Also, this bus is not usually exposed to the OBD port, so OpenPilot just connects to the same port the stock ADAS ECU uses.
If anything, every access to hardware you own SHOULD be this easy.
So the driver can still regain control from a hacked device by deactivating cruise control, which s/he can do by moving the steering wheel or pressing one of the pedals.
I agree that this needs more hardening, but reading this comments one would get an idea that a 12 years old kid with a 10EUR dongle can hack any car. When in reality, stuff is a lot harder to do.
Also (caution, tangent): MCUs in cars is one of the systems where I want more encryption/signing and less hacking - especially for owners. Foremost to get rid of all the chip-tuned soot sources I am constanly driving behind.
The manufacturer knows how to control the engine, the random idiot with a laptop in 95% of the cases does more harm then good. If the manufacturer botched the MCU (hello VW), then he is held accountable. If he allows users to cause harm to the environment (chip-tuning), he should be held accountable too.
In developed world (EU), the owners are accountable for their vehicles. Including emission controls. But the problem is on the enforcing side, from the people actually doing the enforcing to the (un)avability of appropriate measuring devices that are able to detect the prescribed levels.
EDIT: As I saw that you are from AT. You do know that your country has a reputition of 'hardcore' car modification checking at the inspection? :D But yeah, I noticed several problems with that and your system of 'we will just let every mechanic certify the cars'.
Chip tuning always meddles with curves the manufacturer chose after long consideration and extensive tests (let's just ignore VW for a moment) - and you are trying to tell me that guy from this shop just "knows better" and "sure, this will be better in every possible aspect"?
Are you trying to say a 2019 BMW out of factory will shoot out black smoke while accelerating (quite boringly) from a traffic light?
In my experience though, tuning is mostly done in conjunction with changing other parts (headers, ports, cams, add a turbo, fuel kit etc.) so the manufacturers long consideration of the best balance for the stock engine is no longer relevant. You have to retune to get proper performance; fair that tuners are rarely considering emissions like the manufacturer would, but changing the airflow characteristics without changing the tune is a bad idea...
Where I live, cars need certification/a license to be operated. The manufacturer does that for you, so you can obtain the required document quite easily for your car.
Aftermarket parts are regulated - you can't install what you want, it needs to be certified for your specific make and model (and motor variant, etc.) - otherwise your car is not legal anymore.
This applies to chip tuning as well. Since you're modifying a certified part, it looses the certification - obviously.
What new cars are allowed to emit, is strictly regulated.
Further, since this very month, we have a carbon-based tax on new cars (based upon the aforementioned certification from the manufacturer). Thus if the emissions of car are changed, you're basically evading taxes as well.
Where I live, chip tuning is almost only done to get a few HP on the cheap. And it is unfortunately very popular and nobody really cares.
Edit: You can seek in individual certification for some modifications, added to your documentation, but a tampered with ECU is not one of them I think.
But I just remembered regarding certification - BMW is selling official performance/tuning kits (Sometimes called M-Performance tuning kit), where you get a whole new ECU with more power (and maybe some other parts, but nothing major for sure). And now I really wonder how is the legality of that. And also adds another point, that there are valid and reasonably safe tuning options.
Most places I have lived in north america you are relatively free to install whatever after market parts you want, including things you have fabricated or modified yourself and people do some pretty extensive builds. That just doesn't work without changing the tune also.
BMW E90 series for example, from around 2008 onwards the 116d and 118d have exactly the same engine (per BMW part numbers mind you) but a different power output, even 120d only has one part difference (the ones with N47 engine that is). On VW part, new-er VW Caddy and VW Transporter with diesel engine option(s) have the same physical engine (in the model year) with widely different power outputs -> because they differentiate it for different segments via software.
And even moving from that, because of regional rules in NL for example, the cars with up to 140HP are prelevant and ofcourse VAG is not making a new engine just for NL, they limit one of their exsisting ones.
So yes, I believe that cars like this can be safely tuned without _any_ significant unwanted consequences for the longeviety of the engine/car. Mostly because the maps/factors can be adapted from their siblings with more factory power.
Regarding the black smoke/soot - no I believe that this is a (very) bad tune or something physicaly wrong with the car. It could be that they removed the DPF/EGR for some reason or something like that. But this is a whole other can of worms.
Not when it requires physical wires. This isn't some wireless TCP/IP stack connected to the internet.
Car entertainment/air conditioning systems usually also use a physically separate CAN bus so internet-connected dashboard devices don't get access to the engine and steering controls. They may share 12V power and that's it.
Comma.ai gets access to the "secret" CAN bus that can control steering via the lane keep camera next to the rear view mirror, not the OBD port or entertainment system.
But in reality, no one's develop that sort of tech, and if a baddie wants to kidnap or kill, they'd probably spend their resources somewhere rather than hacking such a tool.
If someone wanted to make you drive off a cliff, they don't need a fancy internet-connected gadget. They could just loosen some screws on your steering column and leave.
If you have physical access to something you can always compromise it.
Safety critical CAN bus messages should be signed.
What has changed since https://www.wired.com/2015/07/hackers-remotely-kill-jeep-hig...
Steering or gas or brake ECUs on older cars without fancy adaptive automatic thingy don’t accept remote control, units in such cars only take analog user inputs and only report statuses on the bus.
Since ADAS is complicated and developed independent to the rest of the car, car manufacturers expanded those actuators to incorporate remote control mechanisms, and ADAS systems are implemented as a self contained computer that send out those control messages. Sort of like a Raspberry Pi with the camera in a case that is advertised as an “Ethernet AI camera”.
Openpilot on officially supported cars impersonate those ADAS unit. They are not directly meddling with pedal potentiometer readouts and such. That kind of rigging are used in some lab experiments but not in the majority of OP driven cars.
Right now disabling car after violent crash looks like obvious security feature that every car (especially electric).
It's common to extract diagnostics about the car from this port. For example, when buying a used car this is highly recommended. Buy a cheap adapter that you plug in, connect to it over BT from a phone, and read out error codes. Perhaps the owner has temporarily put out an error to mask it during your inspection?
Just wanted to add many comments on Can and obdII:
In the United States the obdII port is required beginning in model year 1996.
The obdII port and the CAN is analogous to rj45 and cat5, 5e, 6, etc.
Should note, the can bus is anything but bog standard.
However, in 2008 the United States required that all vehicles provide an iso15765 interface as the basis of the on board diagnostics. Iirc, 15765 is a subset of Can that's for cars and not forklifts. Can is controller area network.
There are a large variety of protocols talked across Can, far too many to list as you have noted. There are schemes which are serial, parralel addressed and not, and even analog signaling cohabitating this generic breakout port.
Where it differs between cars is the capabilities of the DLC, if the vehicles isn't equipped with a sensor suite, there will be no correspondent ecu subsystem to query, but for the most part you can send control messages to anything you want on a DoT approved vehicle, unless it is locked away behind a specific gateway and the car manufacturer is still hiding the method to control access to the device.
None of this applies to infotainment devices or comfort features.
Consumers should rue the day we return to the age of mystery subsystems requiring special protocols.
The reason I say this (and I suspect but, can't remember the 2008 iso 15765 mandate rationale) is that you probably want your mechanic to be able to fix your car, right?
Anybody who might be interested in the wild and fun world of automotive Com protocols such as this I can recommend to you this good and recent resource from 2020: https://www.csselectronics.com/screen/page/simple-intro-to-c...
Looked at it like a fixed phy layer with some parts of the messaging fixed as well, although now that you brought it up, I remember adding J1939 support too.
Ugh, it was, in my opinion, a bit-hacked mess :) I can really appreciate when things that despite being messy and hackish, solve real, actual problems, and for that, I thank thee, CAN-bus :).
Of course a hardware air-gap is inconvenient when you are trying to ship subpar hardware and software on a shoestring budget, so the industry invented smart CAN "switches" and it's possible to escalate the access the diagnostic port provides, or tunnel from the infotainment network to the safety one. In newer cars, you can also possibly substitute CAN in this post with Ethernet.
It is not, however, required that said CAN bus is used for anything other than for passing emission tests. Easiest way to implement that feature is by exposing main CAN bus on that port, but you don’t have to.
I don't think the port is the surprising part, it's the ability to articulate brakes and steering wheel!
To be clear, I don't have a car or a driver's licence, I was just surprised that this standardization was a thing at all. Seems like a stark contrast to all the walled gardens in every other technology-related industry these days.
TL;DR: Apart from really basic data and physical connector, everything else is (ever more increasing) walled garden. With new VWs and Fiats requiring online connection for even most basic operations - so even if you know the protocol, you have to unlock it online (See VW SFD and Fiat SGW)
I think the obd connector on tesla doesn't do anything
 : https://www.youtube.com/c/commaaiarchive/videos
Guess I'm old... cuz that was painful to watch. Reminded me of the juvenile videos that Digg founders released back in their heyday. Sometimes you don't want/need to see behind the curtain!
But yes George is definitely the misfit hacker wonder-kid type, and in both senses of the word hacker. He was one of the first to jailbreak the iPhone and the PS4 or 5 (can't remember which)
You can see his learning and motivation process in his streams, when he dives into something he's totally unfamiliar with. It's very inspiring and fun to follow along with (partly because he clearly is having fun). He really enjoys learning things and has the kind of ego (not in a bad way) that just doesn't let anything stop him from trying to catch up on any concept in any field, even if he's totally "veering outside his lane" and going in blind (like his COVID-19 bioscience streams). He has a deep, almost hypomanic hunger for knowledge, and keeps Googling things until he understands everything he's reading. I think a lot of it's psychological and not purely IQ/cognitive speed, though of course it helps.
If anyone's curious, you can find an archive of his streams here: https://www.youtube.com/c/commaaiarchive
Just to counter a tiny bit, he didn't necessarily win by an enormous margin. CMU's PPP has overwhelmingly dominated every collegiate CTF since forever, and he was a CMU student and I wouldn't be surprised if he trained closely with PPP members. He got 5100 to PPP's 4800, which, to play Devil's advocate, depending on the particular point weights of the solved challenges, could potentially mean he solved one additional challenge over PPP (though possibly more; I didn't dig to find the exact breakdowns). I believe he also deeply specialized in low-level RE from a young age (as demonstrated by the iPhone and PS3 exploits), and from my perception that was less common among collegiate CTF competitors and gives you a huge leg up. But of course mastering something that difficult so young and being at CMU are itself huge achievements, as is outmatching PPP on anything at all entirely by yourself.
Obviously insanely impressive, and exponentially better than I could've done (and did do) at that age or could do today. Be it intelligence or endless drive and work ethic or all of the above, he's clearly an extremely skilled polymath. I guess I just didn't want people feeling too demotivated over genetic factors, which play a big but not a full role. He may very well be a genius, though.
So I applaud the engineering but it's not a device I'd buy (and yes I do own and carry around a cell phone).
Ever had an android app or even the whole phone locking up? Even if it is only for a second or two, I don't want this to happen to a device that feeds live data into my car's controller.
Even if this is only level 2 driver assist. If a car would get a bogus "you are crossing a divider line" signal for e.g. 2 seconds, it would start to steer quite persistently (even if with limited force) in a certain direction and you would have to counter that action.
Nope, I wouldn't use this.
It's also opensource so I think the end game is to have manufactures adopt this and go through the whole song and dance of getting it full validated on their vehicles.
That appears to be where the gold is stashed to my eyes.
If the software is open source and works very well, comma will still have a long lead in developing a great self driving model for which the bricks are miles driven down the road in normal commutes and trips by real drivers in real world conditions.
The only instance where you are steering is on the new lane switch (turn on blinker, check lane, depart from current lane)
This system is meant for cars without level 2 driver assist, so not for Teslas.
Further, the system has no control over what "disengages" in the car itself - it is sending bogus sensor inputs to elicit a reaction according to level 2 driver assistance. Thus, if it sends such bogus inputs and fails at doing this "reliably", it will result in misbehaving steering, breaking, etc. which it does not control itself.
Further, if it was in control, my argument would stay: If your controlling device has left the building (crashed), it can also not disengage anything any more reliably.
The driving model runs on the modified android OS (NEOS), but the safety critical code runs separately real-time on a SIL2 STM32 microcontroler. Comma strives for ISO26262 compliance.
The next comma hardware will ditch android and phones though.
Can I even buy a new car in the U.S. these days that isn't a rolling Orwellian nightmare?
Some sources mention it is for research only purposes (in closed roads?), others advertise this as a CES consumer product, has the project evolved along the way?
Each car manufacturer has to provide a battery of tests to regulators for each vehicle and sub-system within each vehicle. This project claims to be safe to use on more than 100 separate vehicles, perhaps I am missing something but this claim would require a considerable amount of evidence.
I am all for open-source and experimentation but in cases where we cannot provide guarantees, this should be done on a private road at your own risk.
It is not just your own risk but also that of other pedestrians, cyclists, and drivers that share the road with you.
"At your own risk" means you bear the risk (legally). If something happens, it is on you, and the manufacturer offloads any liability on you.
That does not imply what the risks are. Life threatening? You are risking other people's lives.
While a reasonable interpretation includes putting the driver at increased /legal/ risk relative to a system where the manufacturer represents it as for sale for autonomous driving, it is unreasonable to infer that this puts the driver at greater risk of being sued, having to sue, or monetary loss. OpenPilot may be better / safer than the competition such that using it lowers your risk of accident, monetary loss, etc. even including any purported loss of the ability to pass the buck to the manufacturer.
> openpilot is developed in good faith to be compliant with FMVSS requirements and to follow industry standards of safety for Level 2 Driver Assistance Systems. In particular, we observe ISO26262 guidelines, including those from pertinent documents released by NHTSA. In addition, we impose strict coding guidelines (like MISRA C : 2012) on parts of openpilot that are safety relevant. We also perform software-in-the-loop, hardware-in-the-loop and in-vehicle tests before each software release. 
I would be quite curious to see how they perform HIL tests and in-vehicle tests and if those results are also public?
Edit: I cannot edit or remove the grandparent comment but I leave here this correction
And of course that uC unit comes in a 3D printed enclosure so yeah
ISO26262 compliance is really heavy and requires enormous amount of documentation and requirements tracking.
Waymo and Tesla have some hope. Cruise and Zoox are burning VC money like crazy with little to show.
The numbers for Cruise reported by GM :
As of six months Q22020, Cruise posted revenues of $53m and total expenses of $498m, compared to $50m in rev and $553m in expenses for the same six month period in 2019.
Total cash in hand for Cruise is $2.2b with zero debt
2 more years of cash burn is not your typical startup that is 'burning VC money like crazy', but still the cash burn is large.
Now the question is if Cruise can expect any revenue from the new DMV authorization in SF 
 starts page 9 https://media.gm.com/content/dam/Media/gmcom/investor/2020/j...
I don't think manufacturers will outsource the development of their ADAS systems to Comma (or anyone else for that matter) because they view it as a potential short-term differentiator. The existing differentiators are collapsing quickly: reliability is no longer a major concern for EVs, infotainment is lost cause (Carplay and Android Auto won decisively). Aside from ADAS, we're looking at a scenario where in 10 years the only reason to buy from company X vs company Y might be price.
Also free to checkout navigating SF with OpenPilot https://youtu.be/0TpMMoQ7GGg (30 min). I highly doubt you would find similar results with a Toyota TSS 2.0 system. Nevertheless, I will let the contents of the videos speak for themselves.
Those videos didn't really change my mind. I'm not convinced at all that it's really that much better on the highway. It's definitely better for non-highway driving, but it also had a few disengagements that he had to intervene for.
Look, if it was $1000 for Level 5 autonomy I would be the first in line to purchase it. But it's clearly not anywhere close to that yet.
It was a bit confusing because they don't own a Toyota, but they do own a Subaru.
> I have a Subaru with Eyesight, not a Toyota.
I'm guessing MY = Model Year?
That's a $50k 2020 model with all premium features added. I haven't tried Comma, but from what I can see it can actually drive itself in the most routine situation - staying in a lane on a freeway. My Pacifica can't do that, even though it has 8 cameras and a radar.
So perhaps having more of those "half way there" self driving features could lead to more of such anxiety, I'm not sure. And I don't know who I would trust more, a car manufacturer, or someone like Comma AI, with my safety. Leaning towards car manufacturers to be honest.
A key phrase here is "just buy a new car". You might be able to afford that but most can't.
I don't know what Comma AI's market strategy is but I would imagine there is a huge potential aftermarket for gizmos like this in capable older motors, with that growing as time moves on and the enabling technology takes hold.
But George is selling it fir the same price to them as well, they just don’t want to rely on him.
1. Speed limit for the area/road I am in.
2. Real time radar report telling me how many cars/pedestrians e.t.c are around me.
3. Information on common accident types in the area I am driving in.
4. For my corner of the world, it will be good to get a report on road status before I take the route - something like gravel, cratered e.t.c
I suspect that something like this would sell like crazy for existing cars. Basically a thing were I install a camera/sensor that is hooked to such a device.
That one already exists, many manufacturers already provide 'intelligent speed' systems, which combine gps and traffic sign recognition camera info to determine the current speed limit in that stretch of road and display it on your dashboard.
- Satnav, is based on GPS which has a degree of error, it might place on a 4 lane road or a 2 lane road immediately parallel to it, with a drastically different speed limit.
- Satnav has no way of adapting to temporary lane closures or roadwork speed limits.
That's the reasoning for combining GPS with TSR camera data, in these 'intelligent speed' ADAS systems.
Waze is pretty good at this, presumably because the road/map data is crowdsourced
My 2018 Honda Accord uses the camera to read speed limit signs and displays them in both the heads up display and in the middle of the gauge cluster.
Then I use Google Maps with CarPlay to offset some of that other information. It will alert if an alternate route becomes faster, or a wreck is ahead. I've also found it's been pretty good to know about road closures as well.
I think this one is incredibly important. Although drivers/AI need to maintain an adequate level of preparedness for general situations... cities and police departments have historical data for accidents. There should be notifications about specific things to look out for. Net-net this might actually reduce accidents
I like to play the 'continuous driving' game where I coast in neutral if the next light is red and try to get the green light so save kinetic energy etc
With this data I could compute the avg speed required to do so (granted there are other factors because I don't want to clog the traffic too etc etc)
Computers assisting but not supplanting people's natural abilities is one of the utopian visions of how to use technology. GP's idea seems brilliant and the only downside is that 2020 has shown that lots of stupid people would proudly boast how they ignore the warnings or pump the statistics in the wrong direction. They would probably get a catchy name for themselves too.
Our brains are kinda specialised to process information at that speed, not at cars speeds.
Having an augmented reality is definitely useful, the same way it's useful for you to have access to maps with realtime location in your phone while walking in the city. Why don't you use your brain and navigate solely through memory? You could still do it, why use a smartphone for navigation? Because it helps.
The same is the case for augmenting information you have, in a car it can be quite useful if you end up missing a sign for the maximum speed (as I've done through Germany in some Autobahn stretches that change speed, most of the times due to construction). The same is the case of giving more spatial awareness through data, who is around you? That is the most basic skill you need as a driver, if there are systems to feed you this data in a quicker and more processable way rather than relying on other people's ability to maintain their attention to be checking their mirrors and keep awareness of their surroundings all the time, so be it. I do it all the time while driving, I don't trust others do the same.
So you know, you could also use that brain a bit more.
The idea suggested is interesting. Some of it I solve by a regular navigation app. But looking at this screen on my right may not be the ideal experience.
It won’t surprise me if these might not be “road legal” modifications, or at least modifications that may incur additional criminal liability Im also pretty sure that insurers can use these to deny claims if accidents happen.
For those who are familiar with the project - what is the security situation like?
and according to their website....
> Coming soon
> The delivery and use of Ghost products will depend on our ability to meet certain reliability and performance levels, as well as receiving applicable regulatory approvals, which could take longer for certain car models and in certain jurisdictions. We continuously work to improve the functionality of our products, and as a result, some of the features depicted herein may be delivered to you via over-the-air software updates or equipment upgrades.
The problem is any idiot can get a drivers license that let's them pilot around a 5000lb steel cube for about $200 and 20 hours of training time. And punishments are extremely lax for when mistakes are made.
> The problem is any idiot can get a drivers license that let's them pilot around a 5000lb steel cube
I don't see how it's nonsense, given that the driver's license problem isn't going to be solved any time soon. The problem is that our society practically requires basically everyone to be able to drive to function, unless you happen to live in one of the relatively rare places with good public transportation.