LKAS and unencrypted CAN bus for Comma.ai Openpilot

[hansonr55]

I'm hoping that the Scout has both Lane Keep Assistance as well as an unencrypted CAN bus.

I've been using a third party driver assistance system from comma.ai called Openpilot on my last two vehicles and it'd be great if it would work on the Scout as well. It's being polished for the Rivian now and supports 275+ models of vehicles at this point.

An encrypted CAN bus is a deal breaker for this system as it reads and writes to the CAN bus in order to control the vehicle.

 

[rivianwho]

I'm hoping that the Scout has both Lane Keep Assistance as well as an unencrypted CAN bus.

I've been using a third party driver assistance system from comma.ai called Openpilot on my last two vehicles and it'd be great if it would work on the Scout as well. It's being polished for the Rivian now and supports 275+ models of vehicles at this point.

An encrypted CAN bus is a deal breaker for this system as it reads and writes to the CAN bus in order to control the vehicle.

I can see where Openpilot would be beneficial for vehicles which do not already have ACC et. al. but why would I want to use it for vehicles (e.g. Rivians) that already have the capability? Is Openpilot supposed to be better than OEMs capabilities? If so, then why wouldn't the OEMs just use it?

Personally, your comment, "...as it reads and writes to the CAN bus in order to control the vehicle" coupled w/ "It's being polished for the Rivian now" which implies my Rivian R1S CAN bus is NOT currently encrypted. Calling all hackers!

PLEASE encrypt the CAN bus!

 

[coolbeans]

I believe Unencrypted can has been the reason a bunch of cars were ableto be stolen recently.

Scout is also using rivian sw which should include the hands free driving that rivian is announcing soon.

 

[hansonr55]

I can see where Openpilot would be beneficial for vehicles which do not already have ACC et. al. but why would I want to use it for vehicles (e.g. Rivians) that already have the capability? Is Openpilot supposed to be better than OEMs capabilities? If so, then why wouldn't the OEMs just use it?

Personally, your comment, "...as it reads and writes to the CAN bus in order to control the vehicle" coupled w/ "It's being polished for the Rivian now" which implies my Rivian R1S CAN bus is NOT currently encrypted. Calling all hackers!

PLEASE encrypt the CAN bus!

It works super well. I wish OEMs would use it. It works better than supercruise and FSD.

I can drive hundreds of miles without touching the wheel. It makes driving long distance much more enjoyable.

 

[hansonr55]

I can see where Openpilot would be beneficial for vehicles which do not already have ACC et. al. but why would I want to use it for vehicles (e.g. Rivians) that already have the capability? Is Openpilot supposed to be better than OEMs capabilities? If so, then why wouldn't the OEMs just use it?

Personally, your comment, "...as it reads and writes to the CAN bus in order to control the vehicle" coupled w/ "It's being polished for the Rivian now" which implies my Rivian R1S CAN bus is NOT currently encrypted. Calling all hackers!

PLEASE encrypt the CAN bus!

Just because the CAN bus is able to be used by third parties does not mean it's automatically able to stolen. Poor vehicle design means the vehicle is able to be stolen.

 

[rivianwho]

It works super well. I wish OEMs would use it. It works better than supercruise and FSD.

I can drive hundreds of miles without touching the wheel. It makes driving long distance much more enjoyable.

Ryan

Well, I'm definitely NOT impressed by Rivian's current ACC and lane centering capability and I'm afraid their new hands-free capability in a few weeks will only be for the Gen 2 Rivians which have more cameras.

 

[hansonr55]

I can see where Openpilot would be beneficial for vehicles which do not already have ACC et. al. but why would I want to use it for vehicles (e.g. Rivians) that already have the capability? Is Openpilot supposed to be better than OEMs capabilities? If so, then why wouldn't the OEMs just use it?

Personally, your comment, "...as it reads and writes to the CAN bus in order to control the vehicle" coupled w/ "It's being polished for the Rivian now" which implies my Rivian R1S CAN bus is NOT currently encrypted. Calling all hackers!

PLEASE encrypt the CAN bus!

Encrypt the BUS as long as third parties can still interface with it.

 

[rivianwho]

Just because the CAN bus is able to be used by third parties does not mean it's automatically able to stolen. Poor vehicle design means the vehicle is able to be stolen.

I'm not just talking about stealing the vehicle. I'm talking about hacking the vehicle for whatever nefarious purpose by bad actors. e.g. https://www.caranddriver.com/news/a...-into-car-hacking-should-come-as-no-surprise/

 

[hansonr55]

I'm not just talking about stealing the vehicle. I'm talking about hacking the vehicle for whatever nefarious purpose by bad actors. e.g. https://www.caranddriver.com/news/a...-into-car-hacking-should-come-as-no-surprise/

Hopefully there's a world where third party ADAS can be used and the car's security won't be compromised.

 

[rivianwho]

Hopefully there's a world where third party ADAS can be used and the car's security won't be compromised.

Well, encrypted the CAN bus would be a good start.

 

[blmtnc]

This reminds me of the Android vs. IOS debate as it relates to cyber security. A closed ecosystem (no third party access) like IOS offers some benefits in this regard as there is tighter control on access and coding standards, etc. which reduces risks in specific ways, and an open system like Android which allows for installation of (presumably better) third party security tools can reduce risks in other ways. For these vehicles, cyber risk and security is of the utmost importance. FAR more important than the ability integrate third party apps that aren't security focused. Why? Because cars are both in the cyber and physical realms. They can kill people if commanded to do things in non-desired or unexpected ways. Want to side load apps onto your phone? Be my guest but I'd never entertain the idea, and would NEVER consider doing the same with my car because of the risks and potential liability it introduces. If they have to close the system to outside integration in order to properly secure it, then that's what needs to happen.

 

[rivianwho]

This reminds me of the Android vs. IOS debate as it relates to cyber security. A closed ecosystem (no third party access) like IOS offers some benefits in this regard as there is tighter control on access and coding standards, etc. which reduces risks in specific ways, and an open system like Android which allows for installation of (presumably better) third party security tools can reduce risks in other ways. For these vehicles, cyber risk and security is of the utmost importance. FAR more important than the ability integrate third party apps that aren't security focused. Why? Because cars are both in the cyber and physical realms. They can kill people if commanded to do things in non-desired or unexpected ways. Want to side load apps onto your phone? Be my guest but I'd never entertain the idea, and would NEVER consider doing the same with my car because of the risks and potential liability it introduces. If they have to close the system to outside integration in order to properly secure it, then that's what needs to happen.

The evil empire (Apple) pwns your data and despite the myth that somehow a closed proprietary eco system is more secure than an open source system has been proven wrong time and again; e.g. see Pegasus for details.

Ideally, a transparent open source system that's been independently verified by third parties is the best solution; e.g. see Proton, Purism Liberty Phone or most de-Googled phones based upon AOSP (pure open source before Google and the rest of the OEMs install their spyware) for details.

Then there's the *right-to-repair* aspect. YOUR vehicle/phone/laptop/computer, should be YOUR choice as far as what you want to install on it.

Hopefully, Scout will be a more open system than Rivian.

 

[Ajzride]

I'm hoping that the Scout has both Lane Keep Assistance as well as an unencrypted CAN bus.

I've been using a third party driver assistance system from comma.ai called Openpilot on my last two vehicles and it'd be great if it would work on the Scout as well. It's being polished for the Rivian now and supports 275+ models of vehicles at this point.

It's just too early to know. One thing working in the favor of unencrypted or lower-level encryption is that Scout is not targeting the EU market, where the strictest encryption is required by law.

It is also possible a torque interceptor would be a viable solution, which does not use the ADAS messages and wouldn't be affected by encryption. I recently purchased a spare rack and pinion for my truck to work on a torque interceptor.

 

[blmtnc]

The evil empire (Apple) pwns your data and despite the myth that somehow a closed proprietary eco system is more secure than an open source system has been proven wrong time and again; e.g. see Pegasus for details.

Ideally, a transparent open source system that's been independently verified by third parties is the best solution; e.g. see Proton, Purism Liberty Phone or most de-Googled phones based upon AOSP (pure open source before Google and the rest of the OEMs install their spyware) for details.

Then there's the *right-to-repair* aspect. YOUR vehicle/phone/laptop/computer, should be YOUR choice as far as what you want to install on it.

Hopefully, Scout will be a more open system than Rivian.

There will always be tension between right to repair and supportability by the provider. We as consumers can't realistically expect to eat our cake and have it too. Let me install whatever I want on the system/platform you developed, while at the same time expect flawless operation, security and warranty coverage at the same time. Something has to give. And in my experience open source code is no less riddled with software vulnerabilities than proprietary code. Agreed that in theory open source provides a better opportunity for outside experts to get under the covers and do the reviews necessary to remediate problems before they're released, but I'm not sure that's happening in practice. If an OEM is committed to strong coding practices from a security perspective and has the development processes in place to support that, I'd rather that be the result vs. an open source system that's weakly supported and requiring constant patches. Neither approach is the end all be all, but how well you do what you've chosen is what really matters.

 

[rivianwho]

There will always be tension between right to repair and supportability by the provider. We as consumers can't realistically expect to eat our cake and have it too. Let me install whatever I want on the system/platform you developed, while at the same time expect flawless operation, security and warranty coverage at the same time. Something has to give. And in my experience open source code is no less riddled with software vulnerabilities than proprietary code. Agreed that in theory open source provides a better opportunity for outside experts to get under the covers and do the reviews necessary to remediate problems before they're released, but I'm not sure that's happening in practice. If an OEM is committed to strong coding practices from a security perspective and has the development processes in place to support that, I'd rather that be the result vs. an open source system that's weakly supported and requiring constant patches. Neither approach is the end all be all, but how well you do what you've chosen is what really matters.

The *RIGHT* to repair is just that. The FREEDOM for consumers to choose DIY or not. Supportability and right to repair are not in conflict. See 100 years of DIY shade tree mechanics that didn't void any warranties for details.

Right to repair is also about making OEM parts and repair procedures available to consumers which Rivian et. al. do NOT currently unlless you want to spend the $15k/year plus thousand of dollars in certification training to become a Rivian-certified repair facility. Want a new OEM 12V battery. Sorry, but you'll have to spend the $800 for a Rivian Service Center to replace your 12V battery if you can wait the weeks (months?) for a service appointment.

Denying right to repair is about controlling the OEM parts supply and monetization of the software and services plain and simple which is why Rivian, Tesla, et. al. refuse to support Android Auto and Apple CarPlay and not the BS excuses of *controlling the user experience* especially since their user experiences SUCK!

What really matters is the FREEDOM TO CHOOSE which we do not currently have w/ many EV manufacturers; hopefully, Scout's pledge of 80% of repairs in your driveway includes DIY shade tree mechanics and not just Scout Motors mobile repair services like Rivian and Tesla.

ICYMI: Proton is a great example of commitment to independent audit of their open source software...

We believe in the power of open source
Proton VPN’s no-logs policy confirmed by an external audit
Proton Pass is open source and audited for security
Proton receives ISO 27001 certification