Thread: Bad News for the Tuning Community?
View Single Post
      10-30-2020, 01:33 PM   #34
NathObeaN
Captain
NathObeaN's Avatar
United Kingdom
1309
Rep
775
Posts

Drives: M2 Competition (MY2021)
Join Date: Jan 2018
Location: UK

iTrader: (0)
Quote:
Originally Posted by Tag View Post
This sounds a lot like what's been implemented as an industry standard in IT for servers and even client end points. If so than it's extremely difficult and highly unlikely anyone will be able to hack it.

Deep dive...
Computers have always been vulnerable to malware, hackers, etc. and to get around that a lot of "layers" of security have been implemented. At first this was a virus scanner to find and remove them, but that wasn't enough, because most computers were networked and so it was a game of Whac-A-Mole. Next came running personal firewalls on computers to help prevent unauthorized connections, then you saw virus scanners do real time scanning, etc. But even then if you lost or someone stole your computer they could access data on it. A password just prevents login, but the data is still easily accessible. This is when drive encryption came into play so that even the data was unreadable. Great, it's fully secured now. Well, not really. There are always bugs and holes that have yet to be discovered that can give you a backdoor into a system. So that's when secure boot started to be implemented. It basically runs on the systems hardware (not OS) and checks if the bootloader or system files have been tampered with before allowing the system to boot up. This really locks down not only the OS, but the entire system from any tampering. Some of them even require a secure transmission via network to servers that validate everything is good before the system can boot up. If it fails the system will simply not start. It won't let you use any bootable media on the system either.

I suspect this is similar to what Bosch is doing with these new ECU's. I cannot stress how difficult and practically impossible this is to defeat. Maybe a flaw will show up that can allow access, but it's unlikely. With this many layers of security it's damn hard to crack. The only other ways to get in that I can think of is to gain access to the actual security validation systems to get in, but that is unlikely and would put anyone trying that in jail. They could attempt to image the ECU and perform brute force on the images, but this is so hard to do and requires specialty equipment which can run emulators, etc. that it's also highly unlikely. The last option is to use a custom aftermarket ECU, but that has it's own challenges.

TLDR: This will likely be the death of tuning.
Ah c'mon man... please don't be so negative I am desperately hoping this isn't the case and they'll find a way around it. It doesn't matter how good security is, it always gets broken, eventually. The main problem is the incentive to break the security. Money talks. Unless there is serious money to be made to find a way around this it won't happen. We'll see. I'm yet to find out if my ECU is locked but I suspect it is. Last thing I want to do is revert to piggybacks though.
Appreciate 0
Quote