Friday, March 29, 2024

Car Companies Master Plan Caused The Auto Theft Crisis And they know how to fix it




Sometime around the late 1990’s car companies started to embrace a brand new concept that had the potential to make them a lot more money. They called it SDV (software defined vehicle) or “connected vehicles”. 


Replacing expensive hardware with cheap software was now the new cocaine for the auto industry, and the savings would be enormous


SDV meant that no longer would the buyer get a choice of different engines, transmissions, radios, etc - hardware choices would now be turned into software choices by a Netflix monthly type subscription. No longer would they need to build two radios, one with  navigation and one without, just add navigation software to the one radio and bingo! You then have two different radios but one piece of hardware instead of two.The same applies to engines and other hardware. For example, bigger engines could be eliminated by a piece of software that turned one engine into four with a simple software update, giving the engine more or less horsepower or gas mileage; genius really. Want more horsepower?. No problem, we have software for that. We’ll give you 50 more hp for $9.99 / mth or get it bundled with the Nav package for only $15.99 / mth, all done with one engine instead of four. Just to design and develop one new engine is well north of a billion dollars.

The first step was to start fitting all cars with telematics and push button start since the SDV scheme wouldn’t work without a vehicle being able to communicate with a call center, which, in turn, needs to collect reams of data on the driver in order to figure out what they may like to subscribe to (GM’s OnStar was an early example). An SDV car would be modeled after a cell phone, with one fatal exception; you would never be able to turn it off or have a user selectable password since the system needs to be “on” even when parked. Ford even mentions this “always-on relationships with customers” in their 2021 Q4 SEC filing. and how subscriptions are critical to future revenue. It is also mentioned under the “Risks” section as well.

As a bonus SDV fit electric vehicles perfectly, they were all software based already. The savings in hardware would be enormous on all types of cars, in the billions, and the subscription revenue stream would keep on giving for the life of the car. If you wanted a concept to make auto makers weak in the knees, SDV was it. It only had one minor side effect, increased auto theft.

A Hacker’s dream

It turns out the SDV “always-on” telematics was a Hacker’s dream, a way in, a failure point. You might as well have put out a welcome sign. Automakers immediately started building millions of vehicles with telematics and push button start. Hackers loved it; a few electronic bits and you have one key for thousands of cars.

Back in the lab the automaker’s engineers knew there was going to be a big problem with hacking of their telematics. They even coined the term we use today  “relay attacks” or relay station attacks, all this before they ever put telematics and their push button start systems in any car. They filed dozens of patents on stopping the hacking they were likely to face, some going back 20 years and they all worked. They rarely, if ever, used them. Automakers did use the odd one here and there; for example one to lock out your local mechanic so they could charge them for temporary access to the car's internal computer system. Another example was used in 2021 that worked like a charm stopping all sorts of attacks on Dodge Chargers in Canada. It was a simple 12 minute software update, no hardware required and it was called “Security Enhanced Mode”. You simply entered your own 4 digit PIN on the infotainment screen and the car wouldn’t go faster than a few mph. Hackers' hearts sank. How would they guess thousands of different PIN codes? Game over. Nope, game on, Hacker’s catch another break. FCA only fitted it to 240 cars - then recalled all the cars 6 months later and removed the feature so they could sell them on a subscription router they would fit to the car at no charge. BMW had a PIN system in 2000 for a year or two then it disappeared. User PINs gone never to be seen again. Dodge Police cruisers have a factory installed system called Secure Park / Idle Guard  that was also a software based solution that could be fitted to all late model cars with a simple software update, but this seems to be a bit of a state secret with Police even though it’s all over the internet. It’s not available to the general public.

Mathematically the Software Defined Vehicle looks like this; 

SDV = Subscriptions + Telematics x (privacy - Auto Theft)

This formula appears to be acceptable to the auto companies for the time being. They aren’t worried about reputational damage since all car companies are having their vehicles stolen. So it’s a wash with consumers since it doesn’t matter what car brand they buy. They all get stolen. Police and politicians have formed mutual admiration societies telling everyone they’re working on solutions and sharing information. Police aren’t looking for the root cause, they're looking for organized crime. 


Auto journalists are trying to bring the issue into focus but it’s a complex issue and writing about cars and computers is a known sleep aid to the general public. Automakers' constant stream of fear mongering and Jedi mind control tricks (used on Police and Politicians) severely undermine the journalists’ efforts and dominate the news coverage of auto theft. There have been articles on why we don’t have our own PINS like our cell phones, how your data from the car is being sold and used against you and how much money the auto companies are making on subscriptions. These are critical news stories and should be promoted as urgent public information. The politicians, automakers and police never mention them ever.


Unsurprisingly auto makers have been turning a deaf ear to their own SDV cybersecurity software suppliers like Elektrobit / Argus, started by former Israeli Military cybersecurity experts in 2013. It is a global leader in automotive cybersecurity and its client list includes every major automaker on the planet. Their software is used in 600 million cars so yes, they know a thing or two. Astonishingly, they have told the automakers to get their vehicle’s cyber security updated or face billions in lawsuits. In a YouTube video posted by Argus a few months ago, Argus states the legal threat to be $24 Billion by 2025 at the 7:55 mark. The fix is a cheap software update, yet the automakers double down and say they are working on it. Their standard refrain - “this is a matter of organized crime, there are no silver bullets and we are working closely with police and insurance companies”. 


SDV is really an unlocked cell phone on wheels so expect a future like this; 

An avalanche of emails and texts from car companies for everything from oil changes to software updates. Your favorite car app will disappear or freeze unexpectedly, more warning lights will come on that the dealer can’t fix, the radio will be stuck on low volume, a lot more dealer visits, a lot more recalls. In short it will be a nightmare. Imagine owning a second glitchy cell phone without a password, that can’t be turned off and is stolen every few months. 

Since approximately 1996, the automakers have spent billions on the SDV subscription scheme. They have had ample opportunity to mention their many tested solutions. During the Takata airbag scandal it was found out the auto companies knew years before they had had a problem, and it cost them billions. When will automakers learn that it is cheaper to fix a problem than a scandal? If you’re one of those people who drank the kool-aid, yes there are silver bullets for auto theft, developed, designed and tested years ago, software based and sitting on a shelf. It’s almost criminal. The current Auto Theft Crisis isn’t an accident, it’s a side effect. 


M. Whinton

Graduate University of Guelph 1984 B.A. Economics

Graduate Queen's University 1985 B.Ed. Tech Studies Automotive

Recognized Ontario Superior Court Automotive expert - 24 years

Independent Auto Insurance Forensic Investigator major insurers - 25 years

Owner Carquestions YouTube Channel - 17  years

Licensed Automotive Service Technician Red Seal (National) - 42 years

Licensed Truck Coach Technician - 42 years

Retired Department Head Tech Studies Automotive - 28 years


No comments:

Post a Comment