Bonum Certa Men Certa

The Car Drives You -- Part IV -- Today's Cars Come With Up to 3,000 Chips and Security Isn't of Concern

Consulting firm Deloitte Touche Tohmatsu Limited estimates that as of 2017, some 40% of the cost of a new car can be attributed to semiconductor-based electronic systems, a cost doubling since 2007. It estimates this total will approach 50% by 2030. The company further predicts that each new car today has about $600 worth of semiconductors packed into it, consisting of up to 3,000 chips of all types.
Further, internal and external vehicle communications have exploded in the past decade. In 2008, there were an estimated 2,500 data signals being exchanged among the ECUs in a luxury car. Volvo’s Antinyan says that today more than 7,000 external signals connect the 120 ECUs in Volvo vehicles, and the number of internal vehicle signals being exchanged are two orders of magnitude greater. Consulting firm McKinsey & Company estimates this information can easily surpass 25 gigabytes of data an hour.
Article from 2021 (IEEE)



Summary: The concept of software freedom inside cars has become a distant fantasy; the cars that are being manufactured nowadays disregard security and embrace unnecessary complexity

ABOUT a week ago we started this series. We looked at a consultation right here in the UK -- a misguided bit of text which characterises modifying one's own car as "tampering". Shades of "sideloading" in the context of software...



Demonising those who exercise control over a device they bought?

We then looked at what Toyota had begun doing, published Part I about the issue, and then -- several days later -- expanded in Part II and in last night's Part III. We've meanwhile, in parallel, studied just what amount of computing had crept into today's cars (gradually over the years). The data isn't entirely secret, but there are not many publications about it; more importantly, there seems to be no public debate about software freedom in that context. We wish to change that.

"The data isn't entirely secret, but there are not many publications about it; more importantly, there seems to be no public debate about software freedom in that context."Last week we wrote that in today's cars there's "not just a computer onboard but several"; a person contacted us to say "not just a computer onboard but many"...

OK, but just how many exactly? Obviously that depends on the car, but there are many overlaps across models and brands.

I am not clueless about today's cars; I did drive in the past and a decade ago I went to a car agency (that was the last time). Even in 2011 things were already starting to look grim. It was a Toyota agency.

"Most car fanatics I know consider the car a single system and ignore the many microcontrollers," an associate noted a week ago. "I have the feeling that on top of that most of the information is proprietary..."

Certainly, in my experience, the media does not inform people about the situation; I only realised how big an issue it was when supply chain woes caused price spikes and critical shortages; it was getting too hard to get all the bits to assemble new cars [1, 2].

So we decided to study a number authoritative pages about the number of processors and the nature of the tasks they perform. I already knew about the "micro" (processors) ones, which aren't exactly new and are installed at the ends/edges, but was not sure how they qualify with respect to "computer" (the components and their complexity may vary in definition).

As our associate put it, "there are many microcontrollers, I guess based on activities, and at least two full computers." There are publications[PDF] and full articles about it (not necessarily new). As our associate explained, "another site, with a comment going to a dead MIT link, suggests 50 to 70 "Electronic Control Units" in cars as of ten years ago."

That's the last time I went to a car agency. It has certainly increased a lot since then.

"That's even older" than this ("More Auto Computers Means More Complicated, Costly and Longer Repairs" according to this article from 2016), the associated noted, quoting various bits. This page says "high-end cars have as many as 100, and they’re accompanied by 60 to 100 different electronic sensors..."

And these parts are controlled by computers: "Engine control, Exhaust control, Heating/cooling, Fuel pump, Water pump, Transmission, Power steering, Brakes, Traction control, Airbags, Collison warning, Parking assist, Backup monitoring, Door and trunk locks, Power windows, Climate control, Power seats, Wipers, Charging system, Interior lighting, Brake lights, turn signals, Headlamps/daytime running lamps, Navigation, Car audio, and GPS..."

And "add side- and rear-view mirrors to that long list above," our associate noted.

"There are security/safety implications, as we covered earlier this year (in summer)..."Remember that these are all proprietary, some go decades back, but now they get connected to the Internet and more (e.g. Bluetooth connectivity with another device, which may be compromised). So some are connected less directly to the Net, e.g. their local (car) mother ship, which is in turn controlled by a bigger mother ship (vendor/government/cracker).

There are security/safety implications, as we covered earlier this year (in summer), and articles like "How a Hacker Could Hijack Your Car While You Drive" (Tom's Guide) that deal with the main question.

"It's largely ignored because, as mentioned, car fans see the vehicle as a physical object still when in reality most of it is software," our associate said. "Yes, all proprietary and restricted so as to lock out independent repair shops and mechanics. There was a lot of attention to this about 10 years ago in the various security conferences. Then a burst of information as some of the embargoes were lifted. I presume the quietness on that front means that more of the researchers are under NDAs again. Shmoocon, DefCon, and BlackHat usually have automative tracks."

We hope the conversation will be resumed and extended to the Free software world. We need to do more to highlight the dangers and tackle the problem.

"General-purpose computing is niche nowadays," our associate said, "and that niche has been shrinjing. The multinationals also appear to be aiming to eliminate it eventually. UEFI, TPM, DRM etc..."

"We hope the conversation will be resumed and extended to the Free software world. We need to do more to highlight the dangers and tackle the problem."Well, almost nobody covers these issues, so it's a vacuum we can fill in the coming weeks/months. We invite groups like the FSF (even SFC and OSI) to do the same.

More than a decade ago we still saw people saying that software was eating the world (citing famous old words), but nowadays people talk about "apps" and "clown computing" and all sorts of other nonsense. Not too long ago an article entitled "How Software Is Eating the Car" was published in IEEE Spectrum. To quote: "Predictions of lost global vehicle production caused by the ongoing semiconductor shortage continue to rise. In January, analysts forecast that 1.5 million fewer vehicles would be produced as a result of the shortage; by April that number had steadily climbed to more than 2.7 million units, and by May, to more than 4.1 million units. The semiconductor shortage has underscored not only the fragility of the automotive supply chain, but placed an intense spotlight on the auto industry’s reliance on the dozens of concealed computers embedded throughout vehicles today."

Get ready for some numbers that are more recent: "The company further predicts that each new car today has about $600 worth of semiconductors packed into it, consisting of up to 3,000 chips of all types."

"The IEEE article above speaks of "7,000 external signals", "120 ECUs" and so on. They say "Electronic Control Unit" (as euphemism for a computer)."Up to 3,000.

As our associated noted, "security has to be part of the design process, but it hasn't been, thus we end up with not just CAN but with everything integrated with it."

The IEEE article above speaks of "7,000 external signals", "120 ECUs" and so on. They say "Electronic Control Unit" (as euphemism for a computer).

In the next part we'll continue this discussion. One growing concern is, the lobbyists of car-making giants are trying to pass new laws mandating all sorts of things which eventually take "old" or "dumb" cars off the road (even if some manufacturers produce new alternatives that opt out of this whole mess).

Recent Techrights' Posts

WordPress Becoming What We Feared It Would Become
WordPress and other such bloatware (WordPress used to be fast and light) are moving in the same trajectory that GAFAM leads
Call for European Patent Office (EPO) Whistleblowers
The European Patent Organisation (EPO) might not reform the Office
400-Page US Federal Court Against Abuses by Google, Microsoft and Front Groups That Abuse Volunteers for American Corporations
There are 386 pages in total (in the US claim)
Projection Tactics - Part IV: SLAPP by Americans Against Techrights (UK) to Hide Serious Abuses Against American Women
"PRs need to stop being complicit in suppression of information via SLAPPs"
Five Years Ago, After We Broke the Story About Richard Stallman Rejoining the FSF's Board, All Hell Broke Loose (for Me and My Family)
They generally seem to target anyone who thinks Richard Stallman (RMS) should be in charge or thinks alike about computing
Projection Tactics - Part II: Causing "Serious Harm" to Many People (Even Animals)
Narcissists and sociopaths are like that
Sirius Open Source's Latest Report: Fake (False) Number of Staff, Almost No Money in the Bank, Overdraft, and Growing Debt (About £100,000 More Borrowed)
massive (and still growing) debt
European Patent Office (EPO) Series: Photo-Ops Galore and Suspicions of Influence-Peddling
coverage of the EPO's Croatian junket
 
Getting Skyped: Closure of Studios Microsoft Bought
wait till July and the mass layoffs outside XBox
Several Waves of Red Hat Layoffs This Year, Is This Still Going on Under IBM?
The PIPs and NDAs hard to get a clear picture
Sabine Hossenfelder Versus IBM Scamming Shareholders
IBM has become a garage of BS
Some XBox Layoffs Underway, At Least Five Studios to be Shut Down
Insiders are in a state of panic
Gemini Links 30/06/2026: Music Theory, Addiction, Clown Computing
Links for the day
Links 30/06/2026: France Recorded 1,000 Excess Deaths During Heat Wave, Slop Replaced by Human Staff
Links for the day
People Given the Totally Wrong Idea That "Secure Boot" is About Security (It's the Opposite, It's About Handing Control Over to NSA/Microsoft)
"Secure Boot" with capital "B" is conflating compromise with security.
Today The Register MS is Publishing Fake Articles About "AI", 100% of All "Content"
Maybe the media is dying because it is selling its soul [...] The Register MS has no standard
America Has Cost Europe Too Much
Countries ought to be controlling all their own systems
GAFAM Debt Will Surge, in July We'll Know by How Much
Do not fall for slop or sloppy narratives
Too Many "Marketers on the Payroll" at IBM, Selling Impossible Products That Cannot be Delivered or Will Never Deliver
IBM is rotting away
Media Says Microsoft's (XBox) Layoffs May be Record-Breaking
think somewhere in the range of ~5000 for gaming/XBox alone
Links 30/06/2026: What's Wrong With EU Age Verification, RSA Keys with Many Zeros
Links for the day
This is Not a Security, This is a Circus
Security does not mean "asked Microsoft for permission"
Communities Need Strong Leadership, Not Dictators Like IBM
Leadership in Free software is not ownership [...] Fedora will only last as long as IBM can somehow make some money out of it or leverage it to attract sharecropping
Patents Are Not "Cash Cows"
People who deliberately don't understand patents (or believe lies about them) will fail to understand how the world works (or does not work)
Sad Lives of People Who Think Women Are Just Sexual Toys (All They Have is Money)
money is still a man-made concept and life is finite
SLAPP Censorship - Part 123 Out of 200: Why Violence Against Animals Matters
Starting tomorrow (Wednesday) we'll begin telling stories about what happened last week
EPO Staff Union's (SUEPO) The Hague Committee, With Help of Lawyer, Challenges Lack of Rewards for Hard Work
The EPO is not about granting valid patents anymore. The horse-trading corrupt officials just see the EPO as some thing that "prints money"
Massive EPO Demonstration Today
It'll start in about 6 hours
More Layoffs in Microsoft's PR Department, Even Ahead of 'D-Day'
Notice they are not even waiting for the official date (nor week)
Gemini Links 30/06/2026: Music and Broken Hearts
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 29, 2026
IRC logs for Monday, June 29, 2026
Gemini Links 29/06/2026: Using More of GPLv3+ and Merits of Security by TOFU
Links for the day
Links 29/06/2026: Lemote Yeeloong Laptop With OpenBSD, Slop Ruins Code/Development
Links for the day
Antisocial People With No Computer Science Background Are Ruining the Technology Space (Like Officials With No Experience in Patents Destroyed the EPO)
This is a real issue; it needs to be widely recognised and tackled
DDoS Attacks Are a Crime and They Only Increase Interest (Intrigue) in Their Target
Information cannot be DDoSed out of reach/existence, except temporarily
Pushing to the Top
Publishing is about exposing corruption
Whistleblowing and Retaliation by Microsoft Workers Against Microsoft Seems Increasingly Likely
some will go to the press, looking to expose some shenanigans
How Long Can a Company Delay Its Financial Report That Likely Confirms Exodus of Staff, Growing Debt, and Other Problems?
Brett Wilson LLP was meant to release its annual report some time early this month
SLAPP Censorship - Part 122 Out of 200: Garrett's Solicitors Confirm That Garrett is Ban-Evading and Spying on Our IRC Network
his solicitors basically acknowledge this
European Patent Office (EPO) Series: Networking With the National Delegates
António Campinos with a prime opportunity to network with the Administrative Council delegates and lobby for his reappointment
PIPs and "Retirements": IBM Layoffs in Anything But Name
That former Red Hat (now IBM) staff threatens to put my wife and I in prison is worse than cruel
Contact Members of the EPO Administrative Council, Tell Them the EPO (Office) Became a Disgrace and an Enemy of Europe's Citizens
If you live in Europe (not just the EU, even Turkey is included), please contact your delegates
The World Needs GNU/Linux for Security, Turn Off "Secure Boot" (It's the Opposite of Security)
They call it "Secure Boot", but what does it mean to say "Secure" when you actively opt for back doors controlled by Microsoft, the FBI, and many more parties?
In Signal of Weakness or Phasing Out XBox (Not Sustainable, According to the CEO) Microsoft "Pauses New Third-Party Game Pass Deals"
Moments ago
Two Pieces About "AI" This Morning Were Paid-For SPAM at The Register MS
The Register MS is the "Tech News" publisher you can pay to promote your company and even key-word-stuff pages for SEO purposes
Week of Microsoft Layoffs, Maybe Record-Breaking Scale
They will mislead about the scale
Links 28/06/2026: More Om Malik Eulogies, Cloudflare Promotes Web Browser Monocultures
Links for the day
IBM's Alderon as "Silent Layoffs", Not Just Bailout From Taxpayers
Seeing through the noise
'Modern' Web: "Stop! You Are Browsing Too Fast!"
Can the Web ever recover from this?
Pensions Tied to Ponzi Schemes Are Themselves Ponzi Schemes
Pensions are becoming more like that as well
Laptop Bricked After Microsoft Certificates Expiry
Is "Jim" dead?
Monoculture in Europe as National (or Continental) Security Threat
We need more browser diversity
Canada 5-0: GNU/Linux Rises to 5.0%, Windows Rapidly Falls to New Lows
Will we be seeing 6-0 (6%) by year's end and will Microsoft be shown two red cards?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 28, 2026
IRC logs for Sunday, June 28, 2026
Gemini Links 29/06/2026: Sansieviera, HiFi, and Self-Signed Certificates
Links for the day
Outsourcing is Not Security
Outsourcing to Microsoft is the opposite of security
Links 28/06/2026: Turkey's State Broadcaster Suspends Commentator, Journalists Under Attack
Links for the day
Debugpoint.com Turns to LLM Slop for 'Help'
This is how sites die
Follow the Real Security Experts
Werner Koch
Assessing the Upcoming (July) Proprietary/GAFAM Cuts
The total (or %) matters to us because it can help shed light on what scale of layoffs to expect next week
Microsoft Lunduke Does Not Correct or Clarify Misinformation That He Posted (or Repeats It Instead)
Not the first time [...] detracts and/or distracts from legitimate criticisms
How Not to Do Security
Asking Microsoft for permission
Gemini Links 28/06/2026: Simulation Theory and Pursuit of Novelty
Links for the day
Five Years After Its Formation Libera.Chat Has the Most Simultaneous Users in Internet Relay Chat (IRC)
netsplit.de also measures the cross-network total at over 300k, probably for the first time in years
The Slop 'Religion' is Dying: From Widespread (Paid-for) Hype to Widespread Hate
Wait till "sentiment" in Wall Street - not just general (public) "sentiment" - shifts strongly against slop
For Whistleblowers' Sake, Choose Hosting Platforms Wisely
Techrights is hard to 'sedate'
How to Discreetly Leak Important Information to Techrights
Some years ago we published multi-part series about how to contact us securely
Expect Many More Whistleblowers From Microsoft
We envision many pissed off workers from Microsoft will become whistleblowers after next week's giant wave
Efforts to Resume Progress on FreeJS, LibreJS, and Reduce Dependence on Microsoft
It's still in a relatively early development stage
Whistleblowers Improve the World
we should appreciate and respect whistleblowers
Microsoft Windows Plunges to All-Time Lows in Japan
Microsoft is disintegrating; many people no longer use (nor need) Windows
GNU/Linux Turns 43 in 3 Months From Now
The Manifesto of the Free software movement (GNU Manifesto, 1985) turned 40 last year
SLAPP Censorship - Part 121 Out of 200: One Day We'll Discover What Company or Rich Person/s Funded the Lawfare Against Us
Even if the law firm shoulders some of the losses, then it is in effect an investor in the lawfare, according to established caselaw
Working on "Linux", But on Microsoft's Payroll
Under the totally false guise of "security" those same people are now promoting TPMs and other horrible things
Links 28/06/2026: Energy Crunch, EEE by Microsoft, and John Bolton Pleads Guilty in Dictatorship of SLAPPs
Links for the day
Jim Not Dead Yet
Let's wait a few more days
Microsoft Layoffs So Big They Cannot Even Wait for 'D-Day' (July 1)
"Layoffs at Xbox Appear to Have Already Begun, with Multiple Compulsion Games Employees Announcing Their Departures"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 27, 2026
IRC logs for Saturday, June 27, 2026
Links 28/06/2026: Heatwave in Europe and Media Failing to Actually Criticise Power
Links for the day
Gemini Links 28/06/2026: Poems, Photographs, and Neoliberalism as Religion
Links for the day