Bonum Certa Men Certa

The Car Drives You -- Part IV -- Today's Cars Come With Up to 3,000 Chips and Security Isn't of Concern

Consulting firm Deloitte Touche Tohmatsu Limited estimates that as of 2017, some 40% of the cost of a new car can be attributed to semiconductor-based electronic systems, a cost doubling since 2007. It estimates this total will approach 50% by 2030. The company further predicts that each new car today has about $600 worth of semiconductors packed into it, consisting of up to 3,000 chips of all types.
Further, internal and external vehicle communications have exploded in the past decade. In 2008, there were an estimated 2,500 data signals being exchanged among the ECUs in a luxury car. Volvo’s Antinyan says that today more than 7,000 external signals connect the 120 ECUs in Volvo vehicles, and the number of internal vehicle signals being exchanged are two orders of magnitude greater. Consulting firm McKinsey & Company estimates this information can easily surpass 25 gigabytes of data an hour.
Article from 2021 (IEEE)



Summary: The concept of software freedom inside cars has become a distant fantasy; the cars that are being manufactured nowadays disregard security and embrace unnecessary complexity

ABOUT a week ago we started this series. We looked at a consultation right here in the UK -- a misguided bit of text which characterises modifying one's own car as "tampering". Shades of "sideloading" in the context of software...



Demonising those who exercise control over a device they bought?

We then looked at what Toyota had begun doing, published Part I about the issue, and then -- several days later -- expanded in Part II and in last night's Part III. We've meanwhile, in parallel, studied just what amount of computing had crept into today's cars (gradually over the years). The data isn't entirely secret, but there are not many publications about it; more importantly, there seems to be no public debate about software freedom in that context. We wish to change that.

"The data isn't entirely secret, but there are not many publications about it; more importantly, there seems to be no public debate about software freedom in that context."Last week we wrote that in today's cars there's "not just a computer onboard but several"; a person contacted us to say "not just a computer onboard but many"...

OK, but just how many exactly? Obviously that depends on the car, but there are many overlaps across models and brands.

I am not clueless about today's cars; I did drive in the past and a decade ago I went to a car agency (that was the last time). Even in 2011 things were already starting to look grim. It was a Toyota agency.

"Most car fanatics I know consider the car a single system and ignore the many microcontrollers," an associate noted a week ago. "I have the feeling that on top of that most of the information is proprietary..."

Certainly, in my experience, the media does not inform people about the situation; I only realised how big an issue it was when supply chain woes caused price spikes and critical shortages; it was getting too hard to get all the bits to assemble new cars [1, 2].

So we decided to study a number authoritative pages about the number of processors and the nature of the tasks they perform. I already knew about the "micro" (processors) ones, which aren't exactly new and are installed at the ends/edges, but was not sure how they qualify with respect to "computer" (the components and their complexity may vary in definition).

As our associate put it, "there are many microcontrollers, I guess based on activities, and at least two full computers." There are publications[PDF] and full articles about it (not necessarily new). As our associate explained, "another site, with a comment going to a dead MIT link, suggests 50 to 70 "Electronic Control Units" in cars as of ten years ago."

That's the last time I went to a car agency. It has certainly increased a lot since then.

"That's even older" than this ("More Auto Computers Means More Complicated, Costly and Longer Repairs" according to this article from 2016), the associated noted, quoting various bits. This page says "high-end cars have as many as 100, and they’re accompanied by 60 to 100 different electronic sensors..."

And these parts are controlled by computers: "Engine control, Exhaust control, Heating/cooling, Fuel pump, Water pump, Transmission, Power steering, Brakes, Traction control, Airbags, Collison warning, Parking assist, Backup monitoring, Door and trunk locks, Power windows, Climate control, Power seats, Wipers, Charging system, Interior lighting, Brake lights, turn signals, Headlamps/daytime running lamps, Navigation, Car audio, and GPS..."

And "add side- and rear-view mirrors to that long list above," our associate noted.

"There are security/safety implications, as we covered earlier this year (in summer)..."Remember that these are all proprietary, some go decades back, but now they get connected to the Internet and more (e.g. Bluetooth connectivity with another device, which may be compromised). So some are connected less directly to the Net, e.g. their local (car) mother ship, which is in turn controlled by a bigger mother ship (vendor/government/cracker).

There are security/safety implications, as we covered earlier this year (in summer), and articles like "How a Hacker Could Hijack Your Car While You Drive" (Tom's Guide) that deal with the main question.

"It's largely ignored because, as mentioned, car fans see the vehicle as a physical object still when in reality most of it is software," our associate said. "Yes, all proprietary and restricted so as to lock out independent repair shops and mechanics. There was a lot of attention to this about 10 years ago in the various security conferences. Then a burst of information as some of the embargoes were lifted. I presume the quietness on that front means that more of the researchers are under NDAs again. Shmoocon, DefCon, and BlackHat usually have automative tracks."

We hope the conversation will be resumed and extended to the Free software world. We need to do more to highlight the dangers and tackle the problem.

"General-purpose computing is niche nowadays," our associate said, "and that niche has been shrinjing. The multinationals also appear to be aiming to eliminate it eventually. UEFI, TPM, DRM etc..."

"We hope the conversation will be resumed and extended to the Free software world. We need to do more to highlight the dangers and tackle the problem."Well, almost nobody covers these issues, so it's a vacuum we can fill in the coming weeks/months. We invite groups like the FSF (even SFC and OSI) to do the same.

More than a decade ago we still saw people saying that software was eating the world (citing famous old words), but nowadays people talk about "apps" and "clown computing" and all sorts of other nonsense. Not too long ago an article entitled "How Software Is Eating the Car" was published in IEEE Spectrum. To quote: "Predictions of lost global vehicle production caused by the ongoing semiconductor shortage continue to rise. In January, analysts forecast that 1.5 million fewer vehicles would be produced as a result of the shortage; by April that number had steadily climbed to more than 2.7 million units, and by May, to more than 4.1 million units. The semiconductor shortage has underscored not only the fragility of the automotive supply chain, but placed an intense spotlight on the auto industry’s reliance on the dozens of concealed computers embedded throughout vehicles today."

Get ready for some numbers that are more recent: "The company further predicts that each new car today has about $600 worth of semiconductors packed into it, consisting of up to 3,000 chips of all types."

"The IEEE article above speaks of "7,000 external signals", "120 ECUs" and so on. They say "Electronic Control Unit" (as euphemism for a computer)."Up to 3,000.

As our associated noted, "security has to be part of the design process, but it hasn't been, thus we end up with not just CAN but with everything integrated with it."

The IEEE article above speaks of "7,000 external signals", "120 ECUs" and so on. They say "Electronic Control Unit" (as euphemism for a computer).

In the next part we'll continue this discussion. One growing concern is, the lobbyists of car-making giants are trying to pass new laws mandating all sorts of things which eventually take "old" or "dumb" cars off the road (even if some manufacturers produce new alternatives that opt out of this whole mess).

Recent Techrights' Posts

[Meme] Python Knows Its Bosses
Microsoft strings attached
[Meme] Debt of About $20 Per Active User
Facebook isn't laying off tens of thousands for "efficiency" but for survival
 
The "Luddite" Complex
Sometimes simplest is best and sometimes "modern" is designed not with the buyers' interest in mind
SCO's Darl McBride Dead at Age 64
There's hardly any information about it, except we know he reached bankruptcy and 3 years later he died at a relatively young age
The 'Turning-Free-Code-Proprietary Foundation' (Linux/Microsoft Foundation)
LF will basically become just as sinister as its corporate sponsors
Python Software Foundation is 'Cancel Culture' Rehomed
Python isn't grassroots and it doesn't really tolerate grassroots
DeVault "Closes Down His Mailing Lists Every Time There's a Scandal" and Also Censors Messages
Censorious code hosting platform
What Social Control Media Really Is
Social Control Media, in a nutshell, isn't just bad if its controller is some foreign or hostile nation
Taking Ethics Lectures From Drew
Projection tactics
Links 02/11/2024: Facebook Stock Falls (Soaring Debt), Apple’s Quarterly Profit Down
Links for the day
Gemini Links 02/11/2024: Burnout, Emacs Bookmarks, and Smooth Migration
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 01, 2024
IRC logs for Friday, November 01, 2024
Facebook's Debt Has Soared to All-Time High of Nearly 50 Billion Dollars
But the corporate media pretends all is well (while mass layoffs continue and slop takes over the social control media)
Geminispace Makes It Past 4,200 Capsules on November 1st
At last!
Links 01/11/2024: Election Interferences by X/Twitter/Musk, Strava as Espionage Tool
Links for the day
The October 2024 Web Server Survey Shows a Further Collapse for Microsoft in the Servers Market
Microsoft experienced the next largest loss of 699,464 sites (-3.45%)
Gemini Links 01/11/2024: TLS Sucks, twytere.com Announced
Links for the day
Links 01/11/2024: Few Things Are Cheaper Than This Antenna and "Nothing Lasts Forever"
Links for the day
Technology: rights or responsibilities? - Part V
By Dr. Andy Farnell
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 31, 2024
IRC logs for Thursday, October 31, 2024
R.T.O. is Another Name (or Acronym) for Voluntary Layoffs
Amazon is trying to get many workers to leave on their own
Microsoft's Acquisition of Activision (to Fake Revenue Growth by Buying Revenue) Was a Failure
Of course the mass layoffs at Microsoft aren't just a Microsoft thing
Stagnant, Shrinking Businesses and "IBM's Corporate Culture Since the Late 1980s... Over 35 Years."
Recently, IBM was using share price as a talking point, insisting the company was doing OK while tens of thousands were being laid off
Links 01/11/2024: World News, Political Catchup
Links for the day
[Meme] Probably the Worst Possible Time to Get Information From Social Control Media
Musk does not want to prevent disinformation from spreading and the same is true for Facebook and TikTok; they have their own interests
Update on Litigation Against the European Patent Office (EPO) at the ILO Administrative Tribunal (ILOAT)
Rewards and compensation for staff have long fallen, resulting in many experienced colleagues leaving and causing further declines in quality and compliance
Gemini Links 31/10/2024: NNCP, Declutter the Web, Cost of Community
Links for the day
Links 31/10/2024: Supermicro Plummets 33%, Block and Dropbox Mass Layoffs
Links for the day
Links 31/10/2024: Environmental Anxiety, Profound Changes in Hardware Market
Links for the day
Links 30/10/2024: TSMC Concerns and North Koreans in Ukraine War
Links for the day
Facebook is for Zombies
Social control media is for fools
Microsoft Now Has $235,290,000,000 in Liabilities, They Grow Over Time in Spite of Mass Layoffs (So Expect More Layoffs)
expect more mass layoffs
Links 31/10/2024: DST Woes, War Updates, Amazon RTO Backlash
Links for the day
Gemini Links 31/10/2024: Attention Economy and Gemlogs
Links for the day
Happy Halloween
October is nearly over
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 30, 2024
IRC logs for Wednesday, October 30, 2024
For the Record: Linux is Controlled by the United States of America
"This is going to make many question the openness and inclusivity of the work done by Linux Foundation"
Microsoft: XBox Hardware Revenues Down About 30% (Ignore the Buzzwords and Activision Activity Dressed Up as "XBox")
For context, in a previous quarter XBox hardware sales were down by about 50%
Cooking the Books With "Cloud" And "AI" Was Not Enough to Fool Microsoft Investors
"Microsoft Shares Drop on Disappointing Azure Growth Forecast"