It already is for a lot of modern cars. Especially EVs. I imagine they are so tied into the functionality of the car that it makes the vehicle impossible to drive without the OEM headunit.
Couldn’t a savvy user just find an exploitable firmware revision, never connect the vehicle to the internet, and install aftermarket software or hardware to bypass the authentication checks? It would be more of a pain in the ass than the previous drop in system, but I’d imagine it’s possible.
If the auto industry successfully locks 99.9% of their buyers into their walled garden by making it such a pain in the ass to bypass it, they’ve already won.
The vehicle comes from the factory connected to the internet.
You’d have to find the exploit before they do, and it would be hard to replicate because once they find out, the only cars vulnerable to your exploit are ones manufactured before the patch who have been disconnected from the internet (which is like 2 cars).
It’s theoretically possible but very hard to replicate. And on top of that theres always the risk of the car manufacturer voiding the warranty on your $50k vehicle and/or cozying up to your insurance company and convincing them any damage is a result of you preventing their systems from running as intended.
It’s a messy high risk low reward game to play. Better option is to just buy a different car if you can.
Right, but that requires somebody to find and document exploitable firmware revisions, create and distribute hardware/software to exploit them, develop the aftermarket software/hardware, and all that potentially separately for each car model. And then that just becomes a war with the manufacturers, who might try to update their firmware more aggressively, lock things down more, and threaten/sue people working on such things.
It already is for a lot of modern cars. Especially EVs. I imagine they are so tied into the functionality of the car that it makes the vehicle impossible to drive without the OEM headunit.
Couldn’t a savvy user just find an exploitable firmware revision, never connect the vehicle to the internet, and install aftermarket software or hardware to bypass the authentication checks? It would be more of a pain in the ass than the previous drop in system, but I’d imagine it’s possible.
Depends on how heavily things are locked down, and how much money this tech-savvy person is willing to risk on a bricked automobile.
If the auto industry successfully locks 99.9% of their buyers into their walled garden by making it such a pain in the ass to bypass it, they’ve already won.
I’m doing my part by living car-free, never liked them. Unfortunately that’s not an option for everyone.
The vehicle comes from the factory connected to the internet.
You’d have to find the exploit before they do, and it would be hard to replicate because once they find out, the only cars vulnerable to your exploit are ones manufactured before the patch who have been disconnected from the internet (which is like 2 cars).
It’s theoretically possible but very hard to replicate. And on top of that theres always the risk of the car manufacturer voiding the warranty on your $50k vehicle and/or cozying up to your insurance company and convincing them any damage is a result of you preventing their systems from running as intended.
It’s a messy high risk low reward game to play. Better option is to just buy a different car if you can.
Right, but that requires somebody to find and document exploitable firmware revisions, create and distribute hardware/software to exploit them, develop the aftermarket software/hardware, and all that potentially separately for each car model. And then that just becomes a war with the manufacturers, who might try to update their firmware more aggressively, lock things down more, and threaten/sue people working on such things.