The way I understand it, this car was taken in by a garage for 'seat installation'. I presume this means after market seats.
The car disabled itself during installation. The OP assumed due to an anti-temper device, but it could have been any failure mode. Most modern cars with airbags will have sensors in the seats to disable some of the airbags if there is no passenger sitting there. So it is no surprise that any type of work on the seats puts this system in an error state. Especially on high-performance cars it is not unusual that the car immobilises itself when the safety systems are in error state.
A certified dealership will have the computer interface and software to reset the fault mode. For those that do not have this software, Ferrari can remote into the car and reset it for you. This requires connectivity though. This is actually quite a common thing on luxury cars.
This has nothing to do with 'smart' modes, remote hacking capability or disabling a car while in motion. The fact that the manufacturer can remote into their cars, does not automatically mean that the car is vulnerable to remote hacking. This is, in fact, a safety system that kicked in.
The solution here was probably simple: bring the car outside, and let Ferrari do it's thing. Or trailer it to a certified dealership to have it reset there.
It was even more basic than that. They were installing a child's carseat for the owner, and I believe it was an anti-theft system that was triggered.
The story reminded me a lot of the rental car that bricked itself because it lost cellular service - https://arstechnica.com/cars/2020/02/driver-stranded-after-c...
If your car can connect to the internet it's vulnerable to hacking via the internet. My car, which is incapable of connecting to the internet suffers no such potential for abuse.
In real life is that what actually happens? Sadly, no. Car companies seem to make a lot of bone-headed systems engineering design decisions (such as having a computer network path connecting infotainment to critical safety systems)
Ferrari actually flew a technician in to visit this car, who then said "yep, nothing I can do here." Then they had to push it out and tow it.
The solution was not simple.
https://www.reddit.com/r/Justrolledintotheshop/comments/j9qn...
If the user cannot restore it to normal operation using tools that the average user has available, that is definitely a brick though, and I'd argue that it meets even the definition of a "hard brick".
If you flash bad firmware on a device and overwrite the bootloader used for flashing, many would consider this a bricked device since they don't know how to use an SPI flasher to restore a working firmware. For others simply having a device that isnt fixable via a factory reset is bricked because they don't know how to flash via usb.
A car that has become software locked without a way to restore it is bricked imo.
Because if that, I think it’s natural that the concept gets broadened.
Besides, the car might still be bricked, as far as we know? Perhaps the onboard computer is screwed and needs a replacement?
This is about as far from bricked as you can get.
They did. Because the car did not have connectivity at the time it detected the issue, it went into full lockdown (judging by the comments, it kept trying for a while, couldn't connect, assumed the worst).
The car performed exactly the way it was programmed to perform. Tampering was detected. No connectivity was found. Lockdown. It will now have to be serviced by Ferrari, a local tech is not enough.
It is difficult to imagine a system that's just as secure but less inconvenient. If you open the door for local 'patches', then you open avenues of attack. Better to do a `rm -rf *` and blow up a firmware chip or two for good measure. Threat vectors are potentially more sophisticated for these cars, if there's a way to locally bypass the lockdown, it will be found.
The target demographic for these cars will not be inconvenienced much. As per the post, the owner went and got his Maserati.
So the takeaway for any Ferrari owners is: make sure there's connectivity if you are trying to perform any changes to the vehicle.
In your example, why not have a push-button override to allow the car to reset after seat installation?
Soft-everything. I miss my hardware switches.
- signed getting grumpy, getting old man
I'm pretty sure that that's exactly what it means. What happens when someone steals the manufacturer's authentication keys, or gets on to the manufacturer's VPN?
Being able to reset a car that was immobilised due to a failure in the safety system does not mean that you can steal it, nor does it mean that you could create a dangerous situation. Resetting the system does not mean overriding. If the problem persists, the car will automatically immobilise again are the reset.
This is a very Apple-like line of thinking. It's not a valid excuse.
I don’t see how that follows? The fact that someone can remote into your car is exactly what makes it vulnerable to remote hacking.
Except the self-same failure mode means you can't bring it outside either except via an expensive process.
More generally, I don't know how any of your points should reassure anyone. Put yourself in this driver's place and tell me how dismissive you'd be at such an event.
It's not exactly straight forward to tow car that doesn't move out of the garage with such low ceiling. They had to manually release handbrake from boot and push it out of the garage.
It's only not surprising if you already know a ton about cars, which is a terrible definition of "surprising" to use here.
Uh, that should be the other way around: "The fact that the manufacturer cannot remote into their cars automatically means that the car is not vulnerable to [that form of] remote hacking."
This sounds like it invokes the "right to repair" issue though. Is this "Right to repair, but only if the car's online"?
You have the right to repair. But you do need the correct tools to do it. If you don't have those tools, Ferrari may help you remotely, but you'll need connectivity for that obviously.
I want one.
> The fact that the manufacturer can remote into their cars, does not automatically mean that the car is vulnerable to remote hacking.
I mean, it pretty much does.
By my reading the car has an anti-theft device that was triggered by the installation of seats. There is a remote system to override the anti-theft device, but that doesn't work because it requires mobile reception.
It's kind of funny, but this doesn't really tell you anything about the dangers of "smart cars" or anything.
The situation in here is more like "haha, ok, we just need to tow this thing out of the garage and try again" - no big deal.
> The fact it had no signal at the time of the tamper safeguard being triggered meant that remote recovery wasn't an option, even when we moved it into the open. Idk, an extra layer of theft protection I suppose.
1. https://www.reddit.com/r/Justrolledintotheshop/comments/j9qn...
Is replacing the seats in your car basic?
Having some kind of backup would probably be easier than breaking whatever encryption they're using, and something like this would be a "weakest link" scenario, so anything you put would probably decrease in security.
Besides that, don't really want something a technician can just bring to you, because anything like that can be stolen or sold, so you were probably gonna have to tow it anyways.
I have no clue if that's anywhere close to the actual decisions, but it's not super hard to come up with a thought process that leads to the conclusion that the possible inconvenience of being even more stuck than usual when your car is stolen in a place where you don't have cell service is better than the security reduction of having a backup anti-anti-theft mechanism
e.g you could override the security system with a signal jammer.
Edit: My point is - We shouldn't be making smart cars and TVs because there are always going to be bugs that are not forceable and can cause your device to brick. I wouldn't want a smart microwave or coffee maker.
I’ve been following the thread on Reddit and there’s an added piece you’re missing. The mechanic triggered the anti-theft device so the car went into an initial lock down, that can be disabled remotely by Ferrari. The mechanic contacts Ferrari who can’t override the anti-theft because the car is without signal. At this stage the anti-theft mechanism is also attempting to contact Ferrari, probably with location data to help recover the car, still thinking it has been stolen. But due to the fact that it can’t get a signal out, it assumes the worst and enters full lock down mode that requires some sort of fix that can only be performed by Ferrari themselves.
Reality - if they had just pulled it outside they could have had it fixed in no time.
Most stuff (even stuff that looks analog like the speed gauge) now runs thru buses and OBD allows you to tap into almost every controllable aspect of the car if you know the 'right api' for the device.
won't stop someone physically breaking in and connecting something to the bus but the alarm should sound in that case.
Answer: the market is captured, and controlled via government regulation, by corporations that do not see individual owners wrenching on their cars as advantageous.
Follow-up: how do we restore capitalism to our (nominally) free market?
As somebody who drives an ancient car, I'm keenly aware of its lack of safety features. The "american steel" argument falls flat; my car was made before the concept of crumple zones, much less airbags -- driving this boat, I'd be seriously injured or die in a head-on collison with a Yaris, where the other driver and passengers would probably walk away. Unless my gas tank explodes and engulfs us all, that is.
If everybody was driving pre-1984 vehicles, the emissions would result in horrible smog, bringing most cities on par with Beijing.
The world must bring carbon emissions down to prevent severe climate change. Maybe lax safety standards could contribute to that; but environmental regulations must not go.
Follow up: the "free" market that you propose is not actually free, but ignorant of externalities that the modern market has limited facilities to account for.
Because the folks that ask this type of question are few and far between, and rarely serious. Otherwise, at least one manufacturer would have brown diesel wagons with manual transmissions. ;-)
Maybe 1 in 1000 people wrench on their own car. Manufacturers don't cater to that. They design cars to be appealing to the other 999, and they design the mechanical bits to be as cheap as possible to assemble in a factory.
The product you want already exists, though - it is commonly referred to as the 70 series Land Cruiser. :)
Or maybe this is a market opportunity, and you should set up a manufacturing line for stripped down jeep-like vehicles.
Probably won’t be road legal, though, because they’re horrifically unsafe in a collision compared to modern cars.
Fixing broken cars became a cultural thing because cars really sucked and you had to waste a fair portion of your life fixing them. Things like emission regulation brought metrics and standards to the industry and resulted in better cars. The typical lifespan of a car is 2x what is was in the 80s (200k miles or 12 years).
Update 1: https://old.reddit.com/r/Justrolledintotheshop/comments/j9ji...
Update 2: https://old.reddit.com/r/Justrolledintotheshop/comments/j9qn...
There was also a story a few years back that is kinda similar in issue. A rental car was taken into a rural area but they couldn't restart the car as there was no cellular signal for the app to re-enable the car. https://twitter.com/kari_paul/status/1229214223227478016
Edit: Oops, that's probably the tech in the bricked Ferrari, not in his company car.
I drive an all-electric car with no remote connections at all, unlike this gas-powered Ferrari.
Is there some reason why this is downvoted? Most electric cars seem to have remote connections...
When poor rural families are doing fine, spending thirty bucks a month on feeding and caring for a horse is no problem. But poor families know they won't be doing fine forever. They can't afford to spend $800 on a horse they don't know they'll be able to sell at all if they need to do so suddenly. So, lots of kids who would have spent time around horses absent the ban, haven't.
Rich morons and the charities they support don't care about that. There are still markets in place for horses with economic value such as Thoroughbred race horses. Although, since they don't race their entire natural lives, Thoroughbreds have also been harmed by the slaughter ban.
https://old.reddit.com/r/Justrolledintotheshop/comments/j9ji...
[1] https://old.reddit.com/r/Justrolledintotheshop/comments/j9ji...
[2] https://old.reddit.com/r/Justrolledintotheshop/comments/j9qn...
Do that around my town and you will find motorcycles parked in the triangles you have left behind. I saw a porsche guy call the cops about this while at starbucks. The cop, on a motorcycle, decided to believe that the motorcycles had arrived first and that the porsche must have sneaked in between the bikes. The porsche was ticketed.
Presumably, the car is parked in some service spot(s) for a seat install...
The worst part is that car companies don’t understand software and digital security.
https://www.wired.com/2015/07/hackers-remotely-kill-jeep-hig...
According to the reddit thread [1], the anti-theft tamper safeguard (no network required) was triggered. Since it was triggered when there was no network connectivity, network connectivity could not be used re-enable the car.
So, no network connectivity was used to disable or enable the car.
1. https://www.reddit.com/r/Justrolledintotheshop/comments/j9qn...
The remote control wasn't used here but it normally works and they tried to use it. So it does show that these cars could be hacked remotely.
'we did it in a safe way'
They had no control over the cars behind, anything could have happened.
Their attack could have been demonstrated on a parking lot or private road.
Their information did need urgently sharing, and while I understand the common need for a bit for drama, this was utterly unsafe & for the good of everyone I hope they've pulled their heads out of their asses since making that video!
I don't know any vehicle with connectivity (other than Jeep and maybe Ford?), which does not have safety critical CAN/FlexRay buses segregated from driver facing 'infotainment' systems.
What that means is that the network bus in which your 'compromised' infotainment system is able to operate is completely separate from Engine, ABS, AEB, ESP, Airbags etc.
The solutions vary but there is usually a physical gateway that prevents a passthrough MITM attacks, so you cannot simple send a message frame from your infotainment pretending to be an AEB module requesting emergency braking to your ABS system.
No, it does not.
The way I read the article, the photo is taken at the installation facility where (presumably aftermarket) seats were being installed. The car disabled itself during installation. It was not driving. It was also not "hacked" remotely. I assume the installer also had the key at hand.
A certified dealership will have the computer interface and software to reset the anti-theft mode. For those that do not have this software, Ferrari can remote into the car and reset it for you. This requires connectivity though.
The only difference between this bricked Ferrari and a phone bricked by a bad firmware update is that the Ferrari is worth enough that it's worth while for the manufacturer to fix it.
If you want bricking, check out Samsung's work around the Note7. "prevent all U.S. Galaxy Note 7 devices from charging and will eliminate their ability to work as mobile devices" - that turns these devices into actual bricks with no future utility.
As a broader issue independent car repair garages are dying fast as more and more cars are manufactured with inaccessible DRM coupled with very expensive handshake hardware and software only dealers can own.
This is a huge problem quite aside from the issue of what happens when a vehicle being driven can't phone home because of grid shut off etc (happening a lot in California for example), resulting in these types of incidents.
I feel new vehicles should have owner ability to shut off all out and inbound electronic communication and still function satisfactorily. An earthquake or other natural disaster is going to immobilize a lot of vehicles in potentially obstructive places if we don't think this through.
"Oh yeah, so nope. The fact it had no signal at the time of the tamper safeguard being triggered meant that remote recovery wasn't an option, even when we moved it into the open. Idk, an extra layer of theft protection I suppose."
https://www.reddit.com/r/Justrolledintotheshop/comments/j9qn...
"Quality" isn't a word I'd use around a Ferrari.
If you want something that never gives you trouble, buy a VW or a Toyota. You’ll never see a garage if you don’t want to, but they will never give you the same experience as a supercar.
And do drop by a garage that does exotics. Some of the things you will see there is really no excuse for. It is just terribly bad engineering. Don't make excuses for bad engineering, because at those prices and with that kind of customer service, there are none.
I've actually come across ZipCars that have likely never been used because they're placed in underground garages with no cell reception.
"Ferrari is bricked by poor software engineering & not handling a normal use case."
