When two security experts managed to hack into a Jeep Cherokee remotely in 2015 and take control of the car at full speed, it was a shock. Not just for the manufacturer Fiat Chrysler, but for the automotive industry as a whole. Just a year later, the IT specialists once again managed to hack a Cherokee. Not via the infotainment system this time, but via the OBD 2 interface. The controlled attacks showed clearly how susceptible modern cars can be to hacking attacks. The car manufacturers reacted by starting to protect the interfaces of their vehicles, and blocking out the “independent aftermarket” and independent vehicle workshops at the same time.
The unbridled flood of electronic systems in new vehicles and their increasing connectivity is resulting in an increasing number of systems potentially susceptible to attacks: Via interfaces such as Wifi, Bluetooth®, keyless systems or the OBD 2 connector, hackers now have a wide range of options for accessing the electronics in passenger cars. And the more electronics, the more networked systems a vehicle has, the higher the potential danger.
Encrypted interfaces make work more difficult for independent workshops
Fiat Chrysler was the first automotive manufacturer to react with so-called security gateways. This is a kind of "firewall for cars", which is intended to make hacker attacks more difficult. But hackers are not the only ones whose work is made more difficult by these developments. The encrypted access points also cause issues for independent workshops.
Although the EU directive 2018/858 makes it compulsory for car manufacturers to grant independent repair shops access to repair and maintenance records free of charge, one side effect of the encrypted security gateways is that independent vehicle workshops are shut out, because conventional multi-brand diagnostic devices can no longer access maintenance and diagnostic data.
However, the OBD interface is still an important basis for diagnostic, maintenance and repair work. Furthermore, vehicle and aftermarket experts have been warning of a possible vehicle data monopoly among car manufacturers for years now, which would enable car manufacturers to direct repair and maintenance jobs into their own contracted workshops. As connectivity increases, the manufacturers' influence is likely to increase even more.
The EU directive 2018/858 stipulates security certificates or authentication processes
The crux of the above-mentioned EU directive 2018/858: It requires car manufacturers to protect access to technical information and diagnostic data through security certificates or special authentication processes. “Unfortunately, there is no consistent specification for these certificates or authentication processes," criticises Harald Hahn, Vice President of the Association of Workshop Outfitters (ASA). “This has resulted in a proliferation of different manufacturer-specific authentication mechanisms that make access to vehicle information more difficult, especially for suppliers in the IAM."
Starting with Fiat Chrysler, Hyundai, Kia, Renault, Nissan, Mercedes-Benz, as well as Volkswagen and Audi, are now only granting limited OBD access for some of their vehicles, according to a report by amz. It can also be assumed that all new model series in approval will be equipped with this mechanism sooner or later.
How workshop outfitters and diagnostic device manufacturers are reacting to the problem
To continue to give customers access to diagnostic access points, various diagnostic device manufacturers and workshop outfitters are working on their own solutions: Using adapters or special diagnostic devices, it is possible to access repair and diagnostic data with a special security key. In most cases, however, workshops have to register on the servers of the corresponding car manufacturers first.
In a guest comment in "Krafthand" (1-2/2020), GVA President Hartmut Röhl warns of a chaos situation with numerous different solutions: “There must be a uniform standard for read and write access via OBD interfaces, which is followed by all vehicle manufacturers and enables fair competition”.
Incidentally, one party is often forgotten when discussing access to vehicle data. And it's an important one: the driver. After all, drivers should be able to decide what happens to their data and who is granted access to this data. And if they choose to have repair or maintenance carried out at an independent workshop, this service should also be possible. Without any difficulties.
Diagnostics on demand from Herth+Buss
Incidentally: The exclusive diagnostic solution "Diagnostics On Demand" from Herth+Buss provides dealers and workshops with the ideal diagnostic solution for easy programming and coding of electrical vehicle systems, for example. This is a cloud-based app, where no local installation is required on a workshop computer. The app establishes an online connection between the vehicle and the Herth+Buss diagnostic team. In addition, Herth+Buss can assist workshops with troubleshooting with the help of the diagnostic device if complex faults in the electronics have to be diagnosed.