I also hacked my car(goncalomb.com) |
I also hacked my car(goncalomb.com) |
> I used a Raspberry Pi in USB gadget mode to simulate an Android device connected to the head unit. The head unit thinks it's accepting a navigation maps update from the "phone", but because the update protocol allows for arbitrary file changes, I can issue commands to modify a specific file and inject a call to a bash script that gets run as root.
Inspired by another post here on HN: https://news.ycombinator.com/item?id=32447650
In more parts posted in distant times, the last of which (one year after that post) is -
the author (greenluigi1) made Doom work on the Hyundai (Ioniq SEL).
In a prior role I got to engage on a number of GENIVI projects. GENIVI was/is a consortium of Auto makers and 1st-tier companies that determine standards for automotive IVI (In-Vehicle Infotainment). I got to work on some demonstration projects that were proof-of-concept for the standards. IIRC, we were implementing them on the Automotive-Grade Linux distribution. It was a really exciting time. I legitimately thought that there might be a future for a standard (or at least a couple of standard) infotainment systems.
Fun stuff. FWIW, I sort of thought of GENIVI as the European standards group, whereas AGL seemed largely funded and driven by the Asian Automakers. But that's my narrow viewpoint.
I also had a talk with a couple people at the booth, for example Igalia works upstream with Vulkan and Chromium a bunch. Would love to see more Linux on the dashboard in the future, some cars have pretty substantial chips powering their infotainment systems these days. Could be nice to add that as a node to a homelab Kubernetes cluster when it's parked idle in the garage :)
PCM6 for Porsche is a new Linux system from APITV.
I have little hope for a fix. It seems likely that its easier to just replace the entire controller that drives the audio and screen, and that sounds really really hard.
On the other hand, the infotainment can be rebooted even while driving. The drive train is much more protected and controlled, for a reason.
But since you can also interact with the car, like turning on and off drive assistant systems, I would not dare to hack my car. How about insurance, when there is an accident?
The insurance company would need to demonstrate that you've had an accident because of your modification. Just them being present doesn't invalidate anything.
However, in the real world, you can bet that they would try - you'd probably win in the court of law, but it's a risk.
From my experience unless the car has some kind of self driving stuff they just check with a mechanic the state of the car to see if it is totalled or can be repaired. Unless there are wires going out of the car there is no reason they would even check the os of the dashboard console[1]
[1] I refuse to use infotainment word, it is so unappropriate.
Just info: on my android phone with firefox the scrolling is atrociously slow (more than 1 sec lag during every scroll)
If all you need is a working head unit you should be able to get that for <$1000.
It's still an investment, but nowhere near $30k.
The real reason nobody bothers with this is that it's just the infotainment, and if you really want a custom one you can just buy a new head unit, or glue a tablet where the existing one resides.
You won't get access to the engage electronics, emissions controls etc. Those are all other dedicated computers.
There is potential for someone to make an ipad app that did all these things and connected to say your phone's hotspot so you could control everything. Soon you would be remaking android auto though. I think there's no market for a "you control your privacy" type thing.
Reminder that those who bought it, voted for it.
In economics, wallet is voting power - what you buy you feed and endorse.
My 2012 Nissan Leaf is equipped with a 3G cellular modem (upgraded from the 2G that it originally shipped with). Since the providers all shut down their 3G networks, it's been effectively offline.
The issue is with more with recordings and with the principle of sending data around beyond the ID - and especially with the contract that would make such activity accepted.
If I bring my car for maintenance and we agree on checking brake fluid and air filters, they cannot decide "Oh, the profiles of the tires are off, we'll change them". No one would need to pay them for this, as it was not agreed upon and is therefore not part of a contract.
So your case makes no sense at all.
Except that perhaps you life in an insane country, or are not well versed in basic contract law :-)
They will not hesitate to change the Electronic Control module and maybe the BSI also, just to be sure that your car don't fails in the worse moment and kills you. This could start at 1500 euro or much more depending on the brand. They will not understand your "right" to run Doom in your car.
Think also that currently some secondary car systems in many brands can be deactivated online, without creating a situation of danger for you, but making your driving experience really miserable if they want.
It's more likely that you get it back with a new software (and all your modifications wiped), because as part of the routine maintenance some blue-collar technician connects a USB-dongle and blindly upgrades the firmware.
Unless of course, the modification is so popular that searching for it becomes part of the vendors routine maintenance protocol...
The idea of "Hacking" cars feels great until you realize that this cars are driving in the same road as you
Hobbyist car hackers is a group filled with overconfidence, and overconfidence can lead easily to a hell of pain and a million of ways to shoot yourself in the face. Because electronic sensors tend to be connected with other sensors, that are connected with many other unsuspected things, and those last things can be more important that it seems.
If the accident is any serious, both insurance companies will routinely buy the info sent by default to the maker by that model; In particular speed and location info.
If the info is suspiciously absent (because somebody hacked their car to stop sending it), the insurance companies will enter in red-alert mode, and will find how to get themselves out of the problem.
Sent info can be used against you, but also could benefit your insurance company to win the case. Is not always white or black. The main goal of insurance companies will be to protect themselves, but the secondary goal will be to protect you, the client, from potentially serious legal consequences. If both insurance companies are the same, they could team against the vehicle with less clear data.
"Probably not". Probably is the key word here. I've seen insurance companies go to absolutely ridiculous lengths to deny a claim, so I honestly wouldn't put anything past them.
1. Turn the car on;
2. Scan the RF spectrum with SDR hooked up to a directional antenna, until you see something resembling digital TX in the waterfall graph. Note the frequency.
3. Dial in your microwave gun to that frequency, bathe the car in sweet sweet RF watts.
4. Confirm with SDR the signal is no longer there.
5. Repeat until you're reasonably confident you fried every transceiver that shouldn't be there.
(6. If the car doesn't start anymore, ask manufacturer for refund and suggest putting current protection circuits behind their radios.)
--
More seriously though, step 2 might be useful to locate more antennas to snip. Like a fox hunt, but in your garage.
Third party can be a money pit also. Like a volume knob that controls the factory amp via canbus rather than the fixed output level head unit. And the amp is conveniently not close to the head unit. And, mentioned elsewhere, but additional stuff for steering wheel controls, car data that the OEM head unit displayed (mpg, trip meter, etc).
I don't know why software would be any different.
"I didn't authorize that, I'm not paying for it, please give me my car back the way it was."
And if you think that, lets say "BMW", will hesitate a second to block online your car heating in the middle of winter; think again. I had seen it before. Even if you could hack it, to reconfigure the system again is not always easy or obvious without some knowledge of what values you need to enter.
It's not up to the car's maker to in any way interfere with or dictate the way I use my car.
I truly loathe this argument. I've seen it for cars, seen it for laptops, seen it for mobile devices. For years. People like you really think not purchasing the bad will fix stuff like this?
Purchasing decisions let you pick between competitors. That is all. You can't pick the open-source car that does not exist, unless you want to start your own car company just to build one. If you don't buy any car at all, then you simply don't exist to them, and they don't care about you.
Nobody is going to quit locking down their software just because a rounding error doesn't like it that way. They don't do it because they need people's votes, they do it because the company simply wants the software locked down, they don't care what customers think about it. Even if nobody bought the car, and everybody told them directly to offer open access, they'd probably still refuse to provide it, until and unless something like a regulation is passed that mandates it.
Cars aren't spying on you because people are voting for the spying. Nobody who buys the car is voting for it to spy on them, unless I guess their hypothetical dystopian future insurance gives them a bonus/discount for allowing them to view the data from the vehicle and they're actually okay with that.
Just look, you have a limited number of choices. You can "vote" for anything that is currently on the market. That is all the choice you have. If you want a car from the current market, you're going to have to pick one to vote for. Odds are they're all going to have some sort of surveillance-state bullshit, or the ones that don't have it are just going to be less-nice vehicles in general.
Similar to how, before Framework, everyone concerned about open-source system firmware was most likely rocking a speedy 2004 ThinkPad with a couple gigabytes of RAM. They were unable to simply vote for an actually fast, modern machine, as all of them had proprietary blobs doing who-knows-what. So someone had to come out and actually build one, and now we have Framework.
I believe that for phones, we might have Purism sometime in the 2030s, once they work out the most basic issues with their software stack, probably caused by trying to use existing Linux userland.
For cars... I haven't heard anything yet. Nobody's come out and built an open-source car company yet. So we're currently in the phase where you simply can't vote for an open-source car. Now, do you still need a car anyway? Then I guess you vote in favor of a locked-down vehicle. Even if you're not actually trying to vote, and you just need a car right now.
So that's why I hate this argument. Just because you bought a car doesn't mean you should be on the hook for "voting" for every feature the car has. You voted for the car. Doesn't mean it's perfect.
Well yes, certainly. A market exists because it has buyers - without them, it withers. And a market exists because there is a need, that producers will ride. «if nobody bought the car», they would not produce it.
> If you don't buy any car at all, then you simply don't exist to them
So you misunderstood the proposed idea. It is not the individual that changes the market: a critical mass does. But the responsibility is individual.
> Cars aren't spying on you because people are voting for the spying
The statement is, "if people did not accept it it would not happen, and by financing it they accept it".
> If you want a car from the current market
If the «current market» only contained traps ("and you will give us rights to your grandson" etc.), why would one «want [an item] from the current market».
> Odds are they're all going to have some sort of surveillance-state bullshit, or the ones that don't have it are just going to be less-nice vehicles in general
This makes it sound like "some people will trade decency for items that they see as nicer". That is plain sinister.
> before Framework
There is a difference between suboptimal products - "optimal is not available yet" - and unacceptable products - "this service comes with jus primae noctis".
> do you still need a car anyway? Then I guess you vote in favor of a locked-down vehicle
Let us hope you won't, and find other solutions. But the problem is not about open-source: it is about reliability, security and privacy.
> for "voting" for every feature the car has. You voted for the car
By financing and simply purchasing a product you endorsed it, and with it all its implications. You are responsible. Sweatshop shoes? Responsible. You are given a faculty of awareness and an obligation to use it. Some implications are good, some are minor, some are immoral, some are bringer of dire social consequences.
There is plenty of blame to go around. From corporate owners, through captured regulators to end users. Between all those parties I think the ones that have to choose between grades of shit are the least to blame. This does not absolve consumers, but it does put into question the framing you presented.
I don't see how it's sinister at all to say that. I hate Windows, but I use it because I no longer have access to macOS, and nothing works on Linux. Am I sinister for "voting" for Windows even though it lacks decency? It is currently the least bad option for me, that is all. The value in having a working computer is greater than the value in perpetually stressing myself out over whether things are free and libre or not.
Ensuring the absolute purity of my personal supply chain is too much of a pathetic chore for me to want to care about. I really, really do not care if that nice Tesla I may buy in 10 years tracks my every move, receives random OTA updates, makes me pay a subscription fee to use the hardware that's already installed in the vehicle, and so on. What if I just wanted a nice EV and nobody else does it right?? What am I going to do, buy a Rivian instead?
This is not the future, it is today.
https://www.progressive.com/auto/discounts/snapshot/
https://www.geico.com/driveeasy/
https://www.allstate.com/drivewise
https://www.amica.com/content/microsites/streetsmart.html
https://www.statefarm.com/customer-care/download-mobile-apps...
Also, almost nobody cares that their car manufacturer can track their car’s location. They already accept that they have a mobile device on them that tracks them everywhere, and at least the mobile networks plus government knows where they are.
And they also use electronic payments everywhere with “loyalty” discounts so all the banks/payment networks know where they are, and so do merchants.
Those are mobile apps that don't integrate with the actual vehicle.
I thing that the term is pretty self-explainable. Every support that the customer could request from the brand after the sale. Some of this things can be provided by anybody, other only by the brand.
Although, I do not see it as necessary. Cars with cameras will automatically start having lower insurance premiums, and so you will see people opt to buy cars with cameras (eliminating the inconvenience of having to install a dash cam by yourself).
Allow me: it extends the framework presented (we could also mentions faults in other parties, were we not addressing one specific part), but I do not see how it would «put it into question». As you say, it «does not absolve consumers».
«There is plenty of blame», which does not absolve John. And John gives signals that he is holding resistance against seeing it...
But not all. I had never meet a single car owner that spend solid money in their new car and then decline the maker guarantee, but your definition of what is "normal people" may differ from mine.
Go touch some grass