Tesla Supercharger Network Opened To Non-Tesla In UK

All Honda E related discussions
Post Reply
Man-e
Posts: 38
Joined: Wed Sep 16, 2020 6:45 am

Post by Man-e »

I just checked my VIN on the honda UK recall/update checker. It shows a Pud warning lamp on quick charge failure detection.

Recall check.png

Called my dealer, they say it is an update for the quick DC charger system to prevent warning light coming on when either starting to charge or after disconnection from charge.
Need to book in to get the update done.

Have only done a couple of DC charges with an Osprey charger without any issue, but if it means there is less risk of having a failed charge on other charge, like some people have reported, then worth the update.

Update checker is here: https://www.honda.co.uk/cars/owners/rec ... dates.html

User avatar
londiniumperson
Posts: 1817
Joined: Fri Oct 11, 2019 2:37 pm

Post by londiniumperson »

I just checked again, and it seems like the update is now available for everyone. There weren't any recalls listed for my VIN yesterday, so it looks like this might be a general rollout.
2020 Advance in Crystal Black Pearl on 17's - 08/2020-Current
2015 VW Tiguan (Pure White) - 04/2018-Current
1991 Honda Beat PP1 (Festival Red) - 11/2022-Current
User avatar
EEEE
Posts: 593
Joined: Mon Aug 16, 2021 10:33 am

Post by EEEE »

Now if only Honda had the foresight to allow the infotainment computer to issue its own module updates... Just more proof that they want you to keep going to the dealers to sell/upsell some more...
'21 e Advance - Charge Yellow - E1702RR alloys
'17 Civic Sport CVT
'00 Prelude 2.2VTi
igb
Posts: 22
Joined: Sat Mar 26, 2022 11:40 pm

Post by igb »

"Now if only Honda had the foresight to allow the infotainment computer to issue its own module updates"


There's an extensive literature on how weak is the security of in-car networks: pop "canbus security" into Google Scholar and you'll see it's been a fruitful source of PhDs for the last five years, of which this one is just one of the more recent. It's hopefully not quite as blatant as "insert an audio CD, lose control of the brakes", but the whole thing is a cesspit.

So it's scary enough that a device sat on the Canbus and able to issue instructions to modules on the car is also fully connected to the Internet. It gets worse if the rest of the devices on the network are designed, rather than merely exploitable, to accept firmware updates from a device fully connected to the Internet, and that those updates are downloaded from the Internet via the ICE.

The manufacturers have an ugly history of trying to close this sort of stuff down with lawfare: that particular work isn't Canbus per se (it flowed from work on shockingly weak Phillips devices used for car alarms, Oyster cards and the protection of nuclear weapons by the Dutch airforce), but the researcher in question supervised several PhDs which were. JLR (a company with one of the worst track records for car security) and GCHQ/NCSC (who are the national authority for this sort of stuff) lent him a very nice Evoque for a couple of years to support those PhDs.

I'm not for a second suggesting that Honda's Canbus implementation is any less shameful than everyone else's, nor that they have left out over the air updates beyond the ICE for any reason better than laziness. But as someone working in a related area of computer security I'm not mad that they did.
User avatar
EEEE
Posts: 593
Joined: Mon Aug 16, 2021 10:33 am

Post by EEEE »

It's just that they don't own the entire stack. Honda cobble together modules from varying manufacturers and simply configure them to get 'some' functionality out of them and make it look like a car.

If you look at what's possible on the tesla side, they own the entire stack (infotainment/software/modules/firmware), so secure module updates can be pushed out frequently (I'm assuming it's secure enough). Light years ahead. There is always a security risk with any device, but if its implemented properly (Encryption, signatures/certificates) , then there is no reason for the concept of it to be so scary over and above how scary it already is (technically speaking).

Without getting into planned obsolescence, just think how much of any device could be improved and longevity increased if the software aspect was improvable/replaceable over time.

At the end of the day, any computer/device is just a black box (or set of interconnected black boxes) which are largely inscrutable. To think philosophically, other than the black box in your head that is your own conscience, could you ever trust anything to be safe? I guess an electric car could never be safe from 'interference' by a third party, unless it was akin to a milk float with a brushed DC motor and simplistic non computerised controller. Even without connection the internet, can I really trust the Honda e to be safe? They already flattened the battery remotely with the update push out lol. Can I get a source code printout? It has the physical ability to throw me off the road at a moments notice, or slam on the emergency brakes on it's own whim, or simply accelerate me to 93mph until it stops (perhaps suddenly). Just look at the well documented old Toyota incident that caused the full throttle issues caused by inscrutable and poorly written software that managed the engine/throttle.

That's not to discredit the infosec work, Whilst sometimes novel and a new field, it's largely academic and I feel misses the point (I say this because whilst it's a car and it hits home we are all affected, we already all are affected by the issues, regardless of what or where the black box is (an oven timer, an internet connected toaster, or an automobile). How do I know the car I bought wasn't tampered with? Is there an audit trail, a chain of sign offs that the firmware in every module was tested to meet some level of safety? Do I even trust that process (political/business influences etc?). Look recently at the Japanese manufacturer scandals regarding safety currently taking place with falsified test reports and airbags etc. The more you think about it, the worse it gets. What if one module got changed, was the whole process followed again to recertify the entire car? Supply chain attacks, counterfeit components, the list of issues is probably greater than the list of benefits of having such computerised systems. If I buy a new car, and someone already 'opened' it at the dealer, can I trust it then? Perhaps it needs to get delivered in a bubble so I can be assured no one tampered with it.

We trust debit cards, internet shopping and all sorts of other trickery that is incomprehensible to the lay person. I guess the issue comes down to more do you trust the manufacturer?

Sorry for the ramblings. I don't wear a tinfoil hat, but I fully accept there existence and the right for people to wear them, but it is too late because we have already accepted the trade off (That is, we have taken the benefit to society despite any security shortcomings).

Final thoughts - how do we know, now, that all of our Honda e's haven't been remotely compromised already? <twilight zone music starts playing>
'21 e Advance - Charge Yellow - E1702RR alloys
'17 Civic Sport CVT
'00 Prelude 2.2VTi
igb
Posts: 22
Joined: Sat Mar 26, 2022 11:40 pm

Post by igb »

"If you look at what's possible on the tesla side, they own the entire stack"

They don't really: it's Linux, specifically Ubuntu Linux, with their own stuff in and on top of it. That means that, for example, they don't support AirPlay or Android Auto, and you are restricted to (absent a variety of exotic add-ons which aren't quite jailbreaking but close it it) the applications bundled.

It's all about compromises. The Stellantis approach for ICE is the precise opposite of Tesla: they're heading towards a world in which there's just an CarPlay / Android surface in the car and no bundled applications. Apple want to leverage that, in that they're now starting to offer things like ventillation controls in Carplay+ (or whatever it's called).

"We trust debit cards, internet shopping and all sorts of other trickery that is incomprehensible to the lay person"

We don't really: what we trust is the regulatory context they sit in. If your debit card is compromised, your recourse is via the Ombudsman and the FCA. Debit cards don't have to be secure against all attacks, they just have to be secure up to the risk appetite of the provider who is back-stopping the risk. So contactless payment is "insecure" in the sense that a stolen card can often be used, but you don't care (you get your money back) and the issuer has made a judgement that they can carry that risk. Amazon will ship to random addresses and some stuff gets stolen, but again, you get refunded and they've taken a decision to carry that risk in exchange for making more sales. When it's the braking system on your car, the regulator sorting it out the following day doesn't really help!
igb
Posts: 22
Joined: Sat Mar 26, 2022 11:40 pm

Post by igb »

I had the patch installed this morning and immediately played Russian Roulette with a Tesla charger. See viewtopic.php?p=17335#p17335. Full charge and no warnings, errors, red lights, etc.

Screenshot 2024-06-21 at 12.22.55.jpeg

IMG_5355.jpeg

User avatar
Reuben80
Posts: 564
Joined: Mon May 25, 2020 3:29 pm
Location: Malta

Post by Reuben80 »

Great. How long did it take to install?
igb
Posts: 22
Joined: Sat Mar 26, 2022 11:40 pm

Post by igb »

Half an hour? That’s what it was booked in for. I arrived at 8 and left by 9, but they didnmt start instantly and they left me to finish my second coffee.
Post Reply

  • You may also be interested in...
    Replies
    Views
    Last post