When EV startups shut down, will their cars still work?
72 points
28 days ago
| 14 comments
| restofworld.org
| HN
janosch_123
28 days ago
[-]
I built some custom EVs & drove many miles with them. I used hacked/reverse engineered OEM parts for them.

While the servers going dark might be annoying, you still have access to your cars hardware, giving various attack vectors in making your car "go" again.

- CAN protocol between components is relatively straightforward to reverse engineer, and on a fundamental level all modern EVs work "the same"

- you/someone can put a new circuit board into the remote-disabling component and tell the rest of the car "everything is fine, please drive"

- depending on how much the OEM has invested in preventing this, it might get harder, but it will always be possible (last resort, swap to new brainboard)

So, all that said, this is of course a worry for the consumer (liability as well when modifying the car of course), but if you control the hardware and enough other people have the same car as you I believe they will be reverse-engineerable.

You can check my submissions, I am making a video series about how modern EVs work, also check out openinverter.org community.

One more anecdote: Fisker Ocean was in a similar place recently and I started looking at their owner groups to see if there would be a business case for me to get more involved, but I haven't pursued it further.

So in the same way that "life will always find a way" in Jurassic Park, I think if you bought something that enough other people have bought, someone will hack it/share a solution (albeit voiding the warranty in the process).

reply
FloatArtifact
28 days ago
[-]
I never understood the liability aspect of vehicle repair from a manufacturer's standpoint. The common refrain seems to be that these new vehicles are not serviceable without the dealership/manufacturer. It seems to be a narrative to drive out the owner from repairing vehicle or independent repair facilities.

The liability seems to be the same as historic vehicles, for... vehicle repair. So why is this any different?

The burden of proof is on the manufacturer to prove that a modification caused damage to the vehicle.

reply
spamizbad
28 days ago
[-]
I'm also surprised nobody (well the press and regulators): Why are you allowed to design vehicles whose safety is brittle enough that it can inadvertently undermined by an independent mechanic?
reply
tlb
27 days ago
[-]
There's no way to design vehicles that can't be made unsafe by a mechanic making a mistake. Even for purely mechanical things like brakes, a mechanic can leave out a bolt or crack a structural member so that it breaks on the road. EVs require careful procedures, for instance to make sure that any of the high-voltage wires can't rub against anything and wear through the insulation.

Dealer mechanics make mistakes too, but at least they're trained on the specific car, and they can collect data to notice a pattern of things breaking after certain people worked on them.

reply
mulmen
28 days ago
[-]
Most software is secured my limiting access. That’s not really an option with a car.
reply
jjav
28 days ago
[-]
> So why is this any different?

It is only different in that by making cars internet-connected, the manufacturers see a golden opportunity to make them all cars-as-a-service that you must buy but no longer own. In other words, profit and more profit, greed.

reply
from-nibly
28 days ago
[-]
Yea but the burden of action is on the victim to have a more expensive lawyer so it doesn't matter one way or another.
reply
echelon
28 days ago
[-]
While I don't doubt your enthusiasm, I don't want my car experience to feel like Arch Linux. I want something I treat like an appliance or utility to just work.
reply
janosch_123
28 days ago
[-]
I am with you of course.

What I am highlighting is that if enough people are affected by a bankrupt OEM, it is not the end of the world to fix them so all is not lost in that case.

I also don't think it is a particularly smart idea to have your car needing to chat to the mothership before it decides to do it's job of driving you somewhere. At least for the consumer I see limited benefits of this trend.

reply
yencabulator
28 days ago
[-]
The "just work" people are the reason for the prevalence of phone apps and cloud services in so much today's gadgets, and that dependency on services is exactly why all these things fail as soon as the company who made them fails.
reply
the_snooze
28 days ago
[-]
I'm in the same boat, which is why I've soured greatly on a lot of things internet-connected. Internet connectivity almost always means needing perpetual updates (whether for security or just for keeping up with remote APIs changing). The economics don't make sense for providing that for free forever, so anything under that model must be either a rental/subscription or isn't built to last.
reply
lambdasquirrel
28 days ago
[-]
It’s definitely too much work for everyone to repeat and duplicate.

The obvious solution (to those of us here) is open-source and right-to-repair requirements.

reply
elif
28 days ago
[-]
I don't think the average fisker or lucid purchaser is willing to do 500V hacking. In fact, I would wager the DIY fisker/lucid community might be less than 6 people.

I admire the spirit but I just don't think hackers will do much with $100k bricks beyond salvage components.

reply
janosch_123
28 days ago
[-]
Absolutely. But they may be willing to pay someone to swap a component. EV hacking is a small community still, but with more of them on the road every year more and more people get interested. If $100k are turned into a $0 brick and you can turn it back into $100k there is a commercial as well as academic interest there.
reply
teunispeters
28 days ago
[-]
CAN bus is in many ways too difficult to encrypt. (not that it can't be, it's just got way too small a packet size). Nothing prevents manufacturers from getting complicated though - eg "knock three times on this ID, then request info from this ID then .....". (example from an old Shadowrun netrunning campaign idea)

I'm working in EV charging domain. EV chargers that comply with ISO 15118-20 may prove difficult to get working once more (due to key signature requirements). Otherwise, all should continue working as long as the charging protocol they use continues to be supported. And that said, the EV charge managing component should be replaceable.

reply
oulipo
28 days ago
[-]
for e-bikes at least, it seems that Bosch e-bikes use AES encryption between their controller and the battery, to prevent third-party batteries, perhaps you have knowledge about this, or how it could be possible to circumvent?
reply
ronsor
28 days ago
[-]
You'd probably have to extract the encryption key (which has to be the same between all controllers and batteries, otherwise it wouldn't work).

Depending on the hardware this can range from needing to attach a debugger to JTAG, to dumping a flash chip, to decapping a microcontroller at the hardest.

reply
janosch_123
28 days ago
[-]
I can't crack encryption I am afraid. Got a link? It's the first I hear about this.
reply
dzhiurgis
28 days ago
[-]
Yikes, how is this even legal for a EU company.
reply
jauntywundrkind
28 days ago
[-]
The 2015 "Jeep Hack" (affected a huge number of Fiat Chrysler cars) was actually one of the coolest moments of hope & inspiration for me. Ok, so the embedded OS isn't linux, but it still runs good old FreeDesktop D-Bus? You can just RPC to the window & tell it to roll down? You can just RPC to the head unit & adjust the volume? Nice. https://www.wired.com/2015/07/hackers-remotely-kill-jeep-hig...

I'd assumed everything was some terrible impenetrably dense proprietary cruft, but oh, the whole system runs some standard well known protocols that would be super super super great & convenient to use, if we had network access to the car? Yeah, nice.

Wouldn't it be so great if someday things actually got better. The "Hack" was, oh, you can engage the parking break if you get network access. Oh no! So the response is that now we for sure will never be empowered useful-to-ourselves consumers again. It sucks that the low-trust society keeps dominating, that it keeps overshadowing the can-do is-possible universe, that making possible is forever dwarfed by Fear Uncertainty and Doubt.

The one really bright spot of the past, in my view, was Webinos, which was a super cool IoT system that had some automotive interest. Notably, unlike most systems, it kept users sovereign, let devices (like cars, or car windows/stereos) expose themselves up to user-specified gateways, securely without intermediaries. Didn't make it, but I have yet to see anyone with 1/5th the promise, with anywhere near as low-ickiness as modern devices.

reply
pinkmuffinere
28 days ago
[-]
How far can you go with these modifications before the vehicle is no longer street legal? I suspect that even minimal changes might cause an issue there?
reply
janosch_123
28 days ago
[-]
Depends, but it's possible: All vehicles I built were signed off by the licensing bodies & fully insured. We told both the lawmaker and the insurer about all our modifications and with some paperwork it was possible.

The community I linked above is full of people doing this kind of stuff. Some if it illegal, some of it legal.

Jailbreaking an EV I haven't thought about yet, but if the original manufacturer is bust, and you can show some degree of care to the licensing body I am sure it's negotiable.

Obviously it would be better to not be in this position in the first place, but problems are fixable.

reply
pinkmuffinere
28 days ago
[-]
Yes, for sure. Thanks for your response, the info you share is very insightful. Hopefully I will never have to use it :)
reply
rasz
28 days ago
[-]
>Fisker Ocean was in a similar place recently and I started looking at their owner groups to see if there would be a business case

Rich Rebuilds got one for this exact reason recently https://www.youtube.com/watch?v=b_OxgAYG0Io

reply
mrweasel
28 days ago
[-]
My dad has a "smart" radiator. For 5 months he couldn't control it remotely because some server in Norway was down.

There should be some escrow system for software and service for something as expensive as a car. When Saab Automobile went bankrupt in 2016 a number companies where quick to announce that they'd be able to source or manufacture replacement parts. You can build a brand new 2CV from replacement parts, with an electric motor, and I'm almost certain you can do the same with a VW Bettle.

All the "smart" stuff leaves us a risk of having to discard brand new functional vehicles at a huge environmental impact. Unless you drive a lot, it's better for the environment to maintain an old Saab, compared to buying a new Chinese EV.

reply
crazygringo
28 days ago
[-]
Yup, I'm a big believer in regulation-mandated escrow for keeping software servers on and media purchases downloadable for a legal minimum of something like 10 years, and even longer for major purchases like vehicles, household appliances, etc.

If you can't maintain it because you go bankrupt or whatever, you've already paid another company to take over. No different from mandatory insurance, basically.

reply
api
28 days ago
[-]
There is no reason this stuff needs to be dependent on the cloud at all. It's a mixture of self-serving reasons like wanting to sell subscriptions and the fact that modern developers are so steeped in the cloud that they can't imagine how to do things any other way.
reply
bo1024
28 days ago
[-]
Of course, this trend such as "software defined vehicles" is happening with all cars, not just EVs.

The main problem points for incompatibility are places where the car interfaces with software outside of itself. As that software gets updated or APIs change, the car can go out of date. I think chargers and automatic payments might be the most important one there.

reply
breerbgoat
28 days ago
[-]
And that's why no one should be buying any Chinese EVs except BYD. (if you absolutely have to buy a Chinese EV). All Chinese car manufacturers except BYD are losing money with every car they sell, and insiders agree that every other Chinese EVs except BYD will fold or go into bankruptcy.

Why did Chinese companies jump into the car industries producing cars when they didn't have the know-how before? simple, rent seeking. Chinese government was offering incentives to do so. https://reason.com/2023/08/23/chinas-e-v-graveyards-are-an-i...

A “life and death race” has begun to unfold in the world’s largest market for electric vehicles - https://www.cnn.com/2024/04/24/business/china-ev-industry-co...

reply
ggreer
28 days ago
[-]
Chargers and payments are a solved problem. The charging ports are standardized (NACS in North America & Japan, GB/T in China, and CCS2 everywhere else). The protocols for automatic payment are also standardized. Some EVs made by other manufacturers lack support for the payment protocols, so Tesla has started rolling out credit card readers to their Supercharging stations as a fallback. So even if there's a new automatic payment standard, in the future you'll be able to use a credit card to pay.

The first generation Model S still works just fine at Superchargers. Any EV you buy today is even more likely to have support a decade from now.

reply
pornel
28 days ago
[-]
Why would chargers break compatibility? The protocols are open standards, and there's a huge install base for them in both cars and dispensers. Even Tesla's NACS adopted the ISO 15118 protocol, the same as in CCS cars in US and Europe, which allows use of dumb adapters to keep backwards compatibility.
reply
bo1024
27 days ago
[-]
Sorry, I should clarify that I'm not worried they actually will, just that that charging seems like the most vulnerable point in terms of relying on outside software.
reply
OptionOfT
28 days ago
[-]
This reminds me of a story of a hiker (or 2) who rented a car through one of those apps that immediately unlock the car for you, and then you just park somewhere.

Well, the place they parked had no cell phone reception, so they couldn't unlock the car there and leave (how they locked the car is another question).

From the article

> He also couldn’t see his car’s mileage and charging status on the dashboard.

I'm assuming this is in the app...

reply
jlund-molfese
28 days ago
[-]
I used Polestar’s app as a key for my car for a few weeks. I think everyone does! “Wow! I don’t need a car key? So futuristic!”

All it took is one trip to the Salton Sea where either my phone or car didn’t get cell service and I’m never making that mistake again. Which is especially weird because Polestar claims that the digital key works using Bluetooth, but the auth itself must be done over the internet or something.

reply
dzhiurgis
28 days ago
[-]
17 months with a Tesla and I've never been locked out.

Sure I do have to take my phone out of pocket maybe once a month (not unlock screen), but I blame Apple here for going into some weird power saving mode.

This is a solved problem. Problem is Polestar, not the concept.

reply
LUmBULtERA
28 days ago
[-]
Does Polestar not give a backup key? I ask because Tesla uses a phone key too, also claiming it will use Bluetooth and does not need connectivity. But, Tesla does advise you to keep their card key backup in your wallet, which always works.
reply
rogerrogerr
28 days ago
[-]
Tesla phone key absolutely uses Bluetooth; it’s pretty seamless.

One way you can tell - if you open your frunk from the app, if you’re on Bluetooth it’ll do it immediately. If you’re talking to the car over the Internet, it’ll warn you about needing to close the frunk manually.

reply
jlund-molfese
28 days ago
[-]
They do, and I carry it around with me now. In the grand scheme of things, carrying around another key on my keychain is totally not that big of a deal.

Still, jealous of the Tesla wallet keys!

reply
LUmBULtERA
24 days ago
[-]
Many of us nowadays don't carry keychains. I have keypad locks on my home and with a Tesla, no need for any keys. I love not having that extra clunky thing in my pocket!
reply
neverkn0wsb357
28 days ago
[-]
“Beijing has rolled out new EV subsidies to help keep struggling companies afloat.”

This seems like an odd approach. If you’re gonna site maintenance as the concern, then what you’re saying is you’re concerned about the consumer; meaning if the company is gonna go bust, you should take the money that you’d spend keeping these companies afloat and give them directly to the consumer to replace the car.

reply
johnea
28 days ago
[-]
The article isn't conclusive, but I read this as meaning they were keeping the companies open long enough to issue firmware updates, that make the cars viable in offline mode.
reply
kwhitefoot
28 days ago
[-]
That depends on what you mean by work. Most will surely still work as cars always did but will no longer get updates to software or to maps.

As far as I can tell my Tesla S will continue to work even if Tesla and all the charging stations disappear. But the navigation system will be much less usable and many features of the entertainment system will stop working (Spotify, TuneIn).

And if you buy from a company that produces a very large volume of cars then at least in some cases third parties will step in to support the vehicles for a fee.

reply
diebeforei485
28 days ago
[-]
Tesla's own navigation will not work, yes, because it uses things like the live availability of superchargers to decide where to stop for charging along the way.

But why won't Spotify work? Isn't it just a web app?

reply
dzhiurgis
28 days ago
[-]
1. You need connectivity. Connecting via WiFi hotspot is PITA and not sure if you can just plug any SIM card.

2. There might be all sort of Teslas API wrappers or keys that Spotify will revoke once stop getting a kickback.

reply
diebeforei485
27 days ago
[-]
Cellular connectivity is a profitable part of the business (recurring revenue monthly) so it will definitely stay alive as part of any bankruptcy/reorganization proceeding.

Are there kickbacks involved? Why? There are millions of Teslas on the road and they make 2 million cars a year, and the app is just a web app in a headless browser.

reply
dzhiurgis
27 days ago
[-]
> Cellular connectivity is a profitable part of the business

I wouldn't be so sure. It's about 6x cheaper than typical unlimited data plan here.

Is Spotify API completely open? I haven't checked but I'm sure there are api keys + api spec will eventually change. Is web app embedded?

reply
scarface_74
28 days ago
[-]
And this is one reason I will never buy a car that doesn’t support Apple CarPlay and Android Automotive
reply
mook
28 days ago
[-]
You probably want a car with Android Auto instead of Android Automotive. Yep, it's totally dumb that those are two separate things with very similar names. The former is a CarPlay equivalent, where your phone projects a screen. The latter is logging into Google directly from the car independent of your phone.
reply
scarface_74
28 days ago
[-]
Ughh I knew the difference and it still auto completed “Android Automative”
reply
ashildr
28 days ago
[-]
Too bad if the DRM-server that knows that you paid for Apple CarPlay/Google Auto is turned off…
reply
dzhiurgis
28 days ago
[-]
Apple's eventual stop of supporting CarPlay is guaranteed.

Tesla going bankwupt - much less so.

reply
scarface_74
28 days ago
[-]
CarPlay is basically just a second screen for iOS.

If you have a first gen iPad from 2010, it still works with modern AirPlay and AirPrint devices.

If you have a car that supports the old iPod protocol where you can see what’s playing and change the “song”, it will still support modern music and podcast playing apps on iOS devices.

reply
dzhiurgis
28 days ago
[-]
> If you have a car that supports the old iPod protocol

I've actually tried that few weeks ago and it didn't work. Car was from 2008 or so.

reply
scarface_74
28 days ago
[-]
It worked on my old 2011 Chevy Sonic. Yes I was very surprised
reply
eh_why_not
28 days ago
[-]
This issue has been a plague in the area of Toys and Games. Good luck finding a good toy that does not *require* an app to run.

Every year I have little gremlins asking me to "fix" a toy someone brought them the previous year; the app doesn't work/update anymore - and the toy is a brick.

reply
shahzaibmushtaq
28 days ago
[-]
In the modern world, not everything needs to be connected to the internet or smartphones.

EVs, solar inverters and wrist watches are definitely one of them.

reply
greenthrow
28 days ago
[-]
That's 3 things.

Most people want modern infotainment systems in their cars with up to date traffic data in the navigation system.

I like having my inverter online, I can monitor it and change the settings from anywhere.

reply
shahzaibmushtaq
28 days ago
[-]
Oh, I didn't proofread before commenting.

You are right, most people want to create problems out of nowhere.

Having an inverter (or anything) online means you are connected to cloud services meaning someone/something automated can control your inverter and that's what the article is trying to convey.

Kindly read this https://berthub.eu/articles/posts/the-gigantic-unregulated-p...

reply
greenthrow
27 days ago
[-]
I'm well aware of the risks and the low probability the inverter company has great security practices. Still worth the trade off IMHO to be able to monitor and manage it remotely.
reply
ensignavenger
28 days ago
[-]
Eh, I imagine most folks are happy to be able to plug their communications device into their car and use for up to date navigation.
reply
lionkor
28 days ago
[-]
I'm not surprised, not sure how anyone is thinking that devices that tie you to one company completely are a good idea
reply
scarface_74
28 days ago
[-]
If I want my watch to support streaming audio and make phone calls without carrying my phone around - it kind of does.
reply
saagarjha
28 days ago
[-]
I understand (though I’m not super happy about) auxiliary functions like apps or services not working when a car company shuts down. But shouldn’t most of this software be “baked into” the car and not require a server somewhere to operate?
reply
cebert
28 days ago
[-]
I’m in the market for a new vehicle and would like to purchase an EV. However, I also have a fear of the software becoming obsolete or no longer supported. I tend to keep my vehicles for a long time, my current vehicle is 12 years old.
reply
ggreer
28 days ago
[-]
The important thing is to get a vehicle that is popular enough that there will be future demand for maintenance. That way even if the manufacturer goes under or drops support for that model, other companies will take up the mantle. This threshold is surprisingly quite low. There were around 2,400 Tesla Roadsters made. Although Tesla has dropped support for them, Gruber Motor Company will repair or maintain them.

I think that's the only model that Tesla has dropped support for. The original Model S from 2012 is still supported by Tesla, and still gets software updates. Of course you won't get new features like self-driving improvements, but they still ship bug fixes and stuff like Spotify support. They also do maintenance and repairs, though I'm pretty sure all of the vehicles from that era are outside of warranty coverage.

There are millions of Model 3s & Model Ys around. If you buy one of those, you'll never have to worry about finding someone to do maintenance or repairs.

reply
mook
28 days ago
[-]
Gruber appears to be in Arizona; I couldn't tell from skimming their website if that means they can't service vehicles in, say, Seattle?
reply
qazxcvbnmlp
28 days ago
[-]
A common problem with internet advise is not understanding the nuances of everyone’s situation whom may have a particular issue.

Unrelated, but its one of the reasons why unsolicited advice is distasteful.

reply
ggreer
28 days ago
[-]
The kinds of people who own 1st gen Roadsters are willing to pay for a flatbed. My point is that they can be repaired, not that they can be repaired conveniently. It’s a similar story for all cars with such low production volumes.

I’m pointing out the worst case scenario to show your fears are unwarranted. With popular vehicles, you’ll have no problem getting repairs for decades to come.

reply
mook
27 days ago
[-]
Right; the context was somebody worrying about not having support, so saying that something can be essentially be maintained as a collector's car was kind of confusing.
reply
pornel
28 days ago
[-]
Modern gas cars have all the same touchscreens, with the same software, and the same apps talking to the same servers.

EVs are equated with being computers on wheels, but that's just because barely any BEVs existed in the pre-software era, so there aren't many people who vow to never upgrade from their 1976 Sebring CitiCar.

reply
kccqzy
28 days ago
[-]
I have an EV but I think of it as an appliance. I don't worry about the software becoming obsolete because the software is complete by the time it comes out of the factory. When I test drove the vehicle I found its state of software satisfactory and I would not need any new software or even need any support for the software. I also like the UI enough that I don't mind seeing the same UI for the next ten years without succumbing to the latest design fad.

I understand that some Internet-required features (such as viewing real-time charger availability in the car) will certainly become unavailable. But I'm prepared to use my phone to do the same thing.

reply
avtolik
28 days ago
[-]
In Eastern Europe there are a few places that an emulated Tesla server software is being run. And you can buy a car, say from US, and they will patch (hack?) it to use their server. I don't know how good it is feature wise, but it is good enough that the cars drive around.

So to your point - you can probably use a car after the manufacturer is gone or stops supporting a vehicle. But this comes with a risk of trusting these not very legal enterprises.

reply
oblio
28 days ago
[-]
> In Eastern Europe there are a few places that an emulated Tesla server software is being run.

Probably by the same people running third party WoW servers :-p

reply
johnea
28 days ago
[-]
Like in the above comment, this isn't specifically an EV problem.

All modern cars have this failure.

I just bought a used 2023 Nissan Leaf. It's the last model year of the original design, and has many tactile mechanical button, not jut a tablet on the dash. It's also totally self sufficient WRT cloud connectivity.

I'd highly ecommend this model and year...

reply
kccqzy
28 days ago
[-]
The Nissan Leaf has an air-cooled battery. Literally any other EV's battery will outlast the Nissan Leaf's in terms of degradation.
reply
blooalien
28 days ago
[-]
So, is someone missing a great startup idea here maybe? "Jailbreaking" supposedly "defunct" EVs, and / or custom firmwares, etc? Could be profits to be had?
reply
sexy_seedbox
27 days ago
[-]
What happens to Noland Arbaugh when Neuralink goes out of business?
reply
rawgabbit
28 days ago
[-]
It is a bit odd but I submitted the exact same article 10 days ago.
reply