This may prevent cars being advertised for "sale" in California after January 1.
AB 2426: Consumer protection: false advertising: digital goods.[1]
“Digital application or game” means any application or game that a person accesses and manipulates using a specialized electronic gaming device, computer, mobile device, tablet, or other device with a display screen, including any add-ons or additional content for that application or game.
That's a car with an infotainment system.
This law makes it a crime to offer something "for sale" if it can be remotely disabled later, absent a separate acknowledgement that it's a lease.
“Sorry, we can’t ‘sell’ our cars anymore. The law says we have to call them a ‘lease’ and that’ll be be $X,XXX/year”
Wouldn't that be enough reason to take your business elsewhere?
It feels like market forces can push things in either of 2 directions:
(a) People hate practice X, so they shun companies that do it, and enough go to companies who don't do X, which leads to fewer companies doing X
(b) One company gets away with doing X, and despite some complaints, they do just fine – and other companies realize they can get away doing X too, and soon every company is doing it
People always jump to 0% vs 100%. That almost never happens but rather you get some percentage and that is often enough for a law to be considered successful.
Some specialized equipment has few manufacturers.
Arguably this allready happened with computer games.
The result? They will not sell any. There is enough old cars around to sustain the transportation needs of the population for quite a while (certainly until someone decides to make new cars without all this crap).
Citation needed. People just don't care enough about their privacy to change their behaviour. It's been proven over and over unfortunately.
A person who wants the new shiny thing is not going to buy an old secondhand car just because of some abstract privacy concern.
I would though... because even though I love technology, I'm a luddite because modern technology doesn't have innovation, only cheap touchscreens, beta testing by users, and rent-seeking.
If they are only willing to lease the car to me, I will happily take my money elsewhere.
Solution: stop making vehicles require constant updates and live servers.
The entire point of Android Auto and Apple CarPlay is that you can outsource this task to a device that has a MUCH higher guarantee of support, software quality, and connectivity.
A car infotainment should be able to play local music, control car functions, listen to the radio. None of these require connectivity. You need connectivity for streaming music and GPS. Well phones are really, really good at that.
Jokes aside, after reading the comments here, I doubt anyone with technical knowledge would believe this. Even with certificate pinning, you can simply dump the firmware as a raw binary, replace the certificate with your own, and upload it back to the car.
And even if the source code is lost, you can still sniff the traffic and implement an API. I did this for my previous employer, who had a collection of expensive, locked devices. It took me about a week, without any prior knowledge or experience. Imagine what someone with more experience could do...
That's assuming they have access to the private key used to sign the firmware though...
A lot of it seems to do with wanting to be able to replace certs and have reasonable expiration times, but not really understanding how to do that (I don't mean it's not possible, i mean the manufacturers seem to not really understand how to do it effectively)
As an example, the siemens CNC controller on my metal mill is totally signed. It has an FPGA with a secure element producing verification signatures to double check cert sigs haven't been modified, Every single file system with binaries is a read-only signed cramfs file signed with a secp521 ecc key. All read-write fsen are mounted noexec, nosuid, etc etc etc.
The initial CA key is baked into secure hardware.
However, in the end, they only verify the CA and signing certs have the right names and properties (various oem specific fields, etc), because the certs have 3-5 year expiration dates and these things are not connected to the internet or even updated often. So they accept expired certs for the signatures, and they also accept any root cert + signing cert that looks the same as the current ones.
So you can replace the CA key and signing keys with something that looks exactly the same as their current one and resign everything, and it works fine.
A whole lot of effort that can be defeated pretty quickly.
I would be surprised if the cars were not similar - they look really secure, but in the end they made tradeoffs that defeat the system.
If I was American Lease, I would look into that, besides suing.
Edit: Looking into it, it’s Android Automotive without Google Services. Who wants to bet that it’s an old version of Android on a recycled MediaTek tablet processor which is no longer getting security patches? Knowing MediaTek, completely reprogramming Secure Boot might not be off the table.
Or maybe the result is a Frankenstein creation where the original controller takes care of the driver’s dashboard display, but the entertainment display is Pi-driven.
The last place I worked on a system that billed $5-$10 million a month, all pure profit. I was the only one with any knowledge.
When the server was built the guy who did so never documented the root password, and nobody knows it. I was in the sudoers file, and I have no idea what they do since I left. I tried to explain it to multiple levels of management, but I lost them all the second I opened a terminal and ssh’d in.
I can tell it’s still running…
I once saw a small team of FANG engineers, that included two well seasoned senior engineers, revive a project left unmaintained for two years after the owning team was disbanded.
That small team took two weeks alone to get the project to build and run locally, with tons of bits missing.
But hey, if a random anonymous internet expert says that all it takes to revive a project is a week of browsing through the source code then that must be true.
I think the claim of "a week" is probably very wrong, but it's probably possible, at least in some capacity.
However, I think that the actual problem is how badly a lot of software is currently developed. Codebases without proper README files or code comments, even, no proper CI/CD setups in a lot of places and so on. In part, I think it is because developers don't really care about those that will come after them, or because having good discoverability isn't a blocker to get something working or even shipping software. If the situation is absolutely crap in web dev, I fear to think how much worse it is in other industries.
It's mesmerizing how random anonymous people online always have all the answers to the most challenging technical problems conceivable by Man, and they all involve having someone else do the hard/impossible part.
That doesn't necessarily mean they can even layout a plan for something as complex as this for a week, let alone execute anything.
I'd actually be willing to pick one of these up for a 70%+ discount if it came with all the internal schematics and source code, server migrations be damned.
> Fisker informed American Lease that the Oceans "cannot, as a technical matter, be 'ported' from the Fisker server to which the vehicles are currently linked to a distinct server owned and/or controlled by" American Lease.
"as a technical matter" is doing a lot of work in that sentence... I have questions.
It could be something as simple as the server ip address in each car's firmware. That's annoying but not insurmountable.
I don't think software had anything to do with the filing. they couldn't make and sell cars fast enough and burned through their money over the pandemic.
I believe they are suggesting that it is illustrative to the general public as to why buying cars with heavy cloud integration is a bad idea.
It's just a dumb-ass car that goes when I need it to go.
It comes with (wired) Android Auto, which is probably it's nicest and most advanced user feature.
I'm curious as to why one might need an SSL cert for charging an ev though?
Edit: this references the car certificate but doesn’t mention expiry periods: https://www.switch-ev.com/blog/basics-of-plug-and-charge
^ Edit: Honestly I don't have any experience with this, but I assume you still need access to Google for notifications etc., so maybe not
Some sort of tech navy seal.
I can email you if I can find your email.
I used to find my niche in contracting for banks always actively seeking the opposite of “greenfield” projects (usually to the utter surprise of recruitment agents) but this market has not been the same in the UK recently.
The kinds of people who call you are some of the human beings you would least like to work with, generally. They are almost definitionally over-funded and under-prepared.
Company of a friend of a friend had an intractable problem with an impossible deadline, like, literally, less than a day.
Don’t remember the details, but I fixed it. Deadline next morning, problem solved, saved the day.
It’s midnight, on a status call, wife is sleeping in the next room. The IT guy, his Russian contractor, and “Management” (folks who called me in) are on the call.
The IT guy is SCREAMING at me because I hadn’t checked the code into his convoluted VCS. That thing was a mess. I told them early on that doing that kind of bookkeeping was not a priority. We could deal with it after the crisis had passed.
He was having none of it. At high volume. In the middle of the night.
I simply told them “You know, I don’t have to be here.”
This ][ close to just saying “ok” and hanging up the phone.
Good times.
They wont typically pay an individual a rate equivalent to that, but an LLC can get a contract
I imagine the simplest technical solution is for the leasing company to acquire the whole business entity. That may even be what they are trying to do in court.
At the very least, it sounds like a problematic privacy and legal issue for regular Joe to have his car suddenly send data to some "random" third party, without his consent.
In automotive, it is common for there to be a requirement that software is supported to some degree for 7-15 years. In practice, this is extremely expensive to guarantee but no one wants to pay for the cost of a reliable guarantee. The industry is at an impasse with consumers and it manifests in situations like this article.
with onboard telemetry and ubiquitous HD image recording ability it's pretty easy to make a few shots to have some evidence of good and careful handling, and giving it to the next user in a known condition.
of course if time and space are at a relative abundance then owning might make perfect sense, or if someone uses it so much that handover costs would start to be significant.
7-15 years is nothing for firmware. the hardware is fixed, requirements are also basically fixed. no need to support new codes, new protocols, etc.
Highly paid engineers built a system this way.
I also have doubts they were specifically instructed to make the infrastructure non-transferable.
Bit different to changing the whole infrastructure out for every car in a disaster recovery situation.
There were scenarios down the track requiring porting the customer base into another data model that a competent design team would have in the brief, given a competent leadership.
oh wait...
"My car shuts off when I open all the doors"
"Why would you want it to run? You can't drive with your doors open! Marking as won't fix, working as intended."
"It's open source! You can fix the code yourself!"
No fucking thanks. Some things should cost money and have real stakes.
Owners tinkering with ICE vehicles was and is a thing and I don't see how an electric power train makes that too much different.
Open standards and data formats would be a good middle ground to help avoid the type of problem with Fisker "unable" to migrate to a different provider. Although I wish that vehicles did not have to phone home to the mother ship at all.
A car should be an embedded system, there is arguably no need for any of its core subsystems (ECU, BMS,immobilizer etc) to have a wireless connection to the outside world. If updates are needed, the dealer can handle it physically.
Next up are the wireless unlock systems, if there was a security problem there, anyone could potentially steal your car. And there are issues with these systems, relay attacks and the like.
Then the infotainment systems parse complex data like videos, and need network connections to download video, games etc