Tesla releases partial autopilot & infotainment suite code on Github.

Hey all, yesterday’s story was about Google and how the takedown of its longstanding ‘don’t be evil’ policy is an especially bad omen in the face of it becoming a literal military contractor by building project maven for the Pentagon. It is a sentiment I fully believe in and the precedent it sets scares me a lot. That being said it was more political than I like and was poorly received by the public, I think mainly for the title but also the fact that I had my sarcasm turned up to eleven, live and learn. So while not apologizing for what I believe in, I do want the tone of today’s article to show the other extreme.

So in that vein lets turn our attention to Tesla Motors who open sourced a chunk of its autonomous vehicle code and infotainment suite code on Github yesterday. The company had been getting flack for not doing it sooner though since it ships it’s cars with code installed that claims to be protected under the GPL, or General Public License. The license paraphrased states that any user can edit the code providing said user publishes that code under the same open source caveat. Publishing the code though was exactly what Tesla failed to do.

Even with that former controversy, I think that Tesla did exactly what it should have in this case. They were responsible and took the time to examine their liability in releasing the code of a machine which is more than capable of killing a person if it were to get out of control. It would seem that they also published only a portion of the code in an effort to prevent overenthusiastic DIYers from running out and building their own autonomous cars. Blindly handing it over to the public would be bad. But hiding it totally away is also bad. Remember for every bad actor you can imagine who is digging through this code there are plenty of white hat hacker/developer types who probably own their own Tesla’s and are very interested in auditing the security of the vehicles they use daily. I would argue that these people are in many cases better at building secure devices than the overworked Tesla engineers who inevitably are pressured to get products out the door before they are comfortable with their perceived completeness. If a person buys a product and has the training in a certain specialty pertaining to the product then they need the freedom to be able to disassemble the product to understand how it works, and more importantly, why using it will be safe for himself and his family. That being said the company also has a reasonable responsibility to protect the public from actors who could potentially weaponize this technology. Be it a hobbyist or a foreign agent or anyone else.

They certainly have a responsibility not to take their autonomous vehicles, slap sentry turrets on top of them and sell them to the Pentagon for big profits. Sorry, no preaching. I promise the only last thing I will say on the topic is that any time you take a firearm, attach it to a computer, and then decide whether people live or die based on a line of if-else statements it is irresponsible at best.

The Tesla Github repository can be found here.

Entirety of Pokemon Red for Gameboy, encoded into Minecraft red stone.

21 months of work and 357,000 command blocks, a truly spectacular project by MrSquishy.

Game-Ception: Pokemon Red Playable Inside Minecraft

If you’ve ever wanted to take a dive into and visualize a game’s code, this could be a seminal example in a literal sense. After twenty-one months of effort, the entire Pokemon Red game is now playable inside Minecraft. [Mr. Squishy] is the mad genius behind this project, laboriously re-coding the game literally block by block.

Every Nintendo Switch out today will be forever hackable.

So apparently there is a BIOS exploit in all existing Nintendo Switches that allow the Linux kernel to be loaded. And apparently it exists in all Tegra X1 processors.

Source: “Every Nintendo Switch can be hacked, and the tools just went… » Forbes

The $37,000 Rental.

Hi truck!!

This is my new truck, a 2017 Chevy Colorado. This year marks my 13th year as a Colorado owner, you see back in 2004 I bought a brand new 04 Colorado. It was my first new vehicle purchase ever and all in all it was a OK choice, I doubt I would have bought a second one if I didn’t think so. I paid $27,000 for it and it held up for me for the most part for 165,000 miles. Now there were a few notable exceptions to this, about 3 years into my ownership and right after the warranty expired my 4×4 transfer case blew up and was irreparable. It was a costly boo-boo and I was stuck with the tab. Then roughly 9 years into my ownership the 4×4 failed because of a broken solenoid thought I never found out for certain because I never actually fixed that issue. Fast forward to today, You may have noticed I paid another 10k for the same truck.. I know, I know.. I wasn’t thrilled about that part either. But there are some legitimate reasons for the increase. For one my new truck has a larger cab and more options. But more so because in the time between my two purchases the truck was totally redesigned. The Toyota Tacoma was crushing the Colorado on the market. It had more options and unfortunately was getting the reputation of being more reliable. Don’t forget we went through the GM bailout fiasco during this period. So GM had to find a way to rebrand itself and the Colorado went with it. Many of the former options became standard and many more were added. Not to mention the new Chevy MyLink entertainment system and thus we come to the point of this article.

Do I own this truck?

No really it is a serious question. I didn’t lease it. I DID partially finance it and you could conceivably say that the bank owns it. But for one they are not the organization I have a issue with here and two I really don’t think the law works that way. I financed the difference between my down payment and the amount owed I then purchased that vehicle myself and put said vehicle up as collateral. Now the bank has the title in their possession. I’m pretty certain my name is on that title while it is in the bank’s possession but really it’s irrelevant to the argument that will soon become clear. Even if their name is on the title in situ I would still argue that I own it as long as I keep up on payments and that the bank owns my remaining debt not the vehicle itself.

Get to the damned point already Jim!

OK, OK next couple sentences I promise. But first a couple questions.. So say for instance I was a mechanic and I was all excited to modify my new truck. I want to lift it, put on roll bars, huge tires, maybe even change the engine.. No. Scratch that, say that the engine is my first priority. I gut it immediately and throw in a V8 350 (assuming it will fit). Say I turn it into a first class rock crawler. I’m legally allowed to do all that right?
So why the hell do the rules change when the word engine is replaced with software? Can you really say that the vehicle’s software plays a more critical role in it’s safety than the engine? At best you could say that it is an irrelevant ‘apples to oranges’ kind of argument but that’s it. If I bought say a 1960’s Chevy I could verify that it is safe through my own checking. I could easily learn how the drive train operates. Take the engine apart. Verify the pistons and crankshaft operate smoothly. Verify that the valves all open and close without obstruction. Ect. Ect. Now please tell me how I verify that the code written on my rolling computer is not going to lock up mid operation? This may seem paranoid in the modern climate but try to understand that the next version of Excel takes years to develop. Fallout 4 took 3 years. 5 years for GTA5. Now think that your car’s software is pushed out the door in under a year… Yea, Seems like a lot pressing of an issue now doesn’t it. Point #1. check.

Secondly this truck operates with an always on 4G cellular connection tied directly into OnStar. I realize that OnStar is a subscription service and that someone could just make a dismissive comment that if you don’t want OnStar don’t pay for it. Simple logic, and I wish I lived in that world but things are just not that simple. The subscription layer of OnStar is the tip of the iceberg. An unsubscribed vehicle still transmits a ton of data. Like what? Well engine data, transmission data, 4×4 data, GPS data, the status of your seat belts, the current occupancy, really every scrap of data is recorded and saved in a database. It may seem extreme to save that all in one go but from a computer science viewpoint it is much easier to record everything and pick through it later. We all need to understand that this is all TEXT data. meaning the data from a few hundred vehicles could be maybe 10Gig? And assuming for a second that it is we are talking 100x that per terabyte drive. Storage is stupid cheap today. Google built Gmail on the assumption that data storage was literally free and it was a massive success. I’m serious, they literally went to their bean counters, told them to delete the storage cost line item and still made billions. Now I don’t necessarily think that GM want’s to do anything malicious with this data. I think they are caught up in the ‘big data’ trend and want to see how much they can improve their product. I respect that. The conflict of interest comes when government subpoena’s that data and GM hand’s it right over. Imagine you are accused of a crime and find out that you have been driving a rolling tracking device for years and the prosecution now had the record of everything you have done with your vehicle for a decade. No I’m not saying I plan on committing any crimes but from my viewpoint this is a violation of my constitutional right protecting me from illegal search and seizure.

I know the dismissive argument to that too. Some would say that if you’re doing nothing wrong you have nothing to hide. But I could write novels on how ridiculous of a concept this. Put simply privacy is a basic human right. Anyone who remembers the previous century will remember there have been volumes written about the dystopian implications of letting government and industry have access to all of your data. Now we are supposed to accept it as commonplace? I don’t remember when we had the public debate about if it is right or not to turn your personal vehicle into a tracking device. I don’t remember when we had the discussion about if it was right or not to have the details of who I spend time with, what I buy, where I go, all collected unbeknownst to me and contrary to my wishes. Try to remember that your ancestors fought wars to get you these rights and if you willingly hand them over you nor your children will ever see them again. This is a massive privacy invasion comparable to having a camera installed in your shower and all done under our noses. We need to make it clear to these companies that our data is our PROPERTY and collecting that data without our permission is THEFT. Unfortunately our technology presses forward and our laws drag from the rear. If we allow the theft of our information to be come commonplace then all is lost. We open the door to a 1984 esque dystopia, and once we hand over a right which has been previously fought for we never get it back. Never.
So that should be take as point #2.. point #3 was going to be about my right to modify my own vehicle and the disturbing trend of automakers to lock out firmware to all but the dealer’s mechanics in an effort to monopolize maintenance, but I’m sure you could extrapolate what I want to say about the topic based on my previous comments.

This post is already turning into a novel so time to wrap up. In summary I find the idea that I am supposed to trust that GM has sold me a product that is safe and unhackable simply unacceptable. Lump onto that my concerns about my data being stolen and.. yea, not cool GM. Don’t get me wrong I love the truck and I wouldn’t have bought it otherwise but it is going to take a lot of reading and work before I am 100% OK with how it’s ECM operates.

Which brings us finally to countermeasures. What can you the concerned reader do if you are in a similar situation? Well as far as the auditing is concerned there is no easy fix. I recommend this book called The Car Hackers Handbook from No Starch Press. Read it twice.

On the other hand if you are concerned about your data exfiltration I do have a semi-easy fix. You see all this communication between GM and the vehicle requires a radio, radio’s require antenna’s, and antenna’s can be cut. Do a little research and find the connecting line between the car’s ECM (on mine it is a separate communications module) and the cellular antenna. It will be a coaxial cable similar to your cable TV but probably a little thinner. Remove the cable at the ECM. Chances are it will screw on with an SMA connector. This will cut communication most of the time but if you park right under the cell tower it will still be able to phone home. To fix this you need to solder a 50 Ohm resistor onto a new SMA connector between the inner signal conductor and the outer ‘shield’ conductor. This will ensure that any radio signal is immediately brought to 0 volts.
With my truck I found out the whole assembly is somewhere behind the glove box so I’m yet to actually implement this but when I do I will be sure to post the details here. Okay that’s it, if you’re still here sorry for the huge post. and remember…

Freedom is only free when you give it away!!