Comment

Comment on Why don’t EVs have standard diagnostic ports—and when will that change? | OBD-II was implemented to monitor emissions, but EVs don't have tailpipes.

tankplanker@lemmy.world ⁨11⁩ ⁨months⁩ ago

The existing standards OBD-II and CAN Bus just aren’t fit for purpose for ICE cars let alone EVs. Too many keyless cars get hacked by the thief hacking into either system and overriding the lack of a key, even if it means cutting a hole in the boot lid to expose the CAN Bus connection as with some Range Rovers.

Its become a significant problem for a lot of cars. It used to be that they would break into your house to steal your key, then steal the car but now they do not need to do that. It can be done in a couple of minutes on some cars that do not properly protect the CAN Bus cable.

What we really need is a proper public/private key pair for the cars so that all comms is only authorised via the physical key fob. This needs to be touch authorised to prevent snoop attacks. Sticking it on the key would then mean right to repair is not blocked, if the main dealer has it then its a big blocker for right to repair.

source

Sort:hotnew top

frezik@midwest.social ⁨11⁩ ⁨months⁩ ago
It’s not that simple. The CAN bus isn’t just about unlocking doors and rolling down windows. It also controls airbags and other systems that are time-sensitive. If you’re rolling down in the window at the same time you get in a crash, the airbag message has to override the window rolling message and inflate those bags in right-the-fuck-now time.

Adding encryption to the mix greatly increases the engineering required, even if it’s not used for every kind of message.

source
- isVeryLoud@lemmy.ca ⁨11⁩ ⁨months⁩ ago
  Decent encryption can be pretty quick and transparent these days.
  
  Besides, things related to windows, doors, ignition, etc. could be required to be encrypted, while split-second things like air bags could be unencrypted.
  
  This means an attacker who, e.g. bashes your fancy LED headlight to get to the CAN bus within can only do things like trigger your air bags, which isn’t very productive for them.
  
  source
- tankplanker@lemmy.world ⁨11⁩ ⁨months⁩ ago
  Yes I am aware of that, however the current way that is being looked at addressing the problem is moving the cabling to further within the car, which is just pathetic, like thieves wont just adapt to that.
  
  Encryption really isnt as big a performance impact if it is done correctly, sure it is not cost neutral but ask Range Rover how much reputational damage they had with their piss poor security. They are still having 1 in a 300 brand new defenders stolen after adding what is pretty a traditional immobiliser and tracker.
  
  As an example: iopscience.iop.org/article/10.1088/…/012071
  
  source
  - frezik@midwest.social ⁨11⁩ ⁨months⁩ ago
    
    Encryption really isnt as big a performance impact if it is done correctly
    
    “Done correctly” is the trick. This takes careful analysis and design. You don’t just pour on encryption and hope everything will be fine.
    
    source