Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Security Transportation Hardware

How To Hack a BMW: Details On the Security Flaw That Affected 2.2 Million Cars 83

0x2A (548071) writes BMW recently fixed a security hole in their ConnectedDrive software, which left 2.2 million cars open to remote attacks. Security expert Dieter Spaar reverse engineered the system and found some serious flaws [note: if you'd prefer English to German, try this translation], including using the same symmetric keys in all vehicles, not encrypting messages between the car and the BMW backend or using the outdated DES.
This discussion has been archived. No new comments can be posted.

How To Hack a BMW: Details On the Security Flaw That Affected 2.2 Million Cars

Comments Filter:
  • by Anonymous Coward on Saturday February 07, 2015 @07:14AM (#49004831)

    Somehow I don't think the definition of "remote attack" is "disassemble the computer, attach all kinds of expensive hardware to analyze communications and firmware, hack into the firmware to retrieve the encryption keys, so only then you can use a base station emulator to trick the car into thinking your remote machine is a BMW firmware server."

    The "remote attack" requires physical access, specialized skills, and intense hardware interaction. It is not something that some Romanian skript kiddie can pull off from their mom's basement.

    • by Stevie Wonder Boy ( 4006505 ) on Saturday February 07, 2015 @07:19AM (#49004841)
      6,000 cars were stolen this way in London last year. You are wrong. They are selling kits on the ebay that allow you to clone keys.
      • Re: (Score:2, Informative)

        by Anonymous Coward

        I recall this whole BMW research started when BMWs were getting stolen off the drives of their owners with what appeared to be a box
        This video perhaps?:
        https://www.youtube.com/watch?v=HxVO5OVaCkA

        But this was a long time ago, 2012... and BMW still has major security flaws?!

      • by drinkypoo ( 153816 ) <martin.espinoza@gmail.com> on Saturday February 07, 2015 @07:39AM (#49004893) Homepage Journal

        And it's not just BMW, it's for all kinds of makes and models. Hell, you can go to Dealextreme and buy many unlocking tools, just by searching for unlocking tools. And I'm not talking about the kit of stamped spring steel pieces, either.

        • by AmiMoJo ( 196126 ) * <mojo&world3,net> on Saturday February 07, 2015 @08:34AM (#49005025) Homepage Journal

          One of the most common attacks is actually the simplest. The thief waits in the car park with a jammer. Most cars use 433MHz in Europe, penalty 915 in the US. The victim walks away and presses the lock button on their key fob and doesn't notice that the car didn't actually respond. Once inside the thief can use the OBD-II port to steal the car.

          I prefer keyless entry as you press a button on the car to lock it, and even if jammed it will always lock.

          • by mjwx ( 966435 )

            One of the most common attacks is actually the simplest. The thief waits in the car park with a jammer. Most cars use 433MHz in Europe, penalty 915 in the US. The victim walks away and presses the lock button on their key fob and doesn't notice that the car didn't actually respond. Once inside the thief can use the OBD-II port to steal the car.

            I prefer keyless entry as you press a button on the car to lock it, and even if jammed it will always lock.

            I dont walk away from my car until I hear the poorly synchronised clunks of the door locks.

            Not that I'm worried about jammers and MITM attacks (they haven't quite made it to Australia just yet), rather I'm yet to find a key fob that works perfectly every single time. If you're pointing a little bit too far in the wrong direction or your body is in they way enough that it blocks the signal your car fails to lock.

            Almost all cars have a visual signal (normally the indicators flashing) and most cars have

        • Like that time I gave the Libyans a shoddy bomb casing full of used pinball machine parts?

      • by Anonymous Coward

        What I want to know is: Since this is a 'trend' a lot of car manufacturers are headed to, in another couple years where am I going to be able to buy a car that doesn't have all this crap in it? CAN bus is ok to a degree, but I don't want (or need) a bluetooth/wi-fi enabled integrated digital everything car. Give me the old 'needle' speedometer, flipping number manual odometer, etc - I don't want a 'digital display' where everything breaks at once if it dies, I don't need or want my stereo integrating into

        • You won't be able to. Because you aren't paying enough up front for the vehicle, the manufacturer also needs ongoing revenue for as long as the car is being driven. They will get this money by selling your driving habits and vehicle problems to whomever will give them money.

          Hell, the federal gov't will happily go along with this because they want to be able to track your movements in real-time. Because you are a terrorist.

        • by tlhIngan ( 30335 )

          What I want to know is: Since this is a 'trend' a lot of car manufacturers are headed to, in another couple years where am I going to be able to buy a car that doesn't have all this crap in it? CAN bus is ok to a degree, but I don't want (or need) a bluetooth/wi-fi enabled integrated digital everything car. Give me the old 'needle' speedometer, flipping number manual odometer, etc - I don't want a 'digital display' where everything breaks at once if it dies, I don't need or want my stereo integrating into t

    • by _merlin ( 160982 ) on Saturday February 07, 2015 @09:03AM (#49005101) Homepage Journal

      You only need physical access to the Commbox from to a single car to extract encryption keys that can be used to steal many cars. That's the flaw. The cellular base station emulators are readily available.

    • Somehow I don't think

      You could have stopped right there. FTFY

    • Somehow I don't think the definition of "remote attack" is "disassemble the computer, attach all kinds of expensive hardware to analyze communications and firmware, hack into the firmware to retrieve the encryption keys, so only then you can use a base station emulator to trick the car into thinking your remote machine is a BMW firmware server."

      The "remote attack" requires physical access, specialized skills, and intense hardware interaction. It is not something that some Romanian skript kiddie can pull off from their mom's basement.

      The "disassemble the computer" part was only for the initial analysis of how the whole system works. Only one person needs to do this and can then sell the information. With the information from that one single disassembled box, it is possible to remote attack (without physical access other than standing within a couple hundred feet) any other BMW car with the same "connected drive" feature. That is (as described in the article), walk around with the cellular network emulator to trick vulnerable cars to con

  • by Theovon ( 109752 ) on Saturday February 07, 2015 @07:49AM (#49004921)

    A company as big as BMW should be able to hire some security experts, so this should be a bit embarrassing for them.

    But the truth of the matter is, doing security is not easy. Take web programming, for instance. Back when I first learned PHP, I found over and over that whatever design or coding approach seemed most straightforward and intuitive was inherently unsecure. All sorts of escaping and manual insertion of encryption functions are required, and that clutters up the code to the point of making it hard to maintain. I did manage to implement most of it in a common PHP file that I reused over and over again, but there was a huge learning curve, and it was a pain. Since then, people tell me that it's gotten a LITTLE better. For instance, database wrappers generate the SQL queries for you and automatically escape strings. But for the most part, it still sucks.

    If there were a single best book to read on cyber security, then perhaps we'd have fewer problems like what BMW had. But in reality, to get good at it, you have to have a vast familiarity with the literature and tools. You do that much reading, you might as well get a PhD. And my friends with PhDs focusing on security are in academia, not industry, so we get more security papers but not more secure devices.

    • by drinkypoo ( 153816 ) <martin.espinoza@gmail.com> on Saturday February 07, 2015 @07:52AM (#49004925) Homepage Journal

      A company as big as BMW should be able to hire some security experts, so this should be a bit embarrassing for them.

      But the truth of the matter is, doing security is not easy.

      No, the truth of the matter is in your first paragraph. Designing and building a car is not easy. Not making complete fucking moron decisions about security is easy, if you hire someone vaguely competent. BMW decided to skip that step to save a few bucks to ensure nice corporate bonuses, and customers suffered. BMW should be on the hook for each car stolen in this fashion, and have to pay complete replacement value, because they failed to make a good-faith effort at security.

      • by gnupun ( 752725 )

        Not making complete fucking moron decisions about security is easy, if you hire someone vaguely competent.

        But isn't connecting a car to the internet inherently stupid (for the consumer, not the vendor)? The risk of theft and car crashes via hacking are inherent in such a design decision whereas there are few benefits, such as getting updates without visiting the dealer.

        By connecting your car to the internet, billions of people and a few thousands of hackers and govt agents can now gain control of your car,

        • But isn't connecting a car to the internet inherently stupid (for the consumer, not the vendor)?

          Yes, it's both stupid and unnecessary. If I must have a network in my car, then why not just let me download an ISO, burn a CD, and slip it into my CD player? The factory stereo is probably already an MP3 player, and already on the CAN bus, so all the necessary hardware ought to be there. Many cars have a USB port for music now too, so obviously putting the image on a flash drive would be even better. Many Blu-ray players update using this model, and it seems to work fine there.

          But with that said, these guy

        • It's like connecting your toaster to the internet -- pointless and not very useful.

          Not useful? With this toaster running NetBSD [embeddedarm.com] you can program all the toaster's features remotely.

          • At some point, you still have to walk over to the toaster to put the bread in it. While you're there, it's not a big deal to program the toaster by twiddling a few knobs or pushing a button or two. You also have to be there to remove the toast when its down. A toaster running NetBSD is still a cool project, but that doesn't mean it's really useful.

            • At some point, you still have to walk over to the toaster to put the bread in it. While you're there, it's not a big deal to program the toaster by twiddling a few knobs or pushing a button or two. You also have to be there to remove the toast when its down. A toaster running NetBSD is still a cool project, but that doesn't mean it's really useful.

              Good points all, though, I was actually being sarcastic - sorry. Personally, I never run anything in the kitchen, or at home in general, that can easily catch itself or something else on fire w/o supervision.

        • But isn't connecting a car to the internet inherently stupid (for the consumer, not the vendor)? The risk of theft and car crashes via hacking are inherent in such a design decision whereas there are few benefits, such as getting updates without visiting the dealer.

          ...

          It's like connecting your toaster to the internet -- pointless and not very useful.

          Right. There is no conceivable use case to connect a car to the internet. Current traffic conditions and best route information for current conditions? What use is there for that? Streaming music? Who would want that? Automated reporting of accidents when the occupants are non-responsive? What a dumb idea, right?

          • Right. There is no conceivable use case to connect a car to the internet. Current traffic conditions and best route information for current conditions? What use is there for that? Streaming music? Who would want that? Automated reporting of accidents when the occupants are non-responsive? What a dumb idea, right?

            The only part of that which requires communications with the rest of the car is the accident reporting, and that can be one-way. But that's not how automakers have implemented their infotainment systems. They're just now beginning to use ethernet between the purely entertainment modules, and steering wheel controls are overwhelmingly still carried over a bus that has more important jobs to do.

            It's not that it doesn't make sense to have an internet-connected system in the car, it's that it doesn't make sense

        • by AmiMoJo ( 196126 ) *

          But isn't connecting a car to the internet inherently stupid

          Not at all, as long as the functionality of said connection is limited. My Nissan has internet connectivity but it is only used to allow me to control non-critical stuff like the aircon and battery charging, or for the sat-nav to update its list of POIs. Nissan seem to have a clue when it comes to security - there are actually two OBD-II ports, and the one accessible from the cabin is read-only so can only be used for diagnostics and data logging.

      • BMWs are expensive, BMW drivers tend to be affluent, affluent people can afford good insurance, replacing a stolen car is expensive, insurance companies will charge a higher premium on easily stolen models, affluent people might choose other cars because of high premiums and reduced sales and bad PR will force BMW to improve their security.

        In theory, at least, the market response to easily stolen cars puts pressure on the carmaker to improve security.

        • by AmiMoJo ( 196126 ) *

          I read somewhere that people in London can't even get insurance for certain models of BMW any more.

        • In theory, at least, the market response to easily stolen cars puts pressure on the carmaker to improve security.

          I was under the impression that most people purcahsed cars every 3-5 years. So I'm not sure why you think that market pressures will force them to fix the problem on existing models. On future models, sure...

      • by raymorris ( 2726007 ) on Saturday February 07, 2015 @09:22AM (#49005181) Journal

        >. Not making complete fucking moron decisions about security is easy, if you hire someone vaguely competent. BMW decided to skip that step to save a few bucks to ensure nice corporate bonuses, and customers suffered.

        Their developers encrypted the relevant text messages and used hmac to ensure their authenticity, so they thought it was reasonably secure. It's not that they were INCOMPETENT developers, the issue that none of them were security experts. Because true security, security that can't be broken fairly easily by an expert who then publishes a tool for script kiddies to use, IS hard. BMW's programmers did as much as I'd expect any application programmer to do. It's then time for the security audit, by a truly qualified security person, to catch the kinds of mistakes that the author caught. I work with some very good programmers. Some of them are really good at UI design, some are good at managing large projects, some are very versatile. It's a really good team of professional programmers. I catch security errors they make all the time because I'm the security guy. On the other hand, they have to fix my GUIs to look nice because I'm not good at designing attractive GUIs.

        • PS, though I've been focused on computer security for twenty years, and before that worked as a locksmith and a private investigator, I STILL make mistakes. I STILL looks and things I've done and say "well that was dumb". I'm still learning, even still taking formal classes while I also serve as an expert consultant for build new courses in security.

          My IQ tested as - let's just say "well above average" - so if it were easy you'd think I would have figured it out by now.

        • It's not that they were INCOMPETENT developers, the issue that none of them were security experts, and didn't bother to consult any.

          FTFY.

          • Agreed, 100%. Further, IF you know what to look for when choosing your expert, rather than hiring them through three levels of middlemen, for a relatively small project you can pay him $500 to have a phone call early in the design phase and show up at a later planning meeting to review the design, then $500 more to review the final code and make adjustments that are minor to do, but have major impact. Of course you can also pay HP $10,000 to send him out. HP will pay TCML $3,000, and TCML will pay the ex

            • by AmiMoJo ( 196126 ) *

              If a major car manufacturer spent only $10k, let alone went with the budget $1,200 option, I think we would be criticising them for being cheap and not valuing security enough. For a system that will be deployed world wide in hundreds of thousands of vehicles they should be setting up a security department and hiring a team of experts to work full time on implementing it right.

              • If the security was present, well designed, and well implemented, I don't think most would care how they necessarily did it.

        • BMW's programmers did as much as I'd expect any application programmer to do. It's then time for the security audit, by a truly qualified security person, to catch the kinds of mistakes that the author caught.

          No. Security is not an afterthought or something do be approached at the end. It needs to be an integral part of the software development lifecycle from soup to nuts. Anything else results in "ship it now, we'll fix it later" decisions and we end up where BMW is today.

          • That's a good point, and one that I mentioned in my post which appears just above yours, but not my GP post.

            Depending on the complexity of the project, budget, and impact, it sometimes make sense to engage the expert at three points:
            Early planning (might be a conference call)
            Late planning (to validate the design/architecture prior to much coding)
            Pre-release (to check for any oversights in the actual coding)

        • by ceoyoyo ( 59147 )

          Using the same key for each car is a pretty obvious flaw that's bitten a few companies. Having your car compromised by a motivated expert is pretty much unavoidable. Having all your cars compromised by one motivated expert, once, and anybody with a passing familiarity with Google afterwards, is really something that shouldn't happen anymore.

      • by Lumpy ( 12016 )

        "No, the truth of the matter is in your first paragraph. Designing and building a car is not easy."

        Maybe to dumb people it's not easy. to the rest of us... yes it really is easy. It's a well defined and massively repeated process. An engine is trivial, a car suspension is trivial. a whole car is trivial.

        When you add shit to it for the sake of adding shit.. That is when it get's complex. No I dont need a computer on my brakes. a computer to the side of my brakes looking for slipping and trigger a modu

        • An engine is trivial, a car suspension is trivial. a whole car is trivial.

          Bull, followed by shit. Making a car that will function as well as a Model T is pretty easy, any dick with a little machining and welding experience can probably manage that. Making a car that will function as well as the lamest BMW, let alone something as complex as the i8, is a massive engineering challenge just to execute, let alone to do well.

          No I dont need a computer on my brakes. a computer to the side of my brakes looking for slipping and trigger a modulation piston to give me anti-lock? Sure. but if the computer fails, I will have brakes.

          It's sad that you think you know so much about cars, but you don't know that this is how ABS works. When the system isn't doing anything, the valving permits pedal

          • by Lumpy ( 12016 )

            Ahh I wondered when the resident Slashdot moron would come back out to troll me.

            How you been?

          • Pretty sure the "brake by wire"is a reference to the Prius's problems.

          • by mjwx ( 966435 )

            Bull, followed by shit. Making a car that will function as well as a Model T is pretty easy, any dick with a little machining and welding experience can probably manage that.

            Do you know how stupidly complex the Model T's controls were? Whatever Henry Ford was smoking when he released that I would like some of.

            But I agree with your post. Anyone who thinks designing a car with off the shelf engine and suspension parts is delusional and has clearly never tried to modify a car. You cant simply buy bits off

    • by X.25 ( 255792 )

      A company as big as BMW should be able to hire some security experts, so this should be a bit embarrassing for them.

      But the truth of the matter is, doing security is not easy. Take web programming, for instance. Back when I first learned PHP, I found over and over that whatever design or coding approach seemed most straightforward and intuitive was inherently unsecure. All sorts of escaping and manual insertion of encryption functions are required, and that clutters up the code to the point of making it hard to maintain. I did manage to implement most of it in a common PHP file that I reused over and over again, but there was a huge learning curve, and it was a pain. Since then, people tell me that it's gotten a LITTLE better. For instance, database wrappers generate the SQL queries for you and automatically escape strings. But for the most part, it still sucks.

      If there were a single best book to read on cyber security, then perhaps we'd have fewer problems like what BMW had. But in reality, to get good at it, you have to have a vast familiarity with the literature and tools. You do that much reading, you might as well get a PhD. And my friends with PhDs focusing on security are in academia, not industry, so we get more security papers but not more secure devices.

      Problem is, you are not a security professional/expert, nor should you be as a web programmer.

      In similar fashion, people doing security for BMW should be security professionals and not engineers that just got tasked with also developing security.

      It happens way too often, in almost every industry.

      Usually to "save money". Pretty ironic.

  • So; it was a move to HTTPS...

    http://grahamcluley.com/2015/0... [grahamcluley.com]

    Did they bother to fix heartbleed and POODLE while they were in there, or are they using an old stack, and it's still perfectly posible to implement the attack with a single additional step? In other words is this a "We must take some action!" fix, or is it a "We must take effective action!" fix?

  • by 140Mandak262Jamuna ( 970587 ) on Saturday February 07, 2015 @09:17AM (#49005155) Journal
    I have a 2014 X3. The damn thing would not connect to any of my Google Nexus phones via blue tooth. They have a very limited set of handsets they support. They don't seem to test anything other than iPhone and Samsung. Supposed to connect to 4 phones at the same time. The damn module crashes all the time and forgets perviously paired handsets that worked well earlier. Their mp3 playback is abysmal. All those old mp3s I ripped from CDs back in 1990s and early 200s play back flawlessly in every mp3 player, every computer, every device I have tried. From memorex-mp3-CD-R, to WesternDigital-TV box to chromebooks to sansa ... But in X3 it would not play, repeatedly crash the module, or get into endless loops.

    Root cause of the problem seems to be some rigid adherence to specs and dim-witted error recovery process. If one mp3 file has a mismatch between its header declaration and its data section, that mp3 can misbehave. OK I will concede that. But the default action on seeing this mismatch should not be the whole entertainment module to crash, reboot and rescan the 8 GB memory stick all over again for media files. When it crashes and rescans, bluetooth does not work.It reminds me of Digital workstations where none of the the IEEE exception handler I install would work. Their default handler, which is to crash the process and write a coredump would kick-in no matter what I declare as error handler. BMW seems to be using an even more extreme version of this mode.

    BMW is our customer, and they buy some engineering design analysis suites that we make in my place of work. I wonder how they will behave if I crash the entire computer every time a BMW engineer feeds an incorrect data to our suites.

    I am not surprised it has so much of vulnerabilities. Anything that crashes this much will fall back to single user super user mode and present a console to the attacker sooner or later.

    • by Lumpy ( 12016 )

      Which is funny because my 2007 BMW X3 connected with everything including nexus 4 HTC M8 etc...

      The problem is BMW is pulling a GM and having their own people make the electronics now and they suck at it. the older Telematics modules were far better, same as the becker/alpine radio systems.

      • Did you order the navigational package? The navigation was part of some stupid package that included road sign reading camera, lane departure warning system and a load of crap for 3 or 4K. Now a days I get far more accurate and up to date maps in my phone, why the hell I need to fork that over? So, like a fool I am ordered a custom X3 without the nav package. This config seems to be very rare and they seem to have never tested their system when the hard disk is not available. They seem to have a quick start
        • by adolf ( 21054 )

          Serious question: Am I alone in the thought that modern "infotainment" systems built into new cars are generally not useful items to have?

          My own horror story involved borrowing a friend's Ford Flex to make a delivery of communications gear that wouldn't fit in my old BMW 325i: I tried, eyes-off-road, to get my then-current Droid 4 to sync with the Ford Sync, only to find that I had to stop the car first. I tried for a total of about 40 minutes. It should've just said "Hey, asshole: Stop the car and try

          • The automotive companies have always seen a fully integrated in-dash system as a profit center. Look at the price of navigation pacakge, upgrading to recent maps etc. 1800$ for in-dash navigation? 200$ for latest map DVD? what the hell? The auto makers think, "they bought my car. I can nickel and dime them, I can charge outrageous mark up on trivial plastic stuff". But the tablets with voice commands and google maps with latest google predicted traffic out perform anything these guys peddle. They do not ha
  • by Elledan ( 582730 ) on Saturday February 07, 2015 @09:23AM (#49005185) Homepage
    While I do not work for BMW directly, the company I work for does do projects for BMW. One of the projects I worked on was the iOS app which is part of this ConnectedDrive system.

    To be precise, for the 'old' version of the app (My BMW Remote App) for non-i models we started off with this black box library (CD lib) which handled all the communication with the BMW servers.

    While I didn't do any protocol analysis or looked at the communication between car and servers, even for this iOS app it was pretty clear to me and my colleagues what the security implications would be if someone were to be able to obtain log-in data just for that part of the communication.

    Depending on the market (America, Europe, Japan, etc.) there are some limitations to what one can do with the app (based on the type of account, IIRC), such as from what range one can see where the car is on a map and whether one can unlock doors with the app or not (not allowed in the US market, from what I recall). Where these limitations are enforced I'm not sure. It might be based on the server, in which case this hack would bypass such limitations as well.

    At any rate, this security leak does demonstrate quite succinctly how important it is to properly security audit such systems before releasing it into the wild. Even for the current project I do for BMW (related to the headunits), having an active internet connection means that security is essential, including plugging buffer overruns and similar.

    Nobody wants to have one's headunit go blank during navigation, in a constant reset cycle or be turned into a spying device, after all :)

    Note that I'm still under NDA for all of these projects, so I can't go into much detail.
  • Like most companies security is considered a cost, an inconvenience or an after thought. Looks like there is no one who knows anything about security in the entire chain of designers who came up with this design for the cars. They seem to rely on security by obscurity.
    • Like most companies security is considered a cost, an inconvenience or an after thought. Looks like there is no one who knows anything about security in the entire chain of designers who came up with this design for the cars. They seem to rely on security by obscurity.

      Looks like a sneak preview of the future of the Internet of Things.

      Who ever thought we would have to worry about the security of our toasters?

      • Who ever thought we would have to worry about the security of our toasters?

        Just wait until your toaster is sitting in the garage trying to warm up for the morning commute.

        And your BMW is in kitchen, trying to make toast.

  • by Lumpy ( 12016 ) on Saturday February 07, 2015 @09:38AM (#49005249) Homepage

    Everything is hackable... OnStar that has been in millions of GM cars is just as hackable using the EXACT SAME TECHNIQUES.

    So if you have a portable cellsite that can spoof a cellular tower the device is looking for, you man in the middle it.

    Nothing new here except that a bonehead in programming the whole system is using the same key over and over to make his job easier.

    • by antdude ( 79039 )

      Yep. Nothing is 100% secured. :(

      I am curious which one is more secured. Electronic (modern cars) or physical (old cars).

    • Well, if the security was done correctly (like https) they wouldn't be able to man in the middle it. The car would be able to know it's not talking to the proper server, and anyone just passively ease-dropping on the connection would just get see an encrypted data stream. Apparently this is not how it was done.

  • by janoc ( 699997 ) on Saturday February 07, 2015 @01:43PM (#49006571)

    In particular, BMW has a history of similar cockups - just search youtube for various "iDrive problems", "Check engine reset" issues, "Engine stalling" issues, etc. Those software problems go back years. The first iDrive implementation from 2002 using Windows CE was a legendary lemon.

    It isn't just BMW, though - http://www.edn.com/design/auto... [edn.com]

    I had a Renault Clio and Renault's unreliable electronics is legendary too, even though there it was more a poor design than necessarily bad code. But you will never know - nobody has seen the source code of the firmware in many of the control units. Often not even the manufacturer has it - it is outsourced and subcontracted, even for critical systems like ABS or ECU.

    And I am pretty sure that this is industry-wide problem - the same control units are in many cars, especially today with all those shared platforms and alliances between manufacturers.

    If someone is thinking about drive-by-wire cars (Nissan, uses a safety clutch to be legal atm, but they have publicly announced a push to go fully by wire http://www.caranddriver.com/fe... [caranddriver.com]) or the recent idea about the OTA updates in this sort of cesspit of horrid and unaccountable code, they must be insane.

    • If someone is thinking about drive-by-wire cars (Nissan, uses a safety clutch to be legal atm, but they have publicly announced a push to go fully by wire http://www.caranddriver.com/fe... [caranddriver.com])

      Wow, I am so looking forward to being able to get one of those steering sensor+wheel packages from a crusher. That's just the thing to use to build a really quality FF wheel on.

If money can't buy happiness, I guess you'll just have to rent it.

Working...