Bonum Certa Men Certa

The Car Drives You -- Part IV -- Today's Cars Come With Up to 3,000 Chips and Security Isn't of Concern

Consulting firm Deloitte Touche Tohmatsu Limited estimates that as of 2017, some 40% of the cost of a new car can be attributed to semiconductor-based electronic systems, a cost doubling since 2007. It estimates this total will approach 50% by 2030. The company further predicts that each new car today has about $600 worth of semiconductors packed into it, consisting of up to 3,000 chips of all types.
Further, internal and external vehicle communications have exploded in the past decade. In 2008, there were an estimated 2,500 data signals being exchanged among the ECUs in a luxury car. Volvo’s Antinyan says that today more than 7,000 external signals connect the 120 ECUs in Volvo vehicles, and the number of internal vehicle signals being exchanged are two orders of magnitude greater. Consulting firm McKinsey & Company estimates this information can easily surpass 25 gigabytes of data an hour.
Article from 2021 (IEEE)



Summary: The concept of software freedom inside cars has become a distant fantasy; the cars that are being manufactured nowadays disregard security and embrace unnecessary complexity

ABOUT a week ago we started this series. We looked at a consultation right here in the UK -- a misguided bit of text which characterises modifying one's own car as "tampering". Shades of "sideloading" in the context of software...



Demonising those who exercise control over a device they bought?

We then looked at what Toyota had begun doing, published Part I about the issue, and then -- several days later -- expanded in Part II and in last night's Part III. We've meanwhile, in parallel, studied just what amount of computing had crept into today's cars (gradually over the years). The data isn't entirely secret, but there are not many publications about it; more importantly, there seems to be no public debate about software freedom in that context. We wish to change that.

"The data isn't entirely secret, but there are not many publications about it; more importantly, there seems to be no public debate about software freedom in that context."Last week we wrote that in today's cars there's "not just a computer onboard but several"; a person contacted us to say "not just a computer onboard but many"...

OK, but just how many exactly? Obviously that depends on the car, but there are many overlaps across models and brands.

I am not clueless about today's cars; I did drive in the past and a decade ago I went to a car agency (that was the last time). Even in 2011 things were already starting to look grim. It was a Toyota agency.

"Most car fanatics I know consider the car a single system and ignore the many microcontrollers," an associate noted a week ago. "I have the feeling that on top of that most of the information is proprietary..."

Certainly, in my experience, the media does not inform people about the situation; I only realised how big an issue it was when supply chain woes caused price spikes and critical shortages; it was getting too hard to get all the bits to assemble new cars [1, 2].

So we decided to study a number authoritative pages about the number of processors and the nature of the tasks they perform. I already knew about the "micro" (processors) ones, which aren't exactly new and are installed at the ends/edges, but was not sure how they qualify with respect to "computer" (the components and their complexity may vary in definition).

As our associate put it, "there are many microcontrollers, I guess based on activities, and at least two full computers." There are publications[PDF] and full articles about it (not necessarily new). As our associate explained, "another site, with a comment going to a dead MIT link, suggests 50 to 70 "Electronic Control Units" in cars as of ten years ago."

That's the last time I went to a car agency. It has certainly increased a lot since then.

"That's even older" than this ("More Auto Computers Means More Complicated, Costly and Longer Repairs" according to this article from 2016), the associated noted, quoting various bits. This page says "high-end cars have as many as 100, and they’re accompanied by 60 to 100 different electronic sensors..."

And these parts are controlled by computers: "Engine control, Exhaust control, Heating/cooling, Fuel pump, Water pump, Transmission, Power steering, Brakes, Traction control, Airbags, Collison warning, Parking assist, Backup monitoring, Door and trunk locks, Power windows, Climate control, Power seats, Wipers, Charging system, Interior lighting, Brake lights, turn signals, Headlamps/daytime running lamps, Navigation, Car audio, and GPS..."

And "add side- and rear-view mirrors to that long list above," our associate noted.

"There are security/safety implications, as we covered earlier this year (in summer)..."Remember that these are all proprietary, some go decades back, but now they get connected to the Internet and more (e.g. Bluetooth connectivity with another device, which may be compromised). So some are connected less directly to the Net, e.g. their local (car) mother ship, which is in turn controlled by a bigger mother ship (vendor/government/cracker).

There are security/safety implications, as we covered earlier this year (in summer), and articles like "How a Hacker Could Hijack Your Car While You Drive" (Tom's Guide) that deal with the main question.

"It's largely ignored because, as mentioned, car fans see the vehicle as a physical object still when in reality most of it is software," our associate said. "Yes, all proprietary and restricted so as to lock out independent repair shops and mechanics. There was a lot of attention to this about 10 years ago in the various security conferences. Then a burst of information as some of the embargoes were lifted. I presume the quietness on that front means that more of the researchers are under NDAs again. Shmoocon, DefCon, and BlackHat usually have automative tracks."

We hope the conversation will be resumed and extended to the Free software world. We need to do more to highlight the dangers and tackle the problem.

"General-purpose computing is niche nowadays," our associate said, "and that niche has been shrinjing. The multinationals also appear to be aiming to eliminate it eventually. UEFI, TPM, DRM etc..."

"We hope the conversation will be resumed and extended to the Free software world. We need to do more to highlight the dangers and tackle the problem."Well, almost nobody covers these issues, so it's a vacuum we can fill in the coming weeks/months. We invite groups like the FSF (even SFC and OSI) to do the same.

More than a decade ago we still saw people saying that software was eating the world (citing famous old words), but nowadays people talk about "apps" and "clown computing" and all sorts of other nonsense. Not too long ago an article entitled "How Software Is Eating the Car" was published in IEEE Spectrum. To quote: "Predictions of lost global vehicle production caused by the ongoing semiconductor shortage continue to rise. In January, analysts forecast that 1.5 million fewer vehicles would be produced as a result of the shortage; by April that number had steadily climbed to more than 2.7 million units, and by May, to more than 4.1 million units. The semiconductor shortage has underscored not only the fragility of the automotive supply chain, but placed an intense spotlight on the auto industry’s reliance on the dozens of concealed computers embedded throughout vehicles today."

Get ready for some numbers that are more recent: "The company further predicts that each new car today has about $600 worth of semiconductors packed into it, consisting of up to 3,000 chips of all types."

"The IEEE article above speaks of "7,000 external signals", "120 ECUs" and so on. They say "Electronic Control Unit" (as euphemism for a computer)."Up to 3,000.

As our associated noted, "security has to be part of the design process, but it hasn't been, thus we end up with not just CAN but with everything integrated with it."

The IEEE article above speaks of "7,000 external signals", "120 ECUs" and so on. They say "Electronic Control Unit" (as euphemism for a computer).

In the next part we'll continue this discussion. One growing concern is, the lobbyists of car-making giants are trying to pass new laws mandating all sorts of things which eventually take "old" or "dumb" cars off the road (even if some manufacturers produce new alternatives that opt out of this whole mess).

Recent Techrights' Posts

NVIDIA Corp Lost 36% of Its "Value" Since Cheeto Inauguration, But "Gen Hey Hi" (GenAI) is Totally Not a Bubble
Selling loads of unneeded hardware based on hysterical hype; like selling shovels during a Gold Rush
 
The State of EPO Staff's Health in Rijswijk or The Hague
We're going to cover the EPO some more later in the month
GNU/Linux Growing in East Asia, Windows by Default No More?
GNU/Linux is now on the shelf
Slopwatch: Anti-Linux 'Articles' From Linux-Hostile LLMs
It is almost always negative things and nobody can be held responsible for it except the charlatans prompting the LLMs
Links 05/04/2025: Fentanylware (TikTok) "Sale Looks Highly Imminent" (US), Stock Market Drowning in Panic
Links for the day
Gemini Links 05/04/2025: Moving Plants, No to Smartwatches, RAID Hygiene
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 04, 2025
IRC logs for Friday, April 04, 2025
Techrights Has Dealt With More Potent SLAPPs Than Violent Microsofters Begging to Hide What They Did to Women
I became accustomed to SLAPPs
Links 04/04/2025: Fury in South Korea, Flight MH370 Remains Mystery
Links for the day
Gemini Links 04/04/2025: Anger and Raspberry Pi CM4
Links for the day
Links 04/04/2025: LLM Slop Bubble Bursting and Korea Music Copyright Association Bans Slop 'Music'
Links for the day
Traf-O-Data, the Company That Jeffrey Epstein's BFF (Bill Gates) (Co)Founded 53 Years and Went Out of Business Due to Heavy Losses
Who will die first, Bill or Microsoft?
Why Microsoft's Shares Sank Almost 20% in Recent Months (the Bubble is Imploding)
verified press reports from the past 24 hours
A Note on SimilarWeb
Or why SimilarWeb is meaningless for more than 99% of the sites on the Web
GNU/Linux Rises to Almost 5% in Algeria While Windows Sinks to All-Time Low
GNU/Linux grew tenfold
Where to Get More Gags
A valued reader recommended that to us
Links 04/04/2025: Tech Stock (Inc. GAFAM) Fall, Google Pretends to Do End-to-End Encrypted Emails (With Google in Control)
Links for the day
IBM Said to be Shutting Down Offices or Sites in the United States
the press can no longer avoid admitting that IBM moves many jobs to India
To Participate in Fedora Diversity You Must Use Proprietary Software
Not for the first time either
LLM Slop as Attack Vector on the Reputation of Linux
The attacks on Linux have escalated to information warfare
Yandex About to Be Three Times Bigger Than Microsoft (Bing) in Asia
That's about 60% of the world's population
Gemini Links 04/04/2025: Decoupling Updates, Elaho as Gemini Client
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 03, 2025
IRC logs for Thursday, April 03, 2025
Microsoft's Trouble in Africa and Asia
A new all-time high for GNU/Linux
Brett Wilson LLP Reported to the Solicitors Regulation Authority (SRA)
The saddest thing in all this is that law firms can maintain high standards shall they wish to
Links 03/04/2025: Tariff Pains and C.D.C. Cuts
Links for the day
StatCounter: Microsoft is Masking a Disaster, It's Way Behind DeepSeek Already and Interest in LLMs Has Waned
it turns out the money "raised" for "Open" "AI" may not even exist at all
Links 03/04/2025: SoftBank Money for Microsoft "Open" "AI" Probably Doesn't Even Exist, Wikimedia Foundation Blasts LLM Nuisance While Microsoft Admits Demand Has Shrunk
Links for the day
Gemini Links 03/04/2025: Patch Panel and Pictures
Links for the day
Islamic Republic of Iran: GNU/Linux at All-time High This Month, Windows Falls to 12%
Vista 10 is up this month despite being "end of life" (EoL) soon
Indonesia: All-Time Highs for GNU/Linux
What's noteworthy right now is the growth of GNU/Linux
statCounter Says GNU/Linux Usage is Up Again (Internationally)
some preliminary April data
Only on April 1st Can the Free Software Foundation Associate With Microsoft's Open Source Initiative (OSI)
We saw some pranks that day linking the FSF to Microsoft (e.g. "endorsing" Windows)
Confirmed in the Mainstream Media: A Lot of Microsoft "Workloads" Were Just LLM Slop (Helping to Fake Growth for Years, as Microsoft Had Paid "Open" "AI" to Become a "Client") and Demand is Rapidly Waning, Datacentres Canceled and/or Shut Down
Anything to facilitate further accounting fraud
Taiwan's Media Covers Closure of Microsoft's "AI" Lab, It's Time to Talk About the Gradual Death of Windows and Implosion of the "AI" Bubble
Earlier this week we showed that mostly Asian media had the 'nerve' to mention Microsoft silently shutting down its 'AI' lab
IBM Gets Rid of Kelly Chambliss as Mass Layoffs Reported in IBM Consulting, IBM Loses Key Contracts/Graft
IBM Consulting has been in disarray lately
More Gains for GNU/Linux, Based on Web Surveys
the Steam site shows rapid growth for "Linux" this month
Slopwatch: Anti-Linux Articles, Not Even Written by Humans
Why aren't Web sites more vocal about this problem?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 02, 2025
IRC logs for Wednesday, April 02, 2025
Links 03/04/2025: Apple Fined Over Secret Surveillance, "Elegant Writer For A More Civilized Age"
Links for the day