GM Won't Help Aftermarket Tuners Crack C8's ECU
#1
CorvetteForum Editor
Thread Starter
GM Won't Help Aftermarket Tuners Crack C8's ECU
GM Won't Help Aftermarket Tuners Crack C8's ECU
By Brett Foote
It appears that they'll have to do it on their own.
By Brett Foote
It appears that they'll have to do it on their own.
Popular Reply
08-05-2021, 04:00 PM
Race Director
Member Since: Aug 2019
Location: Central Illinois
Posts: 10,148
Received 11,708 Likes
on
4,679 Posts
#3
Oh it'll happen. From what I understand, not having access to a the hardware is what is slowing people up. If they have the hardware and can capture a few updates, or, even better, get a full firmware dump, it'll get broken.
The best cybersecurity people don't work for GM.
The best cybersecurity people don't work for GM.
#4
Race Director
Member Since: Aug 2019
Location: Central Illinois
Posts: 10,148
Received 11,708 Likes
on
4,679 Posts
The following 10 users liked this post by Phil1098:
blue_bomber697 (08-05-2021),
gbf_98070 (08-05-2021),
Grey (08-06-2021),
johnodrake (08-05-2021),
JTBogus (02-10-2023),
and 5 others liked this post.
#5
Moderator
Member Since: Dec 2002
Location: Lakewood Ranch, FL
Posts: 40,112
Received 3,598 Likes
on
1,632 Posts
Oh it'll happen. From what I understand, not having access to a the hardware is what is slowing people up. If they have the hardware and can capture a few updates, or, even better, get a full firmware dump, it'll get broken.
The best cybersecurity people don't work for GM.
The best cybersecurity people don't work for GM.
#6
Le Mans Master
Why would anyone give out access to proprietary information?
#7
Le Mans Master
It's been roughly years. You can buy parts from wrecked cars on eBay. There's plenty of other GM vehicles on this architecture now.. How much more "access" do they need?
This car uses a new security architecture that's unlike anything before it. Based on what I've read in the technical docs, it's not going to get cracked. Not so much because it's impossible, but because it's just way too much work to justify. The car's various computers are all linked and authenticated to each other. If you want a tune, you basically have to crack the whole car instead of just the ECM now.
This car uses a new security architecture that's unlike anything before it. Based on what I've read in the technical docs, it's not going to get cracked. Not so much because it's impossible, but because it's just way too much work to justify. The car's various computers are all linked and authenticated to each other. If you want a tune, you basically have to crack the whole car instead of just the ECM now.
Last edited by Jeff V.; 08-05-2021 at 04:13 PM.
The following users liked this post:
Red Mist Rulz (08-06-2021)
#8
Race Director
Member Since: Aug 2019
Location: Central Illinois
Posts: 10,148
Received 11,708 Likes
on
4,679 Posts
It's been roughly years. You can buy parts from wrecked cars on eBay. There's plenty of other GM vehicles on this architecture now.. How much more "access" do they need?
This car uses a new security architecture that's unlike anything before it. Based on what I've read in the technical docs, it's not going to get cracked. Not so much because it's impossible, but because it's just way too much work to justify. The car's various computers are all linked and authenticated to each other. If you want a tune, you basically have to crack the whole car instead of just the ECM now.
This car uses a new security architecture that's unlike anything before it. Based on what I've read in the technical docs, it's not going to get cracked. Not so much because it's impossible, but because it's just way too much work to justify. The car's various computers are all linked and authenticated to each other. If you want a tune, you basically have to crack the whole car instead of just the ECM now.
#9
If you owned a $20M house, would you hang the front-door access code on the fence with the key to the liquor cabinet?
GM spent $100M+++ on software development.... why would you hand that over to some knucklehead.
I am on recored on numerous posts very skeptical about after-market tuners, but also no apologist for corporate idiots...
However, this is "Intellectual Property", and the owner has the right to protect it....
If you are smart enough to find a work-around, then maybe you earned it, fair and square, and maybe could get a lucrative consulting contract...
Think about it...
GM spent $100M+++ on software development.... why would you hand that over to some knucklehead.
I am on recored on numerous posts very skeptical about after-market tuners, but also no apologist for corporate idiots...
However, this is "Intellectual Property", and the owner has the right to protect it....
If you are smart enough to find a work-around, then maybe you earned it, fair and square, and maybe could get a lucrative consulting contract...
Think about it...
#10
Um, no. The people I knew that hacked the Teslas and Dodge cars don't work at a speed shop either. Smart people like hard challenges. There are even events where they setup cars like this and invite people to hack them.
It'll get broken or made irrelevant.
It'll get broken or made irrelevant.
#11
The more vehicles use this setup, the more likely it'll get cracked. And even if we never modify our vehicle, we want this to happen. Restricting the ability to modify something you own can also mean restricting your ability to repair something you own. And you'll care about that 10 years from now when you're out of warranty.
#12
Race Director
Member Since: Mar 2001
Location: Bonneville Salt Flats, 223mph Aug. '04
Posts: 17,539
Received 5,259 Likes
on
3,488 Posts
This "revelation" wouldn't have been news a couple years ago, much less now.
#13
Le Mans Master
You probably don't have to if you proxy the connection with a mitm.
The more vehicles use this setup, the more likely it'll get cracked. And even if we never modify our vehicle, we want this to happen. Restricting the ability to modify something you own can also mean restricting your ability to repair something you own. And you'll care about that 10 years from now when you're out of warranty.
The more vehicles use this setup, the more likely it'll get cracked. And even if we never modify our vehicle, we want this to happen. Restricting the ability to modify something you own can also mean restricting your ability to repair something you own. And you'll care about that 10 years from now when you're out of warranty.
#14
Moderator
Oh it'll happen. From what I understand, not having access to a the hardware is what is slowing people up. If they have the hardware and can capture a few updates, or, even better, get a full firmware dump, it'll get broken.
The best cybersecurity people don't work for GM.
The best cybersecurity people don't work for GM.
Cybersecurity is another key pillar of the new architecture. The system’s DNA includes additional protective features at the hardware and software levels that reflect the company’s foresight in this regard.
GM was among the first automakers to create an integrated and dedicated global Product Cybersecurity organization, a team of experts within the company focused on protecting against the potential risk of unauthorized access to vehicles and customer data.
GM implemented years ago a security vulnerability disclosure program to engage more closely with the research community. It has matured to become a formal “bug bounty” program that continues to further strengthen GM’s cybersecurity efforts.
Global B uses encrypted messaging on the bus between modules.
GM also chairs the Auto-ISAC (Automotive Information Sharing & Analysis Center), a community of private and public-sector partners that shares and analyzes intelligence about emerging cybersecurity risks for the automotive industry.
The electronic platform was developed at GM facilities across the globe by a team of electrical, hardware and software engineers.
GM was among the first automakers to create an integrated and dedicated global Product Cybersecurity organization, a team of experts within the company focused on protecting against the potential risk of unauthorized access to vehicles and customer data.
GM implemented years ago a security vulnerability disclosure program to engage more closely with the research community. It has matured to become a formal “bug bounty” program that continues to further strengthen GM’s cybersecurity efforts.
Global B uses encrypted messaging on the bus between modules.
GM also chairs the Auto-ISAC (Automotive Information Sharing & Analysis Center), a community of private and public-sector partners that shares and analyzes intelligence about emerging cybersecurity risks for the automotive industry.
The electronic platform was developed at GM facilities across the globe by a team of electrical, hardware and software engineers.
The following 3 users liked this post by Zymurgy:
#15
ECU tunes work great 4 turbo engines
not so much for naturally aspirated
panamera turbo make 100 more hp with ecu tune
many turbo amg same thing
not so much for naturally aspirated
panamera turbo make 100 more hp with ecu tune
many turbo amg same thing
Last edited by JillyBean; 08-05-2021 at 06:34 PM.
The following users liked this post:
lion shf (02-10-2023)
#16
Racer
If GM is using RSM Public Key Encryption then nobody is going to "crack" the code. It's a long discussion but the computational requirements to do that are measured in terms of millions of years of computer time. Bitcoin works because the solution space is bigger than the number of atoms in the universe and there is no deterministic way to get there except by trying each possible solution one at a time. GM possibly didn't use that many bits, but maybe they did. As long as the private key remains private nobody is going to crack the ECU.
#17
Racer
Member Since: May 2021
Location: Northern California
Posts: 254
Received 251 Likes
on
117 Posts
St. Jude Donor '22
California will now fail your car on smog if the ECU software has been modified in any way... so being able to modify the ECU software is no longer worth messing with here and I wouldn't be surprised if other states do the same.
The following users liked this post:
swift93 (02-12-2023)
#19
Le Mans Master
Software is written by humans, and humans make mistakes. The question is can the aftermarket justify the cost of finding those mistakes.
The following users liked this post:
Dirtnap_TX (08-06-2021)
#20
True. Moreover, EPA is now going after tuners for effectively installing defeat devices as defined by the Clean Air Act, which is a serious violation (think VW dieselgate). So far, I think most actions have been against diesel truck tuners, but other tuners are likely reconsidering their business in view of this risk. Do a simple search; lot's on this subject. Sad IMHO.