Although I have no personal experience with it at present, my understanding is that the FCA security gateway is trivially easy to bypass with an inexpensive piece of hardware.
-Uwe-
Vehicle Diagnostic Protection SFD
- Thread starter Andymod
- Start date
-Uwe-
jifejur
New Member
Yes that is true for most FCA cars (Dodge they are better hidden). But for the work i do this is not an option as we do remote diagnostic :-)
- Joined
- May 16, 2014
- Messages
- 5,469
- Reaction score
- 5,935
- Location
- Melbourne, Australia
- VCDS Serial number
- C?ID=194404
@jifejur: Thanks - I guess my most immediate problem with the MA proposal is that it appears to contemplate a local law - I think. Now, without wanting to demean the importance of this doubtless great province (I've never been to MA), even if the legislation is enacted and assuming that it can be extended to apply to SFD - how does it operate in practice?
For example, if I owned a SFD encrusted vehicle, or a Tesla and I lived in Hartford, say (which is in the neighboring state of Connecticut) - what is the status of my car? I assume that the MA legislation is just that; it applies only in the State, or perhaps it may even apply to the wider New England region. But I suspect that MA laws don't obligate behavior elsewhere in USA.
If I'm correct, how do car manufacturers comply with these localized laws - clearly it would be fiscally impractical for Tesla (or, for VAG) to create a solution for just the MA law. Or will such piece-wise legislation have a perverse effect - meaning that these cars simply won't be introduced into the NAR market, at all?
Don
For example, if I owned a SFD encrusted vehicle, or a Tesla and I lived in Hartford, say (which is in the neighboring state of Connecticut) - what is the status of my car? I assume that the MA legislation is just that; it applies only in the State, or perhaps it may even apply to the wider New England region. But I suspect that MA laws don't obligate behavior elsewhere in USA.
If I'm correct, how do car manufacturers comply with these localized laws - clearly it would be fiscally impractical for Tesla (or, for VAG) to create a solution for just the MA law. Or will such piece-wise legislation have a perverse effect - meaning that these cars simply won't be introduced into the NAR market, at all?
Don
Correct, it doesn't. However, manufacturers generally don't want to make cars or control modules for specific state markets, so I think chances are good that if they choose too do this in Massachusetts (as opposed to withdrawing from the market there, which is of course another choice they have), they will do it nationwide.
-Uwe-
- Joined
- Jan 30, 2014
- Messages
- 3,183
- Reaction score
- 5,163
- Location
- Near Philadelphia, PA, USA
- VCDS Serial number
- --------
During the first round of Right to Repair, it's was the movement in Massachusetts that prompted the OEs to get on board with making factory information available to the aftermarket repair businesses at an "affordable" price. Massachusetts was about to enact law in response to public sentiment that would force the OEs to provide said tech information to MA repair facilities - I think it was at no cost - but don't hold me to that as I have not looked it up. The pressure by the Massachusetts' legislature brought many of the aftermarket societies to the table to force the OE's hands for their paying members. The end result was a compromise worked out and none received what they wanted but all could live with the the compromise. Positive legislation in action. That was about 10 years ago.
I suspect that the Right to Repair coalition is working in the same way with the SFD problem. Again, the aftermarket guys are forced to buy the dealer tool in order to repair the cars. That was the crux of the last round - the dealer tool was too expensive for the average repair shop in the US with sales income of a half million ($). (Of the 200,000 repair facilities in the US, 80+% have sales of a half million or less. Most have to repair all brands or they do not survive. So, if they have to buy the factory tools to perform these repairs, they had a large nut to pay plus annual subscriptions.) The compromise was that the OEs had to provide an online solution using a common tool. The J2534 pass-through tool became the solution. Subscription costs were initially low but creeped up over time.
SFD was implemented by the OEs to stop real time hacking of the car, a huge fear of the traffic safety officials. The OEs had to respond to the scares of someone hacking a car and taking it over while it was operating. The MA Right to Repair move will likely result in an aftermarket solution that will not favor one side or the other. A solution will be found and the organizations will work toward that solution. In the mean time, the sabres will rattle for it is the public pressure that forced the OEs to the table along with the public officials.
I suspect that the Right to Repair coalition is working in the same way with the SFD problem. Again, the aftermarket guys are forced to buy the dealer tool in order to repair the cars. That was the crux of the last round - the dealer tool was too expensive for the average repair shop in the US with sales income of a half million ($). (Of the 200,000 repair facilities in the US, 80+% have sales of a half million or less. Most have to repair all brands or they do not survive. So, if they have to buy the factory tools to perform these repairs, they had a large nut to pay plus annual subscriptions.) The compromise was that the OEs had to provide an online solution using a common tool. The J2534 pass-through tool became the solution. Subscription costs were initially low but creeped up over time.
SFD was implemented by the OEs to stop real time hacking of the car, a huge fear of the traffic safety officials. The OEs had to respond to the scares of someone hacking a car and taking it over while it was operating. The MA Right to Repair move will likely result in an aftermarket solution that will not favor one side or the other. A solution will be found and the organizations will work toward that solution. In the mean time, the sabres will rattle for it is the public pressure that forced the OEs to the table along with the public officials.
I don't think so. How does real-time hacking work? Not by plugging a scan-tool into the car's diagnostic socket! It happens via the constantly network-connected "telematics" crap that the OEMs insist on pushing! If SFD existed to prevent real-time hacking, it would cordon off the telematics and infotainment system from the rest of the vehicle, not block access to diagnostic functions via the diagnostic port!
See also:
https://forums.ross-tech.com/index.php?threads/24641/#post-212787
-Uwe-
- Joined
- Feb 12, 2020
- Messages
- 39
- Reaction score
- 10
- Location
- Victoria, Australia
- VCDS Serial number
- C?ID=370869
Correct! I work for an OEM and all the diagnostics are fully functional including clearing DTCs but there’s no access or limited access to coding and programming. But there a simple tricks that one can do to bypass the system.
- Joined
- Feb 12, 2020
- Messages
- 39
- Reaction score
- 10
- Location
- Victoria, Australia
- VCDS Serial number
- C?ID=370869
For modules that are part of the OBD port, unplug the harness connector behind it then make up an OBD breakout cable. Sorry I cannot give more details there's no clarity weather this falls under IP or not.
That sounds like a feasible strategy for manufacturers that do their "security" in the diagnostic gateway that sits between the OBD port an the cars internal networks. FCA is an example of this, see post #41. But VAG is taking a rather different approach, where "security" (aka dealer profit protection) appears to be done in the individual modules, and no amount of cabling mods are likely to get around that.
-Uwe-
- Joined
- Jun 24, 2014
- Messages
- 867
- Reaction score
- 1,081
- Location
- Swansea, UK
- VCDS Serial number
- C?ID=57030
Maybe there should be a mouse-over tip on the forums for "security" in quotes - I'd suggest "profit" or "money-grabbing"
Here is an interesting update posted over on the OBD11 forums which might explain the sudden change (its in german so I have the translation below):
www.herstellerdiagnose.eu
"Starting in 2020, the OBD interface on new vehicles will be gradually closed with the introduction of a so-called security gateway. Fiat is a pioneer in this area, and VW (Protection of Vehicle Diagnostics - SFD) and Daimler (Seed & Key) will follow suit in the coming years.
As more and more advanced driver assistance systems (ADAS) are finding their way into cars, every intervention in the vehicle software becomes a liability risk for the vehicle manufacturer. After all, after an accident, if in doubt, he has to answer to the court for why his systems are not working properly and have caused property damage or even personal injury. When many new driver assistance systems become mandatory across the EU in 2022 at the latest, things will get serious for manufacturers. As a result, it is no wonder that they only grant authorized companies and persons access to the vehicle systems, but also want to understand who has worked on a vehicle.
The only technically functioning solution for the new and old hurdles in legally compliant work in the workshop is the manufacturer diagnosis. The authorization as well as the necessary technical releases and programming rights are already included in full. The OBD interface is therefore not closed for workshops that work with manufacturer diagnostics!"
Herstellerdiagnose.eu
Originalherstellerdiagnose, Original Hersteller-Diagnose, Original-Herstellerdiagnose, ODIS, XENTRY, ISTA
www.herstellerdiagnose.eu
"Starting in 2020, the OBD interface on new vehicles will be gradually closed with the introduction of a so-called security gateway. Fiat is a pioneer in this area, and VW (Protection of Vehicle Diagnostics - SFD) and Daimler (Seed & Key) will follow suit in the coming years.
As more and more advanced driver assistance systems (ADAS) are finding their way into cars, every intervention in the vehicle software becomes a liability risk for the vehicle manufacturer. After all, after an accident, if in doubt, he has to answer to the court for why his systems are not working properly and have caused property damage or even personal injury. When many new driver assistance systems become mandatory across the EU in 2022 at the latest, things will get serious for manufacturers. As a result, it is no wonder that they only grant authorized companies and persons access to the vehicle systems, but also want to understand who has worked on a vehicle.
The only technically functioning solution for the new and old hurdles in legally compliant work in the workshop is the manufacturer diagnosis. The authorization as well as the necessary technical releases and programming rights are already included in full. The OBD interface is therefore not closed for workshops that work with manufacturer diagnostics!"
- Joined
- Jan 30, 2014
- Messages
- 3,183
- Reaction score
- 5,163
- Location
- Near Philadelphia, PA, USA
- VCDS Serial number
- --------
Lawyer speak.. Sounds just like the arguments made during the time of the first "Right to Repair" movement. "Only professionals should have access to key information for the repair of the automobiles." and words of the same...
By professional, VAG is assuming only their workshops are professional enough to work on these systems - and I accept that with ADAS, they may have a point initially. Eventually, the work has to be in the main stream of repair. Else, the dealer work shop network will be so overloaded with need for repair that their customers will be without their car for long periods or will driving an unsafe car. That will lead to other legal hassles for them.
The OBD interface was intended for emission related systems only. VAG has always prevented other systems from being accessed by OBD. Whomever wrote the above quoted piece does not have their facts straight. OBD devices could not access any ADAS component. Only through the VAG protocols could such be reached. Now the SFD gateway is blocking aftermarket VAG capable devices from speaking to such systems.
I think Mike may have it right: "profit" or "money-grabbing". They want all the ADAS work themselves - they want all of the work done in their controlled workshops. It may reduce their liability to have all work done there. I doubt that will be the case. Eventually the courts will say that the systems were designed to be maintained and if they are maintained to spec, then the liability remains with the manufacturer. At issue will be whether or not aftermarket repair work shops can maintain a vehicle to spec. (Given my experience at dealer workshops, I am not certain they are able to maintain a vehicle to spec.)
By professional, VAG is assuming only their workshops are professional enough to work on these systems - and I accept that with ADAS, they may have a point initially. Eventually, the work has to be in the main stream of repair. Else, the dealer work shop network will be so overloaded with need for repair that their customers will be without their car for long periods or will driving an unsafe car. That will lead to other legal hassles for them.
The OBD interface was intended for emission related systems only. VAG has always prevented other systems from being accessed by OBD. Whomever wrote the above quoted piece does not have their facts straight. OBD devices could not access any ADAS component. Only through the VAG protocols could such be reached. Now the SFD gateway is blocking aftermarket VAG capable devices from speaking to such systems.
I think Mike may have it right: "profit" or "money-grabbing". They want all the ADAS work themselves - they want all of the work done in their controlled workshops. It may reduce their liability to have all work done there. I doubt that will be the case. Eventually the courts will say that the systems were designed to be maintained and if they are maintained to spec, then the liability remains with the manufacturer. At issue will be whether or not aftermarket repair work shops can maintain a vehicle to spec. (Given my experience at dealer workshops, I am not certain they are able to maintain a vehicle to spec.)
I am totally with you on this, just figured I would share this as I have been watching this unfold (been using VCDS for 10+ years so quite annoyed of the sudden change). From what I understand, this was a ruling made in the EU which was lobbied heavily by BMW, VW AG, Daimler, and at least one other company back in 2018. Usual big corp fashion, they were saying the same things as what John Deere is saying: "the consumer will become a danger to themselves if they work on the "overly complex" electrical and computer systems on the tractor".... All BS to me. Say we have electric parking brakes. They really NEED us to head to a dealer in order to retract the calipers rendering us as owners locked out from replacing our own brakes correctly?
Lets hope that this never affects us in the US and it is only a EU law (which I also hopes gets overturned soon).
- Joined
- Jan 30, 2014
- Messages
- 3,183
- Reaction score
- 5,163
- Location
- Near Philadelphia, PA, USA
- VCDS Serial number
- --------
Was not criticizing you for posting.. more was criticizing the content in the quote marks. That writer has no clue what the issues may be. Instead, the writer pens the words others have told them to state.
- Joined
- May 16, 2014
- Messages
- 5,469
- Reaction score
- 5,935
- Location
- Melbourne, Australia
- VCDS Serial number
- C?ID=194404
@lijetta18t : Thomas-Hi. I know you won't be offended -but I never cease to be amazed at the positivity of Americans!
I share your hope that US cars won't be infected with SFD protocols (i.e. the automobile industry's equivalent of COVID) - but I suspect that it will mean that Golf mk8's and other new models will be a long time coming to your shores - maybe?
If I'm wrong, do you think that Australia could become the 51st State of America (even if it means that we need to drive on the wrong side of the road)?
Don
No worries!
@lijetta18t : Thomas-Hi. I know you won't be offended -but I never cease to be amazed at the positivity of Americans!
I share your hope that US cars won't be infected with SFD protocols (i.e. the automobile industry's equivalent of COVID) - but I suspect that it will mean that Golf mk8's and other new models will be a long time coming to your shores - maybe?
If I'm wrong, do you think that Australia could become the 51st State of America (even if it means that we need to drive on the wrong side of the road)?
Don
Hey Don! Finally created an account on here.
I know that the Mk8 is slated to be offered in the US/CA for the 2022 MY so I guess we shall see when that time comes but I am not nearly as hopeful as I sound. The 2021 Mk7.5s are still being sold here for the time being and, besides some coding oddities I hear about (never coded anything newer than 2019 yet), seems like it is still business as usual here. I still think that 2019/2020 is the newest VWs I will ever own at this point unless something changes for the better.
- Joined
- May 16, 2014
- Messages
- 5,469
- Reaction score
- 5,935
- Location
- Melbourne, Australia
- VCDS Serial number
- C?ID=194404
@lijetta18t: Thomas - Just to extend the debate a little further, I read the following hypothesis this morning on another forum:
I reckon that it's drawing a bit of a long bow to make too strong a connection between the 2 x facilities, but the link does expose some of the VAG Board's strategic thinking about forward direction of the company - IMO of course!
And, the pay-as-you-go philosophy does raise some fairness questions (not that "fairness" is a business construct); does the car owner pay for any portion of the extra smarts that are fitted to the car to enable the "function on demand" facilities in the initial purchase - or are these costs (i.e. CAPEX +OPEX) fully recouped in the subscription fees? I hope the latter - but I guess the buyer will never know !
Don
rickny said:
I reckon that it's drawing a bit of a long bow to make too strong a connection between the 2 x facilities, but the link does expose some of the VAG Board's strategic thinking about forward direction of the company - IMO of course!
And, the pay-as-you-go philosophy does raise some fairness questions (not that "fairness" is a business construct); does the car owner pay for any portion of the extra smarts that are fitted to the car to enable the "function on demand" facilities in the initial purchase - or are these costs (i.e. CAPEX +OPEX) fully recouped in the subscription fees? I hope the latter - but I guess the buyer will never know !
Don
- Joined
- May 27, 2017
- Messages
- 3,334
- Reaction score
- 2,083
- Location
- Finland
- VCDS Serial number
- C?ID=280813
Don, I think you're right here. For VW Golf 8 they're already selling features after market that we have normally used to just enable with coding. One being high beam assist. That is a feature you can buy FROM the car infotainment's online services and the feature is then activated OTA.
So VW has sniffed the retrofit profit potential and have blocked that from the community so they can make money out of it.
In the future we will see more and more of these subscription or one time payment type of additions to the features. One could be that for example seat heaters would be a subscription based feature. If you don't pay, then your ass is not getting warm
So VW has sniffed the retrofit profit potential and have blocked that from the community so they can make money out of it.
In the future we will see more and more of these subscription or one time payment type of additions to the features. One could be that for example seat heaters would be a subscription based feature. If you don't pay, then your ass is not getting warm
Oh man.... Well, that is irritating... It certainly does sound like they are money grabbing now.