I also hacked my car (opens in new tab)

Author here. I talk a little bit about SSH in the end, if I was successful in breaking the root password and if sshd is configured for root access (I'm not sure), I could have just used that. Otherwise, for me to change authorized_keys or some other file to run some code as root, it's the same work.

APITV makes infotainment systems for cars that run Linux.

https://www.aptiv.com/en

PCM6 for Porsche is a new Linux system from APITV.

If you'd like to experiment with bricking the head unit on your new car you can shop around and find a totaled specimen.

If all you need is a working head unit you should be able to get that for <$1000.

It's still an investment, but nowhere near $30k.

The real reason nobody bothers with this is that it's just the infotainment, and if you really want a custom one you can just buy a new head unit, or glue a tablet where the existing one resides.

You won't get access to the engage electronics, emissions controls etc. Those are all other dedicated computers.

You can just turn off via breaker the lte modem inside a tesla. Original ones had a 3g modem, they were replaced eventually with an lte one. Spying is under your control at least overall. The insidious thing is there are so many useful things in the tesla ui, you want to use it. I have experimented with disabling the modem but it was just so useful to have maps and current and accurate traffic that I quickly put it back. Also using voice commands to play music. There's just nothing as good for the phone.

There is potential for someone to make an ipad app that did all these things and connected to say your phone's hotspot so you could control everything. Soon you would be remaking android auto though. I think there's no market for a "you control your privacy" type thing.

> their $30k+ vehicle and risk bricking it. If you want a car that doesn’t spy on you

Reminder that those who bought it, voted for it.

In economics, wallet is voting power - what you buy you feed and endorse.

You can also remove the cellular modules without issue (other than online services not working), in my experience.

You can just turn off the breaker for the modem, why don't people just do that? Yes, you can remove the thing, but you can experiment today by doing that first step. There are tesla hackers, like this person https://twitter.com/greentheonly. They decompile the os releases and looks for new but disabled features.

Telematics units could be separate from IVI, could be hanging off elsewhere or could be independently procured and added at multiple different floors within a car company.

That does not seem to be too different from having a visible, readable ID plate - the information spread is "individual at that reader at that time" (though yes, if unneeded it should not be there).

The issue is with more with recordings and with the principle of sending data around beyond the ID - and especially with the contract that would make such activity accepted.

Some newer cars use the ABS sensors instead for TPMS sensors, one less privacy concern to worry about

I blame this on crappy drivers. A lot of modern Infotainment systems are running Linux of some variety, and the very easiest thing to do to get technology support is to grab the open source proof-of-concept Bluetooth driver, plug it in, and call it good.

No, the reason Hondas and Acuras have it is specifically because of (if I understand it correctly) a bug in the car’s Bluetooth handshake that sends audio streams as data. Someone found this by doing a Wireshark capture connecting a laptop’s Bluetooth to the car.

I have little hope for a fix. It seems likely that its easier to just replace the entire controller that drives the audio and screen, and that sounds really really hard.

Do you really think any insurance "expert" would look for that?

From my experience unless the car has some kind of self driving stuff they just check with a mechanic the state of the car to see if it is totalled or can be repaired. Unless there are wires going out of the car there is no reason they would even check the os of the dashboard console[1]

[1] I refuse to use infotainment word, it is so unappropriate.

No. It doesn't matter. You can hack something you own as much as you want, and you're paying the manufacturer to do maintenance on it. If you want then to change the brakes, whether your infotainment system is hacked or not is exactly none of their business.

Hacking a linux box using USB tricks and maintaining the mechanics of a car - probably not a huge skills overlap there. But I doubt he's going to be in trouble when getting the car serviced. If he is worried he could roll back any changes before sending it in.

They will see malware in the ECU. If a system is compromised by "obvious malware", other systems could be also. If there is a possible danger for your physical integrity any sensible worker will worry and take actions, specially before it evolves into a legal danger for them.

They will not hesitate to change the Electronic Control module and maybe the BSI also, just to be sure that your car don't fails in the worse moment and kills you. This could start at 1500 euro or much more depending on the brand. They will not understand your "right" to run Doom in your car.

Think also that currently some secondary car systems in many brands can be deactivated online, without creating a situation of danger for you, but making your driving experience really miserable if they want.

All brands have an associated net of official dealers to provide post-sale services.

Your mileage may vary. Each brand is different.

The idea of "Hacking" cars feels great until you realize that this cars are driving in the same road as you

Hobbyist car hackers is a group filled with overconfidence, and overconfidence can lead easily to a hell of pain and a million of ways to shoot yourself in the face. Because electronic sensors tend to be connected with other sensors, that are connected with many other unsuspected things, and those last things can be more important that it seems.