So I agree, but my question next is what cars are you finding that meet this standard? Networks show up in cars quite early, not sure how far back I’d have to go to buy one that is suitably off grid.
I own a 1999 Mercedes-Benz E300 turbodiesel and a 1995 Toyota Land Cruiser. Both of these vehicles are modern, computerized machines with electronic engine management, airbags, and computer controlled transmissions. Neither of them have any need for "software updates" nor do they have any way to do so. They both have OBD-II interfaces, and the Benz has a proprietary interface as well. I'll be sticking with these vehicles for as long as it takes for the current complexity fetish to subside. If that means never buying another vehicle that's fine by me :)
My plan for the Land Cruiser is to install the engine and transmission from an early 2000s Mitsubishi Fuso. This will entail grafting the ECU and TCU from the Fuso into the Cruiser's wiring harness, and doing some transmission modifications to hook up the tailshaft to the Toyota transfer case. Should just about double fuel economy and improve driveability. I can't think of any reason I'd buy a newer vehicle, the "improvements" they offer just aren't worth the cost.
> Neither of them have any need for "software updates" nor do they have any way to do so.
Pretty sure they could get firmware updates for the ECU and TCU. There's probably somebody doing ECU tunes for more power / better efficiency / better noises, even if that's just tweaking the tables ajd even if there are no factory software updates. Electronicly controlled transmissions often have some updates available over their early service life, even if they're not well publicized or pushed. ODB-II is commonly used for that, although maybe the 1995 would need modules removed and rom chips replaced.
Yes, and there are aftermarket standalone transmission and engine controllers available. Another thing people do is stick another node in the CAN network which intercepts packets and rewrites them. But what I meant is that the cars, when they were shipped, were done. Like, they struck the right balance between features and complexity s.t. the product that was shipped was complete. That's the kind of equipment I like to depend on, not something that's a constant experiment.
Are they fully reflashable or can be just parameter adjusted? I have a random power steering ECU, it came with a mask ROM variant of a Fujitsu MPU. Having a microcontroller != having a field malware programmable micro.
> nor do they have any way to do so. They both have OBD-II interfaces,
You sure about that, at least if someone has direct access to your car I'm guessing they could very easily clip something on that could control the car under particular conditions.
Sure they could plug a device which sniffs or rewrites CAN frames right into the OBD-II port or the 38 pin port on the Benz. I have done so myself even. I'm not worried about it one bit. Someone would have to specifically want to target me, and if they have access to my car they also have (much easier) access to my house. I am not worried about that either.
Look, if you want to really mess up a car all you need is a pair of needle nose pliers. Locate the brake lines where the hard line meets the soft line going to each caliper, and squash each hard line to crack it just enough that fluid starts to slightly weep out. When the driver first steps on the brakes in earnest the fluid will flow out, and eventually (maybe 5-10 braking events later) the brakes will no longer work.
Again, my threat model does not include someone targeting me specifically. If someone wants to hurt me or vandalize my property they're not gonna do it by writing some esoteric computer program. If you connect your car to the Internet the threat model needs to expand to include "bulk" attacks, which I suspect are actually much more likely.
Got it, so you accept the risk of local access and poorly segmented canbus and maybe access via complex RF style-hacks more or less, but remove the software, wifi, cell and presumably Bluetooth threat models. That makes sense to me.
I also have a simple downgrade path to a fully mechanical vehicle. On the Benz replace the injector pump with a mechanical one and the transmission with an older hydraulically controlled automatic or manual. Similar options available on the Toyota.
But really the "threat model" is about complexity, not malice. I'm not worried someone will try to hack my car. If they manage it, good on them. I am worried about a manufacturer preventing me from maintaining my cars. Newer cars are so tightly locked down that maintenance is unnecessarily difficult.
On grid cars don't tend to stay that way. My 2013 Ford was built with a 2g modem, a recall replaced that with a 3g modem, and now the 3g modem has no one to talk to. My 2017 Chrysler also has a 3g modem with no one to talk to.
A malicious person could standup a fake 3g network, I guess. But LTE has strong mutual auth, so cars with 4g modems will be very hard to attack once 4g is dead. OTOH, 4g and 5g can more easily coexist: as I understand it, 5g can run with 4g compatible control protocol, with some slots 4g and some 5g depending on the needs of the mobile stations nearby, 2g and 3g needed a block allocated, so once the minimum size block was no longer well utilized, it's a waste of spectrum. This may mean 4g is kept alive a lot longer than 2g/3g.
