Well, not exactly. Once you have plugged this device into your can, it can be hacked. It's just a phone after all, and it has normal wireless connection options available.
It seems the system only works when the driver activates the cruise control, which hopefully Honda has programmed correctly: i.e. if cruise control is deactivated, steering inputs from the CAN-bus will be ignored.
So the driver can still regain control from a hacked device by deactivating cruise control, which s/he can do by moving the steering wheel or pressing one of the pedals.
The CAN bus is shared by a number of devices, each with its own microprocessor and thus (in principle) potentially subject to exploits that cause it to run malicious code. Some of the devices on the bus interact with the outside world via cellular, Wifi, Bluetooth and USB. The disturbing idea here is that your car is basically an internally-unfirewalled network of computers that can kill you if they malfunction.
But it is firewalled (between OBD port and the car, between internal buses,...). I won't say it's sufficiently locked down, but as we recently saw - not even Apple got that completely right - but there are several layers of protection(s) on the various communication bus-es and computers. At least on European Manufacturers.
I agree that this needs more hardening, but reading this comments one would get an idea that a 12 years old kid with a 10EUR dongle can hack any car. When in reality, stuff is a lot harder to do.
Because that means not only you (the owner) can do it.
Also (caution, tangent): MCUs in cars is one of the systems where I want more encryption/signing and less hacking - especially for owners. Foremost to get rid of all the chip-tuned soot sources I am constanly driving behind.
The manufacturer knows how to control the engine, the random idiot with a laptop in 95% of the cases does more harm then good. If the manufacturer botched the MCU (hello VW), then he is held accountable. If he allows users to cause harm to the environment (chip-tuning), he should be held accountable too.
I really wish to know where you live that the quality of chip-tunin is so bad.
In developed world (EU), the owners are accountable for their vehicles. Including emission controls. But the problem is on the enforcing side, from the people actually doing the enforcing to the (un)avability of appropriate measuring devices that are able to detect the prescribed levels.
EDIT: As I saw that you are from AT. You do know that your country has a reputition of 'hardcore' car modification checking at the inspection? :D But yeah, I noticed several problems with that and your system of 'we will just let every mechanic certify the cars'.
There is no such thing as high quality chip tuning, unless you are replicating 100% what the manufacturer just disabled for your MCU (e.g. unlocking some kW your motor is in principle capable of outputting). But then again, e.g. BMW uses different, more reliable mechanic parts (camshaft, head, etc.) on motors that have these kWs unlocked, so you are still risking ruining your motor in the long run.
Chip tuning always meddles with curves the manufacturer chose after long consideration and extensive tests (let's just ignore VW for a moment) - and you are trying to tell me that guy from this shop just "knows better" and "sure, this will be better in every possible aspect"?
Are you trying to say a 2019 BMW out of factory will shoot out black smoke while accelerating (quite boringly) from a traffic light?
I think you are missing the point; perhaps there are bunch of kids just fiddling with their ECU on an otherwise stock car where you live.
In my experience though, tuning is mostly done in conjunction with changing other parts (headers, ports, cams, add a turbo, fuel kit etc.) so the manufacturers long consideration of the best balance for the stock engine is no longer relevant. You have to retune to get proper performance; fair that tuners are rarely considering emissions like the manufacturer would, but changing the airflow characteristics without changing the tune is a bad idea...
Where I live, cars need certification/a license to be operated. The manufacturer does that for you, so you can obtain the required document quite easily for your car.
Aftermarket parts are regulated - you can't install what you want, it needs to be certified for your specific make and model (and motor variant, etc.) - otherwise your car is not legal anymore.
This applies to chip tuning as well. Since you're modifying a certified part, it looses the certification - obviously.
What new cars are allowed to emit, is strictly regulated.
Further, since this very month, we have a carbon-based tax on new cars (based upon the aforementioned certification from the manufacturer). Thus if the emissions of car are changed, you're basically evading taxes as well.
Where I live, chip tuning is almost only done to get a few HP on the cheap. And it is unfortunately very popular and nobody really cares.
Edit: You can seek in individual certification for some modifications, added to your documentation, but a tampered with ECU is not one of them I think.
Oh as I just remembered one thing that I forgot to add in the other reply - ofc I agree with most of your reasoning here. But I think that (regarding emissions) we need to find a better way to test/confirm this. As I believe you should be able to modify stuff you own.
But I just remembered regarding certification - BMW is selling official performance/tuning kits (Sometimes called M-Performance tuning kit), where you get a whole new ECU with more power (and maybe some other parts, but nothing major for sure). And now I really wonder how is the legality of that. And also adds another point, that there are valid and reasonably safe tuning options.
Ok, we live in different places and have different experience.
Most places I have lived in north america you are relatively free to install whatever after market parts you want, including things you have fabricated or modified yourself and people do some pretty extensive builds. That just doesn't work without changing the tune also.
I can guarantee you that there are some notable counter examples to your theory. I can tell you that manufacturers (BMW, VW,...) found out that it's a lot cheaper to manufacture the same physical engine and just limit it in software for different 'levels'.
BMW E90 series for example, from around 2008 onwards the 116d and 118d have exactly the same engine (per BMW part numbers mind you) but a different power output, even 120d only has one part difference (the ones with N47 engine that is). On VW part, new-er VW Caddy and VW Transporter with diesel engine option(s) have the same physical engine (in the model year) with widely different power outputs -> because they differentiate it for different segments via software.
And even moving from that, because of regional rules in NL for example, the cars with up to 140HP are prelevant and ofcourse VAG is not making a new engine just for NL, they limit one of their exsisting ones.
So yes, I believe that cars like this can be safely tuned without _any_ significant unwanted consequences for the longeviety of the engine/car. Mostly because the maps/factors can be adapted from their siblings with more factory power.
Regarding the black smoke/soot - no I believe that this is a (very) bad tune or something physicaly wrong with the car. It could be that they removed the DPF/EGR for some reason or something like that. But this is a whole other can of worms.
> Because that means not only you (the owner) can do it.
Not when it requires physical wires. This isn't some wireless TCP/IP stack connected to the internet.
Car entertainment/air conditioning systems usually also use a physically separate CAN bus so internet-connected dashboard devices don't get access to the engine and steering controls. They may share 12V power and that's it.
Comma.ai gets access to the "secret" CAN bus that can control steering via the lane keep camera next to the rear view mirror, not the OBD port or entertainment system.
To chime in (I'm not the original commenter you're replying to), in theory someone could develop an Internet-connected gadget, break into your car without being detected, plug said gadget in, and then drive you into a wall or off a cliff, maybe that's what the grandfather poster is worried about.
But in reality, no one's develop that sort of tech, and if a baddie wants to kidnap or kill, they'd probably spend their resources somewhere rather than hacking such a tool.
> Internet-connected gadget, break into your car without being detected, plug said gadget in, and then drive you into a wall or off a cliff
If someone wanted to make you drive off a cliff, they don't need a fancy internet-connected gadget. They could just loosen some screws on your steering column and leave.
If you have physical access to something you can always compromise it.
Android and iOS auto don't have access to the CAN bus that can control steering. They may have access to a physically separate CAN bus that controls the entertainment system and air conditioning. There are normally multiple buses in a car.
Then you have to certify signing mechanism so that braking works even if cosmic ray ruined brake pedal control unit, and that is half sane and half stupid.
If anything, every access to hardware you own SHOULD be this easy.