[tkfu]

It's not about security by obscurity. A better analogy would be the fight over "tivoization". In safety-critical and highly-regulated systems like automotive and health care, there's a meaningful regulatory interest in ensuring that the devices as sold and authorized to be on the road (or in patients' hospital rooms) don't get modified in dangerous ways. That means that the software and firmware running on each of the dozens of ECUs in a vehicle is part of the (regulated) functional safety spec of the system. There are real, meaningful technical challenges to overcome if you want to meet both the goal of ensuring that dangerous and malicious software can't run in safety-critical domains, and the goal of allowing users to modify their vehicles as they see fit.

I'm speaking as one of the authors of the Uptane standard for secure software updates in vehicles, and as a life-long proponent of user freedom and open access to the computers we buy. There are possible solutions here, but they are not easy.

[tpxl]

> the devices as sold and authorized to be on the road (or in patients' hospital rooms) don't get modified in dangerous ways

What use is preventing dangerous modifications, when unmodified devices contain critical safety bugs, and will continue to contain them. The ongoing effort by automakers is increasing the amount of safety bugs by connecting everything to the internet without proper security practices.

The only reason to require signed firmware/hardware as it stands is to decrease the repairability, harm the second hand market, and increase profits.

[the_lego]

> In safety-critical and highly-regulated systems like automotive and health care, there's a meaningful regulatory interest in ensuring that the devices as sold and authorized to be on the road (or in patients' hospital rooms) don't get modified in dangerous ways.

On the other hand, a Minority Report future where "your" car answers to a different master, or you don't have the right or ability to control your own medical implants and prosthetics, is terrifying. Given that we've lived for almost a century in a world where cars can be modified in unlicensed ways, I'll go with the devil we know.

[lifeisstillgood]

Could you expand, or point to a good primer on the issues?

I love "it's a complicated trade off" - it's way more interesting than whatever slogans end up defining "sides" in a debate

[bluGill]

Whenever I dig into this I discover that what people complaining really want to do is modify their cars so it no longer meets emissions standards (you can get more power and/or better fuel mileage by doing this). Nobody is replacing ECUs with one of their own design that otherwise meets emissions. Sensors and parts are easy to replace (sometimes at high cost), and mostly radially available. The OEMs already tell mechanics what all the diagnostics codes mean.

sure most of us reading this have the skills to write new code for their ECU, but realistically almost none of us would do that anyway unless we want to make a trade off that effects emissions.

[BenjiWiebe]

OEMs only tell authorized mechanics what the codes mean. Most cars have the basic standardized OBD-II codes, and an additional much-more-useful set of codes/diagnostics that are proprietary.

[bluGill]

They tell the third party scan tool manufactures as well. (for a "reasonable" price - where reasonable can be 6 figures) I used to work on those scan tools, and so I saw the data (I probably shouldn't talk about it - lets just say were reversed engineered their tools often).

Many mechanics will read and tell you the codes for free. Auto part stores will as well.

[alistairSH]

It's not just that. For example, BMW has paired the main battery to the ECU in their cars for years. So a dead battery requires a trip to an authorized repair shop (or buying an OBD scan tool) to have a new battery operate correctly. This is relatively easy & safe ~4 bolt job (2 tether the battery, then 1 for each terminal) in many other cars. Technically, it can be self-repaired, but it's extra steps and cost because reasons.

[bluGill]

This is the first i've heard of that. Thanks for bringing it to my attention.

[rolph]

dont include dangerous features that have nothing to do with the function of the vehicle. telemetrics, and remote manipulation of software during drive time are not required for safe operation.

[RealityVoid]

Hey, so you don't have any contact on your profile, but I do want to ask you if you see actual usage of Uptane in the industry. I have never heard of it, but it sounds interesting and practical. I have a bunch of experience around SW updates and was contemplating some sort of project in this area, I'm curious what your take is around the current environment.