RelativeMotion1 t1_iu0muj9 wrote on October 27, 2022 at 5:55 PM

Reply to comment by Bostonosaurus in Carmakers have done nothing to comply with state's right-to-repair law by lurker_registered

The module that they’re requesting access to is an embedded modem that essentially allows remote access to all of the vehicle modules. Including those that provide anti-theft/security functions, and all of the modules that operate every feature in the vehicle including the powertrain and airbags.

It’s not going to be very helpful in the diagnostic realm, relative to the diagnostic tool that the dealership would use and is available to the independent shops.

If they can find a way to do this without making the cars vulnerable to theft or interference from bad actors, then sure, have at it. But it’s almost never going to help them repair the vehicle, and they’ll still need a diagnostic computer to do much of anything with the data. That’s my point. The legislation is trying to solve the wrong issue, and in doing so potentially creates a security risk.

synthdrunk t1_iu1adwq wrote on October 27, 2022 at 8:26 PM

So glad my vehicle has a cell modem, network stack.
Protect consumers by ending corpus collection from vehicles.

Bostonosaurus t1_iu8c9sk wrote on October 29, 2022 at 10:16 AM

They need this data for my protection.

fendent t1_iu41n7o wrote on October 28, 2022 at 12:08 PM

Security is about controlling risks in your threat model. There is nothing particularly complex about what they’re doing that isn’t already being done. It simply requires more effort and will be costly to retrofit them properly if they need any hardware changes on the device side. The fact that they can’t open up access to other authorized parties actually shows how poor of a job they’ve done and susceptible to compromise they are. The AG’s complaint actually details multiple AuthN/AuthZ models that the EFF helped them describe in their amicus brief! They’re simply putting up a fight because it’ll be expensive.