汽车 > 车联网博客



Security Storm May Bring Port Closure

by Roger Lanctot | 8月 27, 2015

A growing population of automakers is quietly calling for the shutdown of the on-board diagnostic (OBDII) port in passenger vehicles. Car makers would prefer that these interfaces be switched off while vehicles are in operation primarily for security reasons and to preserve the integrity of vehicle operations.

Conceived for diagnostic purposes but later required for emissions testing by the California Air Resources Board, these under-dash ports are increasingly being used for aftermarket applications for everything from usage-based insurance to vehicle maintenance and social networking. What is new, though, is accessing the port during vehicle operation.

By plugging devices into the diagnostic port which the car is in operation, aftermarket device makers have found a way to evaluate and monitor vehicle performance in real time. This monitoring has allowed for the tracking of vehicle driving behavior along with vehicle performance and the status of diagnostic codes.

Some aftermarket players have taken it a step further by adding Bluetooth connectivity to smartphones and/or cellular connections enabling remote access to vehicle functions such as door locks, headlights, windshield wipers, or the ignition. Throughout all of this new devices continue to come on the market putting the onus on car makers to test the devices as they arrive – particularly in the context of their potential for compromising vehicle performance or security.

This aftermarket proliferation is attracting investment as well thanks to the hundreds of millions of cars already on the road with OBDII ports. Multple aftermarket companies have lassoed 10s of millions of dollars to explore this budding market opportunity.

Mojio, Zubie, Automatic, Automile, Vinli and more. The list grows every day. Yesterday, Verizon added Hum to its two existing aftermarket OBDII plug ins for telematics services, roadside assistance and vehicle diagnostics.

The attraction for carriers such as Verizon (and AT&T and Telefonica and Vodafone) is to tap into the massive existing fleet of cars with OBDII ports and no built-in telematics systems. The marketing pitch is the promise of turning 20-year-old cars into connected cars.

With car makers getting sued for hacking vulnerabilities and, most recently, for remote start-related fatalities, the pressure is growing to disable the OBDII ports during vehicle operation. Such a move is not ruled out under the 150-page CARB specification which now stands as a global standard for OBDII port fitment. (http://tinyurl.com/qecc25a - Malfunction and Diagnostic System Requirements - 2004 and Subsequent Model-Year Passenger Cars, Light-Duty Trucks, and Medium-Duty Vehicles and Engines.)

Car makers know the OBDII port must remain open and unprotected to enable repair shops the ability to tap into vehicle diagnostic codes. Independent repair shops have fought for the right to access vehicle codes along with access to the means to interpret those codes. This ability is protected under so-called “right to repair” laws in the U.S. and similar legislation in Europe and elsewhere.

But, the OBDII port was originally only intended for emissions testing. Car makers later chose to adopt the same port for a broader range of vehicle diagnostic purposes rather than introduce a second, proprietary port.

Autocyb OBDII locking device.

There are products available for consumers to secure the OBDII port from criminals including a locking device from a company called Autocyb and a port securing add-on that has been shown in prototype form at industry events by security firm Argus.

But if car companies decide to shut off the functions of the OBDII port during vehicle operation it will nip the nascent OBDII market in the bud. Most of these devices and their applications – though not all – are dependent upon real-time access to vehicle data.

No formal proposals have yet been made by any individual car maker. But the car companies currently considering this proposition represent the largest automakers in the world. And with hysteria around vehicle security growing it is not likely that these companies will tolerate the presence of a built-in vehicle vulnerability indefinitely.

Previous Post: MDOT's Not So Smart Highway | Next Post: Is WeChat Ready for Its Automotive Closeup?
Leave a comment