worst thing a security professional can do is proclaim that something is unbreakable. “Challenge accepted”… as the meme goes.

    • 0 avatar
      wumpus

      Much of the difference between “mostly unhackable” and “really hard to hack” depends on how much data you send to the device. With Blueray, each disc had to have how it was encoded, and that took a few years. PS3s had the same issue, and were broken shortly after sending out such a challenge (removing Linux enraged mostly the types capable of such a stunt).

      If updates are limited to dealers and the updating hardware is sufficiently expensive to prevent anyone from monkeying with it, it would almost take a leak from the top (the private keys used to secure the whole thing) to break the system.

      A more likely way to hack the thing is to rip the entire ECU out and replace it with a drop in “GigaSquirt” module (depends on how many ECU modules will be out there). I’m pretty sure an industry wide bus isn’t going to be all that secure.

      • 0 avatar
        Short Bus

        Sure, but all we’re talking about is levels of difficulty here. The big resource aftermarket guys who have a lot to lose, like Cobb, or APR, are going to find a way. If that means manufacturing “*Squirt” style ECUs to plug in, disassembling and modifying the guts of a factory ECU, or reverse engineering proprietary protocols to search for vulnerabilities, it’s going to happen.

        As far as inputs are concerned, it seems reasonable to expect that as ECUs become more sophisticated and integrated with every function of the automobile, the more susceptible they will be to this kind of hijacking. Sure, auto manufacturers will patch them, much like Microsoft patches Windows, but all it takes is a tuner with the hardware to load whatever software version they want to exploit whatever vulnerability might exist and the house of cards comes tumbling down.

        It might not happen overnight, it might take a few years, but it will happen. There is no such thing as a useful, unhackable electronic system.

  • avatar
    mike1dog

    I thought the CAN bus was part of the OBD II regulations and couldn’t just be “dropped” when they didn’t want it. In fact Wikepedia has this sentence in their CAN bus article: “CAN bus is one of five protocols used in the on-board diagnostics (OBD)-II vehicle diagnostics standard. The OBD-II standard has been mandatory for all cars and light trucks sold in the United States since 1996.”

    Am I missing something?

    • 0 avatar
      Short Bus

      That’s what I thought initially as well. What are we missing here?

      • 0 avatar
        rentonben

        Thinking out loud: They could still give you read-only access via ODB II and disable the ability to ‘write’ any data over the protocol. They could even use a different bus and then simulate a CAN buss just to meet regulations.

    • 0 avatar
      DevilsRotary86

      I can’t say for sure, but I would bet that this has to do with the eternally upcoming OBD-III.

    • 0 avatar
      danio3834

      CAN isn’t mandatory for OBD II, several other protocols have been/are used. It’s just the one that has proliferated the most due to its scalability and reliability. It’s possible for other protocols to supplant it should future products require it.

      • 0 avatar
        Scoutdude

        CAN is mandatory for 2008 and newer vehicles sold in the US. The initial implementation of OBD-II did allow a number of communication protocols but since 2008 they must use CAN though they can still have their own protocol in addition to CAN.

        • 0 avatar
          danio3834

          Yes, thanks for the correction. It is now required for core communication, but automakers can still use things like LIN and others for peripherals.

    • 0 avatar
      Landcrusher

      Regs like this are more or less controlled by lobbyists. This is one of those areas where that’s not an evil thing. They simply get the reg changed if they have to.

    • 0 avatar
      Scoutdude

      Yes CAN is required by law now. The original OBD II implementations allowed the automakers to use their own protocol but EOBD requires them to use CAN for the powertrain control systems. You could adjust parameters with the pre CAN systems too.

      The fact is being able to re-program the vehicle’s computer is not going to go away the automakers need that so they can upload new calibrations themselves.

      • 0 avatar
        Sigivald

        Yes, but if the ECU will only accept parameters that are encrypted with a private key (that only the manufacturer has), it might as well be impossible for you to reprogram the ECU.

  • avatar
    28-Cars-Later

    Holy crap what is Norm going to do about his Trifecta tune?

  • avatar
    schmitt trigger

    Just like computers, where newer operating systems remove you farther and farther away from the actual core settings.
    edit:
    ..and also anonymously collect information from the user….shudder

  • avatar
    tedward

    I thought that the automakers were already taking steps to make core changes more difficult. On many modern cars the ecu needs to come out to make software changes already, with writing from the obd2 already prohibited. If this is more of the same it perhaps hints at a ratcheting up of encryption standards. as it sits now that just means a slight delay before software upgrades become available, not their demise.

    • 0 avatar
      danio3834

      “On many modern cars the ecu needs to come out to make software changes already, with writing from the obd2 already prohibited.”

      What? All major automakers have the capability update module software from the OBD interface.

      • 0 avatar
        tedward

        True, I should have been more clear that I meant permanent changes to fuel maps and boost pressure already require ECU out on some cars. Once the car has been flashed once with the ECU out subsequent changes are a quick plug and flash away. Sometimes hardware changes are required to enable rewriting (a little soldering is all.)

        All other software changes are still possible through the OBD2, I didn’t mean to imply otherwise

  • avatar
    eamiller

    As an “industry insider” I can say that the executive summary of this article is correct, however the details are lacking in accuracy. Currently there are a few automakers (mainly GM) who are working on “Cyberseurity” standards for ECUs going forwards.

    The CAN bus isn’t going anywhere. However, the ability to “hack” an ECU to allow programming will become significantly more difficult going forward (note, I didn’t say impossible). The standards basically require the removal or obfuscation of signals on the ECU circuit board as well as encryption of both the program code and any interprocessor communications. The CAN bus, however, is external so the communications will be in the clear. Any reprogramming, however, will require knowledge of private encryption keys stored in the module. In addition, there is a store of keys so the manufacturer can change the active key if it is hacked, providing for an endless game of cat-and-mouse.

    I will say that so far, GM is the only one pushing this in the near-term. I believe other OEMs are playing wait-and-see.

    Chip tuning isn’t going away, it’s just becoming significantly more difficult. The vast majority of the standards are focused on “security through obscurity”, which is a fool’s method. There are limitations to how secure a system can be while still allowing all the hooks necessary for manufacturing and test that are required in the automotive space.

    • 0 avatar
      Vulpine

      “The vast majority of the standards are focused on “security through obscurity”, which is a fool’s method.”
      … A ‘fool’s method’ that works. Almost across the board, it’s the lesser-known system that gets attacked the least. Add to this a security protocol that in itself is lesser known and you’re almost scot-free. Sure, it CAN be attacked, but only those who are even aware of the system or consider it a viable target will even bother to attack it.

    • 0 avatar
      Scoutdude

      Yup the automakers need the ability to load new calibrations more so it is not going to go away, however the likelihood of them making it more difficult to change the calibration is high either on their own accord or under mandates from the EPA. However there is no way that bi-directional controls will go away because they are essential to be able to repair modern cars. In too many cases if you can’t activate a function or circuit via the Bus you just can’t properly test it.

    • 0 avatar

      Thanks for your clarification.

    • 0 avatar

      Well put. Where there’s a will, there’s a way.

      Disinterested consumers and technologists, eager to relinquish the last remnants of personal responsibility behind the wheel (or relieve others thereof) far outnumber the enthusiasts of the world. They are the ones actively engaged in the industry. They are the ones buying new cars. They vote with their wallets – and the enthusiasts don’t vote.

      I like to think the higher end, performance-oriented marques will offer factory tuning to customers. The Big 3 might consider this a potential value add for special, high end models, for example. The everyman, I suspect, will be left high and dry, barring back alley abortion-style “tunes” and immediately voided warranties, if not revocation of license or registration.

      Once the machines can drive themselves, I suspect we’ll start seeing all sorts of clever ways to force the old Barchettas out beyond the wire where our wild-haired uncles wait.

  • avatar
    Land Ark

    If this is indeed what ends up happening, I doubt it would take long for manufacturers to set up their own tuning options (ala Volvo’s Polestar). The car makers are missing out on all that 3rd party revenue.

  • avatar
    JuniperBug

    If we’re truly going the way of autonomous cars – and I believe we eventually are – I see the need for making cars less hackable. If you’ve got a whole network of vehicles speaking to each other, just one rogue vehicle that’s either not communicating, or not using the same algorithms everyone else is, I can see the potential for big problems.

    On the other hand, there will always be a way to get around these systems. Just as there are products like Megasquirt that let you completely bypass and/or replace the stock engine computer, if there’s a demand, third-parties can – and probably will – produce similar products which will allow the user to program their vehicles to do whatever they want them to. Stick a “not legal for road use” sticker on it, and it may even be legal to do so.

    On the other hand, maybe I’m reading too much into this, and automakers are just concerned that with the flourishing of turbo motors, there will be too many customers reflashing for more boost and blowing up non-performance engines which can’t handle the added torque output.

    • 0 avatar
      robc123

      The funny thing is its going back to the model T where the only color is black.
      How does a ford differ from a Toyota?

      IF cars really want to get geeky and efficient is if they open the systems to communicate with smart roads to control the ebb and flow of traffic and you need open protocols to communicate with those central city systems-

      • 0 avatar
        Sigivald

        Sure, but leaving that “open” won’t affect any other system’s openness.

        (And leaving that entirely “open” sounds nightmarish – “hey, trust this random signal that claims it’s from the road system”.

        The last thing I want – beyond such a thing at all – is for it to be really “open”.

        I want that stuff locked down and requiring an encrypted and third-party verified handshake to even CONSIDER affecting my car.)

  • avatar
    Ryoku75

    I don’t mind this, it just means less hackers bragging about how they got an extra 50hp from their mothers Jetta.

    Cars are fast enough as it is, if anything we should be able to tune steering ratio, response, and gasbrake response to fit our preferences, but leave power out of this, and please don’t bother with hidden line-lock nonsense. I don’t need Mustangs showing off at intersections on a bad day.

    • 0 avatar
      tedward

      Why leave power out of it? It’s not in our interests as car consumers to have our options limited by the manufacturer. In the case of that jetta tune you reference it may really boil down to optimizing the fuel map for a higher octane gasoline. Why would I agree that not having that option is a good thing?

      Steering rack assist changes are the one bright side of electric racks for what it’s worth. On the other hand Id worry that without the economic upside of sellable engine tunes companies won’t have a business case to explore less dramatic modifications (gearbox, steering racks etc…)

      • 0 avatar
        Ryoku75

        Its partially to turn the car for certain fuel grades, and my example being VW they seriously dont want you to know that in that Jetta lies an engine you’ll find in Audis with a little more hp.

        But the thing is that we have enough hp in the average car, we’re already limited by warranties and such as it is.

        • 0 avatar
          zbnutcase

          I agree! The 80hp my ’78 Chevy LUV had is even too much power for most drivers today. I see these morons every day, spending far more time behind the wheel doing everything BUT driving…it’s scary

  • avatar
    danio3834

    If there is a demand for independently reconfiguring the controllers of future vehicles, there will be an aftermarket that will supply the tools to do it. Simple as that.

    We’ve heard the claims over and over in the past that certain ECUs are “uncrackable” and within 12 months an aftermarket handheld tuner is on the market. As another commenter already mentioned, it’s a perpetual game of cat and mouse. As long as there is a demand for it, the aftermarket will continue to crack ECUs.

    What you will see more of that will deter some would-be tuners will be increased monitoring of critical indicators in ECUs by automakers to verify if the programming has been messed with prior to paying any warranty claims. Some customers will care and some won’t, as with the case of the 547 mile Raptor customer with a Procharger installed and a hole in the block.

    • 0 avatar
      Power6

      Its not that simple, they can stop this if they want, check out the Chrysler rolling code encrypted PCMs since 2011 not hacked yet and not likely unless the keys are leaked officially or otherwise.

      The Hemi lovers are clamoring with demand but no dice.

      • 0 avatar
        danio3834

        Chrysler GPEC II controllers most certainly have been cracked. Diablosport did and was notably the first to offer a handheld tuner back in 2012. It’s taking longer for the aftermarket to get through all the encryption in modern controllers, but as long as there is demand from owners, they’ll keep doing it.

  • avatar
    MrIcky

    This has been in the works for quite a while. I think recent news articles about cars being ‘hacked’ externally have been pushing the time table. Although that’s not the same as engine tuning, the response to an open system creating possible security issues is to close the system as much as possible. It’s true that someone always comes up with a workaround, but the ‘invasions’ will likely be tracked better.

    Warranty claim reduction is just an added benefit.

    I’m not in the auto industry, but I am in insurance and really the only thing shocking about this is that it’s taken this long.

  • avatar
    p___mill

    Earlier this year our SAE section hosted a presentation on “hacking” a cars CAN network. The slides can be found here:

    http://tucrrc.utulsa.edu/Publications.html

    In their crash testing research and reconstruction they have needed access to CAN data not provided by manufacturers, and they even detail some of the decoding processes in their website. In the presentation they give a couple examples of CAN network hacking taken to the extreme, where a car can be put into “hell mode” with full throttle, no brakes, doors and windows locked and the heater on. They even showed a video of electric power steering jerking the wheel, done by tricking the car into thinking it was sitting still and activating park assist.

    The vulnerabilities were interesting, for example because infotainment is connected into the whole network a CD could be used to unlock access to a hacker. They also mentioned the general lack of or poor security, with examples of passwords being shown un-encrypted in the boot up code. Of course names were redacted to protect the innocent.

    As far as performance tuning goes, as long as people drive cars, they will modify them to make them faster. Before CAN tunable ECMs their were chips, daughterboards and signal massagers that could be used to tune EFI. The plug in tuners just make the whole process much easier and less intrusive.

  • avatar
    DenverMike

    If anything, it’s an opportunity for OEMs to jump into the “chipped” aftermarket game. Until the aftermarket catches up.

    They can offer an several stages of “OFF ROAD ONLY” “Track Keys” that unlock and alter built-in “Hot” profiles that tune for maximum HP and take the engine to the edge of destruction. Or past it, set for racing-fuel. And shut off all sorts of things like speed & RPM governors, and traction nannies. Plus add launch control and line-loc.

    OEMs already sell “OFF ROAD ONLY” parts, like H-pipes with the clear understanding, they’re illegal on public streets.

    And if any of it voids my warranty, hey that’s my choice. But if I buy the car used with 100K miles, who cares?

  • avatar
    Dr. Kenneth Noisewater

    I certainly hope this gets blown up by right-to-repair laws, though on the federal side there hasn’t been a whole lot of traction :/

    http://en.wikipedia.org/wiki/Motor_Vehicle_Owners'_Right_to_Repair_Act

    • 0 avatar
      Sigivald

      I don’t see how ECU-reprogramming would really relate to right-to-repair, though, and since this change is about restricting WRITE access, not read, it’s unclear that it applies.

      Right-to-repair isn’t right-to-chip-tune, after all – it’s meant to protect independent *mechanics* and theoretically consumers, through them.

      But it’s to protect them from an unfair advantage to dealers … and dealers don’t do a lot of chip-tuning (in most cases, not all), and chip-tuning just isn’t … repair.

      • 0 avatar
        Scoutdude

        And one of those right to repair abilities to be able to reprogram the PCM with an updated calibration or just load a calibration to a PCM or other module that needs to be replaced for one reason or another. Take a look at Motorcraft.com you can find the portal there where you can download the latest calibration based on the vehicle VIN and then use your own 3rd party device to upload it to the appropriate device. You’ll also find that some of the larger auto parts places have the devices to program many PCMs directly via their connector instead of through the OBD connector. Yes many times an updated calibration is covered by the warranty but a vehicle may have gone out of warranty by the time it is discovered that it needs an updated calibration to fix a problem. IE that occasional random hiccup didn’t bother the original owner but the second owner complains about it to their independent service repair facility. That technician looks in their information system and they find that there is a service bulletin regarding that issue that requires a new calibration to fix.

      • 0 avatar
        Dr. Kenneth Noisewater

        When I had a new transmission put into my 300SDL about 10 years ago (approx $3k for a rebuilt), the fellow at the independent shop had a newer Benz in another bay, and while discussing Benz transmission stuff someone walked in with a tool case. Turns out he was from the local MB dealership service center, and he had to complete some work the indy shop had done by resetting the computer with a proprietary MB “tuner” device. Guy hooks it up, does some stuff in the car, pushes some buttons, and is done. It cost ~$100 I believe, and was duly passed onto the car’s owner. That’s the sort of shit I cannot stand.

        Incidentally, I heard tell of another MB transmission that had an optical fiber link between its controller and the ECU, and when trans fluid leaked into the controller it shot up the optical fiber and into the car’s ECU, shorting it.

  • avatar
    robc123

    big deal.

    This is like buying a bus pass and expecting to chip the bus you are on. With autonomous cars I can see that too- autonomous car blobs (blobs because its going to be 20yr leases) that you get priority to- pay a larger lease and you get preference to 7-9am mon-fri type thing. Car ownership even as we know it will be completely different and non-chipped cars reflect that.

    rename blog to TTAAC, the extra a is for Autonomous.

  • avatar
    Vulpine

    While I’m not necessarily a fan of where “Ruby” says we’re headed, I fully understand and agree with his point; in today’s litigious society, it’s not the person who chipped the car that gets blamed in an issue, it’s the automaker itself for not trying to prevent it or not trying hard enough.

    People injured in car crashes today tend to sue the party most likely to be ABLE to pay, who may not necessarily be the user. Modifying a car’s programming is a subtle thing and SOME re-programmers even have the ability to revert to the vehicle’s ‘default’ settings under certain circumstances so that the true responsible party may never be known. With cars becoming more autonomous, such ‘chipping’ could destroy the car’s safety protocols and permit a crash that would have otherwise been avoided. In other words, if you can’t prove who DID cause the issue, then blame the builder. We’ve already seen this happening where simple human error has caused an injury yet it ends up the automaker having to pay for it.

    However, no matter how ‘hardened’ the systems may end up, someone will find a way around it and if it’s not a factory authorized mod, the factory itself gets blamed for letting it happen UNLESS it can be proven that the hack used a previously-unknown vulnerability. In other words, it will become the virus wars all over again–in our cars. Just as AV software hurts the performance of our PCs, they could well harm the performance of the car in which it’s installed. Reaction times may suffer and the AV itself may end up letting something happen that shouldn’t. Is there a way around it? Can it truly be hardened to the point that it can’t be hacked? No. But with certain physical as well as software preventative factors in place it MAY be possible to make it too difficult to attempt and trigger an alert when the attempt is made.

  • avatar
    OneAlpha

    Remember those dire predictions from the mid-nineties that proclaimed that the new LS1 V8 couldn’t be hot-rodded?

    This is just more of the same.

    What one man can build, another man can improve.

  • avatar
    Lorenzo

    If the major issues are liability and warranty claims, the automakers need to spend some money lobbying Congress to indemnify automakers for unauthorized modifications. It has to be made harder to sue for voiding a warranty, as well as for automakers’ liability for the changes that voided the warranty.

    They still have to guard against external hacking through wireless access, and make it harder to make major changes that could produce unintended consequences, but I would guess the EPA is pushing them to make the systems as difficult to change as possible. We’re not governed as much by the President and Congress anymore as we are by the regulatory agencies.

  • avatar
    Hummer

    Seems like a way to just decrease costs, if the risk of having 2 more HP exists then we need to spend an extra $2.00 and make a quality component over the “good nuf” component our engineers found to be the bare minimum to work.
    I’m honestly not that old, and I know I won’t be called pretty names for this; but this kind of stuff reinforces my total disinterest in modern cars.
    ..BUTTT.. This that and the other….
    Yea modern cars have several advantages, not tuning carbs is nice, direct injection is beautiful.
    But look at the other stuff, uniframe construction that drives accident costs up, turbocharged engines too small for their applications, touchscreen computers in the dash. Consumers buy them, so they must be good for me too? Sorry I’m not paying 30k+ for an automobile I can’t imagine running for 20 years and then another 20 after a rebuild.
    Yea it is only one thing, but if I added every individual occasion I’ve seen in the almost 2 years I’ve read, it would make a fairly good case. People call others delusional for getting upset over a small inconvenience, well sorry but that’s extremely shortsighted and acute.

    • 0 avatar
      JuniperBug

      That seems like a lot of uneducated hate on modern cars. I’m pretty sure that what modern unibody cars cost extra in accident repair, they make up several-fold in hospital bills. Just because it hasn’t happened to you doesn’t mean that current designs don’t have very real benefits in saving life and injury. Personally, I’ll take that over being able to hose off the interior after removing the corpse and continuing to drive the body-on-frame car without having to replace the bumper covers. As for turbo cars being undersized, what measure are you using? Cars are faster and more fuel efficient than they’ve ever been. They also last longer than they ever have, and I’m not really sure where you’re getting your 40 year serviceable life benchmark from, because cars in the past didn’t reach that, either.

      People love to come up with conspiracy theories to fight change, but most of the time change happens to accommodate new conditions. There was a time when people didn’t care about using twice as much in fuel so they could have a V-8 rumble in their car, and getting impaled by your steering column in a 45 MPH crash was considered acceptable. It’s a different world now, and priorities change. The automakers are just adapting to that.

      Don’t forget there was a time when carburetors were expensive, cutting-edge technology, too. Whatever gets built eventually gets cheaper, and if it’s affordable to build and there’s a demand for it, somewhere along the line someone will find an affordable way to fix or replace it.

      • 0 avatar
        Hummer

        I don’t hate modern cars, consumers still buy them, I recognize I don’t have a popular opinion. But it’s just that, my opinion. After 2006-10 there’s not much interesting, every automaker is on a fuel mileage crusade, obviously not everyone cares about spending a little extra on fuel, if they did Prius would be the number 1 seller.

        Sorry not everyone likes keeping up with the jones’ new cars are disposable, how hard is it going to be to get a new radio or HVAC system on a touchscreen setup car after it breaks in <20 years?
        Sorry but Older vehicles are indisputably easier to have parts made for. A slight advantage in safety isn't worth it, lift it and add a roll cage, problem solved.

  • avatar
    brettc

    Very interesting, I had no idea about it. I wonder how VAG-Com/VCDS or other full featured 3rd party scan tools will fare with this. Thanks for the information, Ronnie.

  • avatar
    old5.0

    EFI represents the end of hot-rodding- 1985

    OBDII represents the end of hot rodding- 1995

    This article sounds vaguely familiar…..

    • 0 avatar
      pragmatist

      Actually it DID end hotrodding.

      What we have now are little tweaks that spit out marginally higher horsepower, and we call that hotrodding. Without OBDII and the legal constraints behind it, that force you to keep it, there could be real, wide open hotrodding like the 60s.

      • 0 avatar
        Vulpine

        You haven’t seen today’s street racers. Believe it or not, “The Fast and the Furious” isn’t all that far fetched. Many of the roads near where I live are striped by oil from blown engines as they race around like total idiots.

    • 0 avatar

      OBD II was NEVER billed as “the end of hot rodding”. And time has shown that only the methods have changed…and even then, not all that much.

      OBD II and Enhanced OBD II standardized the protocol for diagnostics.

      It’s OBD III – rumored for close to 20 years – that’s supposed to make things more difficult. And beyond that, an even more draconian OBD IV.

      But here it is 2014 and we’ve lived with OBD II for the better part of 20 years. I think the aftermarket’s gonna be in an uproar from suppliers to independent repair shops to enthusiasts…should the industry make engine tuning, modification and repair more difficult. And using the technology to drive motorists to the dealer’s gonna run afoul of “Right To Repair” laws…

  • avatar
    PandaBear

    Most likely it would be a unique signing or encryption to each ECU that matching the hardware serial number burn into the chip with the software you load. It is likely hackable but need extensive work per unit.

    I can see the liability for letting people hack a XXX by wire system and causing an accident, then suing the manufacturer for not protecting the idiots from the systems.

  • avatar
    pragmatist

    A lot of this has to do with locking out independent shops and forcing people into dealerships.

    The dependency of cars on CAN is another problem. Peruse forums and look at the number of expensive problems that are cause be CAN failures in unrelated areas. The dreaded ‘CAN BUS ERROR’ can completely shut down a car. Far removed from the older idea of separate circuits for engine, lighting, entertainment, instrumentation etc. One system had no effect on the others.

    My daily driver for the forseeable future is a pre OBD vehicle. Many of the problems people are describing in the forums simply cannot happen in my car because I don’t have those systems.

    • 0 avatar
      PandaBear

      Yes, you can say the same about any electronic connections if they fail, but IMO having can bus means a huge reduction on the wiring and connection counts, that itself is a good thing. Also if I remember correctly CAN signaling has redundancy that you can have 1 of the 3 wires gone and it is still functional.

      But if your supplier uses cheap materials, anything can happen regardless of can bus or not.

      • 0 avatar
        danio3834

        Yes, this. CAN bus is pretty reliable and reduces complexity. Each bus has a pair of circuits and priority messages can still pass if one circuit has a fault. Diagnosing problems on the bus is fairly straight forward too. Most manufacturers break down the buses into branches where nodes connect to an accessible common connector and then to the main bus. This allows easy isolation of nodes and portions of the bus to find the short. I’d much prefer that over digging through endless connectors and looms to find a dedicated com circuit.

        • 0 avatar
          pragmatist

          If you Google, you will find many horror stories of component failure completely disrupting the electrical system of the vehicle. Dealers are often clueless and wind up replacing hundreds or thousands in controllers to get things working again. The bad thing is that disruption affects total8ly unrelated functionality because it all travels on the same bus.

          Tell me what’s so bad about switches and hard wiring? Why should a defective window switch bring down instrument panel, lighting, and throw the engine into limp mode

          • 0 avatar
            danio3834

            I don’t need to Google it, I live it. Yes, technicians have a bad habit of pounding parts to try and fix problems they don’t understand. It’s no different than pounding sensors and modules at drivability issues that require more in depth diagnosis. Just because they refuse to understand the system and follow proper diagnostic steps doesn’t make the system inherently bad.

            What’s so bad about hard wiring everything? If everything were to be hard wired in a modern vehicle, they would be significantly heavier due to all the extra wiring for one. All the different input signals would required dedicated circuits where they can all travel on a few pairs of bus wires with CAN.

            Second, diagnostics are much easier as fault detection is built in to the nodes so they can monitor the inputs and outputs and easily report things like window switch circuit faults. A lot of other complicated electrical hardware is simplified too when the node can control the outputs and even employ it’s own circuit protection to prevent occurrences of thermal events.

            It’s unlikely for a shorted window switch to cause a drivability issue as body accessories are on a different bus than powertrain controls. If it did cause a com issue, it would likely be affect only it’s individual controller (BCM in most cases) on the interior accessory bus, usually a medium speed CAN. Engine controls are run on a high speed bus. While the BCM is often a gateway for communication, it shouldn’t affect the other bus.

          • 0 avatar
            Vulpine

            On the other hand, Danio, were they hard-wired, we would have infinitely better reliability where we don’t have to start replacing sensors and modules to discover the problem is really mechanical.

            I’ve repaired more than on piece of automotive control circuitry by re-soldering all the connections on the board.

          • 0 avatar
            danio3834

            “On the other hand, Danio, were they hard-wired, we would have infinitely better reliability where we don’t have to start replacing sensors and modules to discover the problem is really mechanical.”

            Not at all. If anything, adding more circuits, more connectors with more pins reduces reliability. Current CAN configurations are more reliable and easy to diagnose if you know what you’re doing. If you’re replacing parts as a diagnostic method, you’re doing it wrong.

          • 0 avatar
            Vulpine

            @danio: What what you say makes sense, as an electronics technician myself going back to the Air Force avionics repair in the ’70s and ’80s, what you see is exactly that–the ‘trained monkey’ method of repair intended to first replace the electronic components first before looking for any mechanical problems such as broken wires or actual internal problems with the engine/transmission.

            I’ll grant that some things, like a wonky radio or air conditioner that cuts in and out may be fixed by replacing the radio itself or the control panel, but how do you know the difference between a burnt exhaust valve and a faulty sensor? Invariably they replace the sensor first–and sometimes multiple times before looking for the real cause of the bad reading.

            Then you have a circumstance like I had with an ’86 Toronado where an engine sensor would die every few months for no apparent reason, yet when I looked at the sensor location and the wiring, I INSISTED they add length to the lead at that sensor. They refused and over the course of the next two years had to replace that sensor FOUR TIMES on their own dollar before they finally tried what I had told them. That sensor never broke again.

            Trained monkey diagnostics only works so far. Sometimes real, first-hand knowledge can save a lot of money.

  • avatar
    sgeffe

    Wonder why SEMA hasn’t been blasting this from the rooftops? Surely they’ve got folks as deeply integrated as Ronnie’s friend.

  • avatar
    Wheeljack

    I know I’ll get lambasted for this, but every time I see one of those jackasses in a newer diesel truck that should have a DPF and a catalyst “rolling coal”, I kind of wish the gub’ment would clamp down on all of these “performance tuners”. A diesel engine that is pouring out black smoke is just simply wasting fuel and polluting the air.

  • avatar
    Greg Locock

    “He noted that even Ford’s OpenXC open source interface, which encourages third party application development, only gives passive access to vehicle data and can’t control vehicle systems.”

    He was wrong.

  • avatar
    DJTragicMike

    I highly doubt this spells the end of tuning, either DIY or module based (like Cobb). There are young people buying more and more cars. Especially turbo cars. Less restrictive exhaust + more boost = lots more hp and torque. You will NEVER stop 20 and 30yo guys from making their cars faster for little money. NEVER. Some enterprising person, group, or company will pay to bypass or decrypt the ECU protections. The demand is there, no doubt. It is an arms race.

  • avatar
    LuciferV8

    I’m betting this is where custom designed stand-alone engine management systems step in to save the day. The proliferation of cheap ARM chips will make this affordable for the average joe.

    The only other obstacle (and the bigger, more pressing issue IMHO) is going to come from the Agenda 21 nutjobs who want to gut the economy and corral all us proles in the cities.

  • avatar
    TheyBeRollin

    I can all-but guarantee that CAN is not going away, nor will it decline, unless something drastically simpler and cheaper appears. We’re still using RS232 (in full spec, lower-voltage, and TTL) in a huge percentage of modern designs.

    Are there any companies that produce de-tuned “life-extending” or “low-octane” configurations for higher-performance engines?


Back to TopLeave a Reply

You must be logged in to post a comment.

Subscribe without commenting

Recent Comments

New Car Research

Get a Free Dealer Quote

Staff

  • Authors

  • Brendan McAleer, Canada
  • Marcelo De Vasconcellos, Brazil
  • Matthias Gasnier, Australia
  • Tycho de Feyter, China
  • W. Christian 'Mental' Ward, Abu Dhabi
  • Mark Stevenson, Canada
  • Faisal Ali Khan, India