CAN bus is the standard physical interface. What is not standard is the message being passed, so each car will have it's own message for car information. What surprised me about OpenPilot is how some of the electric steering system can be tricked into turning using false sensor data. It's actually amazing that almost all cars now can be driven by software the only thing missing are more accurate and complicated sensors.
OpenPilot doesn't "trick" the steering system using "false sensor data". The steering controller just accepts messages for commanding steering over CAN bus. The same messages are used by the stock ADAS system.
Also, this bus is not usually exposed to the OBD port, so OpenPilot just connects to the same port the stock ADAS ECU uses.
OpenPilot pretends it's the ADAS and some cars you can pass the torque sensor on the custom serial bus used by the cars. There's not much difference in tricking or pretending or overwhelming the serial bus with another data message to make the steering system respond to OpenPilot.
The message it's sending is distinct from the torque sensor reading. There is a dedicated message ID for automated steering inputs, usually used for lane keeping assist and for jiggling the wheel as a departure warning.
I tried programming a module for my car without a lane assist ADAS system. I only stopped because it was my daily driver. I am still saving up for another car so I wont be afraid to break my car.
This is actually quite common with aftermarket tuning for the past decade. Traditional ECU tuning you replace your car's ECU with one with a modified (chipped) ECU. Now, there are bolt-ons that connect through the OBDII port. They modify shift points, change timings, and air fuel mix ratios. And do this without voiding the warranty.
Virtually all of these devices void warranty. The trick of course is to put the original ECU back in before any service where it would be noticed, however unlikely.
But that probably will void your MOT and your CO2 rating which in some places can get you in very hot water (or might lead to insurance not paying out in case of accident if the specs are an x% better than they were before the mod).
It is actually concerning that you can inject false sensor data this easily. I mean, sure, the messages on the CAN will not be encrypted or signed in any way, I know, but still...
Well, not exactly. Once you have plugged this device into your can, it can be hacked. It's just a phone after all, and it has normal wireless connection options available.
It seems the system only works when the driver activates the cruise control, which hopefully Honda has programmed correctly: i.e. if cruise control is deactivated, steering inputs from the CAN-bus will be ignored.
So the driver can still regain control from a hacked device by deactivating cruise control, which s/he can do by moving the steering wheel or pressing one of the pedals.
The CAN bus is shared by a number of devices, each with its own microprocessor and thus (in principle) potentially subject to exploits that cause it to run malicious code. Some of the devices on the bus interact with the outside world via cellular, Wifi, Bluetooth and USB. The disturbing idea here is that your car is basically an internally-unfirewalled network of computers that can kill you if they malfunction.
But it is firewalled (between OBD port and the car, between internal buses,...). I won't say it's sufficiently locked down, but as we recently saw - not even Apple got that completely right - but there are several layers of protection(s) on the various communication bus-es and computers. At least on European Manufacturers.
I agree that this needs more hardening, but reading this comments one would get an idea that a 12 years old kid with a 10EUR dongle can hack any car. When in reality, stuff is a lot harder to do.
Because that means not only you (the owner) can do it.
Also (caution, tangent): MCUs in cars is one of the systems where I want more encryption/signing and less hacking - especially for owners. Foremost to get rid of all the chip-tuned soot sources I am constanly driving behind.
The manufacturer knows how to control the engine, the random idiot with a laptop in 95% of the cases does more harm then good. If the manufacturer botched the MCU (hello VW), then he is held accountable. If he allows users to cause harm to the environment (chip-tuning), he should be held accountable too.
I really wish to know where you live that the quality of chip-tunin is so bad.
In developed world (EU), the owners are accountable for their vehicles. Including emission controls. But the problem is on the enforcing side, from the people actually doing the enforcing to the (un)avability of appropriate measuring devices that are able to detect the prescribed levels.
EDIT: As I saw that you are from AT. You do know that your country has a reputition of 'hardcore' car modification checking at the inspection? :D But yeah, I noticed several problems with that and your system of 'we will just let every mechanic certify the cars'.
There is no such thing as high quality chip tuning, unless you are replicating 100% what the manufacturer just disabled for your MCU (e.g. unlocking some kW your motor is in principle capable of outputting). But then again, e.g. BMW uses different, more reliable mechanic parts (camshaft, head, etc.) on motors that have these kWs unlocked, so you are still risking ruining your motor in the long run.
Chip tuning always meddles with curves the manufacturer chose after long consideration and extensive tests (let's just ignore VW for a moment) - and you are trying to tell me that guy from this shop just "knows better" and "sure, this will be better in every possible aspect"?
Are you trying to say a 2019 BMW out of factory will shoot out black smoke while accelerating (quite boringly) from a traffic light?
I think you are missing the point; perhaps there are bunch of kids just fiddling with their ECU on an otherwise stock car where you live.
In my experience though, tuning is mostly done in conjunction with changing other parts (headers, ports, cams, add a turbo, fuel kit etc.) so the manufacturers long consideration of the best balance for the stock engine is no longer relevant. You have to retune to get proper performance; fair that tuners are rarely considering emissions like the manufacturer would, but changing the airflow characteristics without changing the tune is a bad idea...
Where I live, cars need certification/a license to be operated. The manufacturer does that for you, so you can obtain the required document quite easily for your car.
Aftermarket parts are regulated - you can't install what you want, it needs to be certified for your specific make and model (and motor variant, etc.) - otherwise your car is not legal anymore.
This applies to chip tuning as well. Since you're modifying a certified part, it looses the certification - obviously.
What new cars are allowed to emit, is strictly regulated.
Further, since this very month, we have a carbon-based tax on new cars (based upon the aforementioned certification from the manufacturer). Thus if the emissions of car are changed, you're basically evading taxes as well.
Where I live, chip tuning is almost only done to get a few HP on the cheap. And it is unfortunately very popular and nobody really cares.
Edit: You can seek in individual certification for some modifications, added to your documentation, but a tampered with ECU is not one of them I think.
Oh as I just remembered one thing that I forgot to add in the other reply - ofc I agree with most of your reasoning here. But I think that (regarding emissions) we need to find a better way to test/confirm this. As I believe you should be able to modify stuff you own.
But I just remembered regarding certification - BMW is selling official performance/tuning kits (Sometimes called M-Performance tuning kit), where you get a whole new ECU with more power (and maybe some other parts, but nothing major for sure). And now I really wonder how is the legality of that. And also adds another point, that there are valid and reasonably safe tuning options.
Ok, we live in different places and have different experience.
Most places I have lived in north america you are relatively free to install whatever after market parts you want, including things you have fabricated or modified yourself and people do some pretty extensive builds. That just doesn't work without changing the tune also.
I can guarantee you that there are some notable counter examples to your theory. I can tell you that manufacturers (BMW, VW,...) found out that it's a lot cheaper to manufacture the same physical engine and just limit it in software for different 'levels'.
BMW E90 series for example, from around 2008 onwards the 116d and 118d have exactly the same engine (per BMW part numbers mind you) but a different power output, even 120d only has one part difference (the ones with N47 engine that is). On VW part, new-er VW Caddy and VW Transporter with diesel engine option(s) have the same physical engine (in the model year) with widely different power outputs -> because they differentiate it for different segments via software.
And even moving from that, because of regional rules in NL for example, the cars with up to 140HP are prelevant and ofcourse VAG is not making a new engine just for NL, they limit one of their exsisting ones.
So yes, I believe that cars like this can be safely tuned without _any_ significant unwanted consequences for the longeviety of the engine/car. Mostly because the maps/factors can be adapted from their siblings with more factory power.
Regarding the black smoke/soot - no I believe that this is a (very) bad tune or something physicaly wrong with the car. It could be that they removed the DPF/EGR for some reason or something like that. But this is a whole other can of worms.
> Because that means not only you (the owner) can do it.
Not when it requires physical wires. This isn't some wireless TCP/IP stack connected to the internet.
Car entertainment/air conditioning systems usually also use a physically separate CAN bus so internet-connected dashboard devices don't get access to the engine and steering controls. They may share 12V power and that's it.
Comma.ai gets access to the "secret" CAN bus that can control steering via the lane keep camera next to the rear view mirror, not the OBD port or entertainment system.
To chime in (I'm not the original commenter you're replying to), in theory someone could develop an Internet-connected gadget, break into your car without being detected, plug said gadget in, and then drive you into a wall or off a cliff, maybe that's what the grandfather poster is worried about.
But in reality, no one's develop that sort of tech, and if a baddie wants to kidnap or kill, they'd probably spend their resources somewhere rather than hacking such a tool.
> Internet-connected gadget, break into your car without being detected, plug said gadget in, and then drive you into a wall or off a cliff
If someone wanted to make you drive off a cliff, they don't need a fancy internet-connected gadget. They could just loosen some screws on your steering column and leave.
If you have physical access to something you can always compromise it.
Android and iOS auto don't have access to the CAN bus that can control steering. They may have access to a physically separate CAN bus that controls the entertainment system and air conditioning. There are normally multiple buses in a car.
Then you have to certify signing mechanism so that braking works even if cosmic ray ruined brake pedal control unit, and that is half sane and half stupid.
Not much of false sensor data, they use existing endpoints used by ADAS.
Steering or gas or brake ECUs on older cars without fancy adaptive automatic thingy don’t accept remote control, units in such cars only take analog user inputs and only report statuses on the bus.
Since ADAS is complicated and developed independent to the rest of the car, car manufacturers expanded those actuators to incorporate remote control mechanisms, and ADAS systems are implemented as a self contained computer that send out those control messages. Sort of like a Raspberry Pi with the camera in a case that is advertised as an “Ethernet AI camera”.
Openpilot on officially supported cars impersonate those ADAS unit. They are not directly meddling with pedal potentiometer readouts and such. That kind of rigging are used in some lab experiments but not in the majority of OP driven cars.
Yes I agree with you, I only call it false data because the ADAS sensor is replaced with OpenPilot. I tried OpenPilot with my car without ADAS and adaptive cruise control and you need the extra wire for the module to give false pedal position and trick the steering. I only stopped because I am afraid to break my daily driver, but it does work and it's amazing.
It's not that easy and it's getting harder with each new car platform. But on the other end, some of the sensors are basic and will always be suspectable to false inputs. But don't worry, maybe it looks easy -> but it's not.
It's not yet concerning since you need to hardwire to the custom serial bus of modern car to have access to steering and cruise control systems. What's concerning is the trend started by Tesla that remotely disables your car.
It would be quite concerning if they disabled cars based by “our automated systems detected breach of community rules” without ability to dispute it in future.
Right now disabling car after violent crash looks like obvious security feature that every car (especially electric).
