- Automotive Cyber Security
- Policy and Regulations
- Software-Defined Vehicles
- Open Data
New Cloud-Based Technology Could Aid Right to Repair
Like most engineers I know, I like to work with my hands, and I generally hate to throw away and replace things that I know can be fixed. Whenever possible, I also like to fix things myself rather than paying someone else to do it—I find it personally satisfying, and it’s less of a hit on the budget. The right to repair movement aims to ensure that consumers like myself, as well as independent repair businesses, have access to the information needed to fix electronic and automotive devices themselves—thus saving money and reducing electronic waste. While the right to repair is gaining legislative traction, it is limited by how the laws are structured. Case in point is the Data Access Law passed by Massachusetts voters in 2020.
The law enables consumers to take their vehicles to third-party technicians for service, which can improve convenience and reduce costs. Third-party technicians already have access to diagnostic tools to help pinpoint what is going wrong, but the new law adds a requirement that automakers provide the same wireless access through the telematics system that they and their dealers have.
In principle, this all seems reasonable, but the reality of connected life in the 2020s makes this law extremely problematic. It’s not that it isn’t technically possible to provide access to anyone to run diagnostics on a vehicle remotely via the telematics connection. That part is actually almost trivially easy. In 2015 security researchers Charlie Miller and Chris Valasek tapped into a Jeep remotely and executed a variety of commands, so the potential is there. What Miller and Valasek were demonstrating was that unauthorized people could do it.
Since then, the auto industry has tightened its security practices and established an Automotive Information Sharing and Analysis Center to collaborate on cybersecurity issues. While concern for protecting the business interests of dealers is almost certainly a primary driver for the industry pushback against the Massachusetts law, heightened awareness of cybersecurity challenges is also a major element. Allowing anyone to access a vehicle’s systems through a wireless connection is extremely risky. The possibility of chaos if someone were to discover a vulnerability in the system is very real.
Among other things, the Data Access Law requires the establishment of an independent third-party company to provide access to all automakers’ systems for service providers. Automakers have argued that antitrust rules prevent them from creating such a body, and none has sprung up yet. However, at least one company is working on technology that could potentially safely enable this sort of data access.
Sibros is one of a number of companies collaborating with automakers and suppliers to provide platforms for connected vehicle data management, over-the-air updates, and more. One of its most recent products is called Command Manager, a cloud-based system that enables service technicians to perform a variety of diagnostic and service procedures without having to connect a specific tool to the vehicle. Something like this could potentially enable what the Massachusetts law is requiring.
In a conversation during CES 2023, Sibros CEO Hemant Sikaria explained, “We haven’t gotten that far yet, but that is our vision. We’ve already built all the provisions for this to happen. So it’s very close to being completed where a service center that is not the OEM’s dealership will be able to request access to a specific vehicle, and the vehicle owner will be able to grant access for a specific period of time for that service to happen in that time period.”
The right to repair is important for economic and sustainability reasons, but some aspects need to be implemented very carefully to avoid creating more problems than we solve.