Bonum Certa Men Certa

The Car Drives You -- Part IV -- Today's Cars Come With Up to 3,000 Chips and Security Isn't of Concern

Consulting firm Deloitte Touche Tohmatsu Limited estimates that as of 2017, some 40% of the cost of a new car can be attributed to semiconductor-based electronic systems, a cost doubling since 2007. It estimates this total will approach 50% by 2030. The company further predicts that each new car today has about $600 worth of semiconductors packed into it, consisting of up to 3,000 chips of all types.
Further, internal and external vehicle communications have exploded in the past decade. In 2008, there were an estimated 2,500 data signals being exchanged among the ECUs in a luxury car. Volvo’s Antinyan says that today more than 7,000 external signals connect the 120 ECUs in Volvo vehicles, and the number of internal vehicle signals being exchanged are two orders of magnitude greater. Consulting firm McKinsey & Company estimates this information can easily surpass 25 gigabytes of data an hour.
Article from 2021 (IEEE)



Summary: The concept of software freedom inside cars has become a distant fantasy; the cars that are being manufactured nowadays disregard security and embrace unnecessary complexity

ABOUT a week ago we started this series. We looked at a consultation right here in the UK -- a misguided bit of text which characterises modifying one's own car as "tampering". Shades of "sideloading" in the context of software...



Demonising those who exercise control over a device they bought?

We then looked at what Toyota had begun doing, published Part I about the issue, and then -- several days later -- expanded in Part II and in last night's Part III. We've meanwhile, in parallel, studied just what amount of computing had crept into today's cars (gradually over the years). The data isn't entirely secret, but there are not many publications about it; more importantly, there seems to be no public debate about software freedom in that context. We wish to change that.

"The data isn't entirely secret, but there are not many publications about it; more importantly, there seems to be no public debate about software freedom in that context."Last week we wrote that in today's cars there's "not just a computer onboard but several"; a person contacted us to say "not just a computer onboard but many"...

OK, but just how many exactly? Obviously that depends on the car, but there are many overlaps across models and brands.

I am not clueless about today's cars; I did drive in the past and a decade ago I went to a car agency (that was the last time). Even in 2011 things were already starting to look grim. It was a Toyota agency.

"Most car fanatics I know consider the car a single system and ignore the many microcontrollers," an associate noted a week ago. "I have the feeling that on top of that most of the information is proprietary..."

Certainly, in my experience, the media does not inform people about the situation; I only realised how big an issue it was when supply chain woes caused price spikes and critical shortages; it was getting too hard to get all the bits to assemble new cars [1, 2].

So we decided to study a number authoritative pages about the number of processors and the nature of the tasks they perform. I already knew about the "micro" (processors) ones, which aren't exactly new and are installed at the ends/edges, but was not sure how they qualify with respect to "computer" (the components and their complexity may vary in definition).

As our associate put it, "there are many microcontrollers, I guess based on activities, and at least two full computers." There are publications[PDF] and full articles about it (not necessarily new). As our associate explained, "another site, with a comment going to a dead MIT link, suggests 50 to 70 "Electronic Control Units" in cars as of ten years ago."

That's the last time I went to a car agency. It has certainly increased a lot since then.

"That's even older" than this ("More Auto Computers Means More Complicated, Costly and Longer Repairs" according to this article from 2016), the associated noted, quoting various bits. This page says "high-end cars have as many as 100, and they’re accompanied by 60 to 100 different electronic sensors..."

And these parts are controlled by computers: "Engine control, Exhaust control, Heating/cooling, Fuel pump, Water pump, Transmission, Power steering, Brakes, Traction control, Airbags, Collison warning, Parking assist, Backup monitoring, Door and trunk locks, Power windows, Climate control, Power seats, Wipers, Charging system, Interior lighting, Brake lights, turn signals, Headlamps/daytime running lamps, Navigation, Car audio, and GPS..."

And "add side- and rear-view mirrors to that long list above," our associate noted.

"There are security/safety implications, as we covered earlier this year (in summer)..."Remember that these are all proprietary, some go decades back, but now they get connected to the Internet and more (e.g. Bluetooth connectivity with another device, which may be compromised). So some are connected less directly to the Net, e.g. their local (car) mother ship, which is in turn controlled by a bigger mother ship (vendor/government/cracker).

There are security/safety implications, as we covered earlier this year (in summer), and articles like "How a Hacker Could Hijack Your Car While You Drive" (Tom's Guide) that deal with the main question.

"It's largely ignored because, as mentioned, car fans see the vehicle as a physical object still when in reality most of it is software," our associate said. "Yes, all proprietary and restricted so as to lock out independent repair shops and mechanics. There was a lot of attention to this about 10 years ago in the various security conferences. Then a burst of information as some of the embargoes were lifted. I presume the quietness on that front means that more of the researchers are under NDAs again. Shmoocon, DefCon, and BlackHat usually have automative tracks."

We hope the conversation will be resumed and extended to the Free software world. We need to do more to highlight the dangers and tackle the problem.

"General-purpose computing is niche nowadays," our associate said, "and that niche has been shrinjing. The multinationals also appear to be aiming to eliminate it eventually. UEFI, TPM, DRM etc..."

"We hope the conversation will be resumed and extended to the Free software world. We need to do more to highlight the dangers and tackle the problem."Well, almost nobody covers these issues, so it's a vacuum we can fill in the coming weeks/months. We invite groups like the FSF (even SFC and OSI) to do the same.

More than a decade ago we still saw people saying that software was eating the world (citing famous old words), but nowadays people talk about "apps" and "clown computing" and all sorts of other nonsense. Not too long ago an article entitled "How Software Is Eating the Car" was published in IEEE Spectrum. To quote: "Predictions of lost global vehicle production caused by the ongoing semiconductor shortage continue to rise. In January, analysts forecast that 1.5 million fewer vehicles would be produced as a result of the shortage; by April that number had steadily climbed to more than 2.7 million units, and by May, to more than 4.1 million units. The semiconductor shortage has underscored not only the fragility of the automotive supply chain, but placed an intense spotlight on the auto industry’s reliance on the dozens of concealed computers embedded throughout vehicles today."

Get ready for some numbers that are more recent: "The company further predicts that each new car today has about $600 worth of semiconductors packed into it, consisting of up to 3,000 chips of all types."

"The IEEE article above speaks of "7,000 external signals", "120 ECUs" and so on. They say "Electronic Control Unit" (as euphemism for a computer)."Up to 3,000.

As our associated noted, "security has to be part of the design process, but it hasn't been, thus we end up with not just CAN but with everything integrated with it."

The IEEE article above speaks of "7,000 external signals", "120 ECUs" and so on. They say "Electronic Control Unit" (as euphemism for a computer).

In the next part we'll continue this discussion. One growing concern is, the lobbyists of car-making giants are trying to pass new laws mandating all sorts of things which eventually take "old" or "dumb" cars off the road (even if some manufacturers produce new alternatives that opt out of this whole mess).

Recent Techrights' Posts

Approaching 10,000 Articles/Pages Since Going Static
Trying to silence or derail the site was always a dumb strategy
Microsoft is Shedding Off Loads of Staff and That Can be Dangerous Too
Working for Microsoft is a choice; nobody forces you to do it
Richard Stallman and the Unix Philosophy
When asked about systemd people must remember that RMS speaks as an active Board member of the FSF and also the founder of the FSF
Get Rid of Back Doors, Don't Obsess Over Bounties and Other Corporate PR Stunts (or Needless Reboot Rituals)
Security as a term has mostly lost its meaning due to repeated misuse for many years
Serial Sloppers Are Killing the Web (They Probably Don't Care, Either)
Slop is a disease on the Web
IBM's Debt Ballooned by 8.5 Billion Dollars in Just 3 Months!
Hallmark of a company in a state of disarray, trying to spend its way out of trouble
Big Trouble in GNOME
even GNOME people admit the CoC went wrong
 
Three Years in Prison for Disney Employee’s ‘Menu Hacking’: The Economic Fallout of Digital Menus
Reprinted with permission from Ryan Farmer
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 25, 2025
IRC logs for Friday, April 25, 2025
Links 25/04/2025: Slop Fatigue and Patent Judges Flocking to Fake, Unconstitutional and Illegal Kangaroo Court (UPC, Captured 'Justice')
Links for the day
Gemini Links 25/04/2025: Night Manager and Devuan in Hosting
Links for the day
Windows Falls to New Lows in Nicaragua, Now Below a Quarter (It Used to be Almost 100%)
Another all-time low for Windows
The Cost (to Linux) of LLM Slop
Slop 'artists' like Fagioli are far from harmless
Links 25/04/2025: Ubisoft Spyware, Hegseth Fails at Tech on Every Level
Links for the day
Gemini Links 25/04/2025: Food Forest Update and Facebook Destroying the Net
Links for the day
Streaming Apps Are “Investor Fraud” That Kills the Planet
Reprinted with permission from Ryan Farmer
Things Get Increasingly Nasty at Microsoft Ahead of the Fake Results and May's Mass Layoffs Wave
They try to get people to 'resign' so that they won't count as layoffs and the company's 'wellbeing' will seem better
Slopping the Trough: Disney Plus Loses Billions and the Decline of Physical Media in America
Reprinted with permission from Ryan Farmer
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 24, 2025
IRC logs for Thursday, April 24, 2025
Links 24/04/2025: GAFAM Problems and No Peace (or Ceasefire) in Sight
Links for the day
Slopfarms on the Web Almost Always Generate Anti-Linux FUD When They Produce "Linux" Output
Welcome to the dying Web
Richard Stallman's Oxford Talk Has Just Ended, Here Are Some Photos
he might hop over to another European country
Gemini Links 24/04/2025: Birthday and Good Work of Academia in Esotericism
Links for the day
Links 24/04/2025: EU fines Apple and Facebook, Another Microsoft GitHub Security Blunder
Links for the day
New Article Explains How the GPL Came About and WordPress Having Copyleft Obligations
Having been involved in the WordPress development community since almost the beginning, I know why it chose the GPL and how it restricts abuse by Automattic
IBM Gained Almost 6 Billion Dollars in "Goodwill" Value in Just 3 Months, According to IBM
Congrats to the management!
In Belarus, Yandex is Now Measured as 50 Times More 'Popular' (by Usage) Than Microsoft
Yandex continues to gain, whereas Bing cannot even register at 1%. Last month it was registered or measured at a measly 0.65%.
IBM Cannot Lie to Shareholders Anymore
"I would not be surprised if we see a layoff every quarter this year."
Dr Richard Stallman (RMS) Gives Talk in Oxford University in 4 Hours
If you live nearby, go there (it's free as in gratis)
Using a Law Firm's Licence to Exercise Politics Through Frivolous SLAPPs and Nastygrams (to Silence People, Remove Pages, Demand Fake or Forced 'Apologies')
Things must be getting really bad when lawyers act for raving antisemites
We're Working to Make Full-Site Search Available
This site has over 1,000 'wiki' pages, many thousands of documents, several thousands of videos, and about 50,000 blog posts or articles. We need to make them easier to find/navigate.
Links 24/04/2025: IBM Loses Many Contracts, Intel to Lay Off Over 20% (Not Counting Those Who Leave 'Voluntarily')
Links for the day
Richard Stallman Can Explain to Oxford Artificial Intelligence Society Why LLM Slop is Not Artificial Intelligence and Why It Hurts Society
another 'crop' of LLM slop that damages GNU/Linux and facts
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 23, 2025
IRC logs for Wednesday, April 23, 2025