Consumer Rights Wiki

Secure gateway module: Difference between revisions

Newer edit →
VisualWikitext
new topic article on secure gateway modules, covers how automakers use sgw & autoauth to paywall the obd-ii port, heavy focus on adas recalibration barriers for auto-glass shops, windshield replacement choke point, rural connectivity problem, legislation (repair act, mass question 1, maine question 4, ecj c-296/22), court cases, ftc findings
 
fix: lede citation 4 pointed to autel scan tool page instead of rdn-adas source that actually discusses auto-glass adas burden; fixed duplicate ref definition
Line 4: Line 4:
A '''secure gateway module''' (SGW) is a digital firewall integrated into a vehicle's electrical architecture that restricts access to the on-board diagnostic (OBD-II) port by requiring internet-authenticated credentials before allowing bidirectional communication with vehicle systems.<ref name="youcanic">{{Cite web |url=https://www.youcanic.com/fca-security-gateway-module-explained-obd2-sgm-sgw/ |title=FCA Security Gateway Module Explained |publisher=YOUCANIC |access-date=2026-04-04}}</ref> Fiat Chrysler Automobiles (FCA, now [[Stellantis]]) introduced the technology across its vehicle lineup in 2017-2018, & Nissan, Mercedes-Benz, Volkswagen/Audi, & [[Hyundai]]/Kia have since adopted similar systems.<ref name="adasdepot">{{Cite web |url=https://adasdepot.com/blog/security-gateways-in-modern-vehicles-balancing-cybersecurity-and-repair-access/ |title=Security Gateways in Modern Vehicles: Balancing Cybersecurity and Repair Access |publisher=ADAS Depot |access-date=2026-04-04}}</ref> Independent repair shops must pay annual subscription fees to a third-party authentication service called AutoAuth, plus maintain separate scan tool software subscriptions, to perform repairs that dealerships can do without additional cost.<ref name="autoauth-pricing">{{Cite web |url=https://www.adasnetwork.org/industrynews/autoauth-announces-changes-to-it-s-pricing-structure-and-services |title=AutoAuth Announces Changes to its Pricing Structure and Services |publisher=ADAS Network |date=2025 |access-date=2026-04-04}}</ref>
A '''secure gateway module''' (SGW) is a digital firewall integrated into a vehicle's electrical architecture that restricts access to the on-board diagnostic (OBD-II) port by requiring internet-authenticated credentials before allowing bidirectional communication with vehicle systems.<ref name="youcanic">{{Cite web |url=https://www.youcanic.com/fca-security-gateway-module-explained-obd2-sgm-sgw/ |title=FCA Security Gateway Module Explained |publisher=YOUCANIC |access-date=2026-04-04}}</ref> Fiat Chrysler Automobiles (FCA, now [[Stellantis]]) introduced the technology across its vehicle lineup in 2017-2018, & Nissan, Mercedes-Benz, Volkswagen/Audi, & [[Hyundai]]/Kia have since adopted similar systems.<ref name="adasdepot">{{Cite web |url=https://adasdepot.com/blog/security-gateways-in-modern-vehicles-balancing-cybersecurity-and-repair-access/ |title=Security Gateways in Modern Vehicles: Balancing Cybersecurity and Repair Access |publisher=ADAS Depot |access-date=2026-04-04}}</ref> Independent repair shops must pay annual subscription fees to a third-party authentication service called AutoAuth, plus maintain separate scan tool software subscriptions, to perform repairs that dealerships can do without additional cost.<ref name="autoauth-pricing">{{Cite web |url=https://www.adasnetwork.org/industrynews/autoauth-announces-changes-to-it-s-pricing-structure-and-services |title=AutoAuth Announces Changes to its Pricing Structure and Services |publisher=ADAS Network |date=2025 |access-date=2026-04-04}}</ref>


The auto-glass & collision repair industries bear a disproportionate burden because every windshield replacement on an [[Advanced driver-assistance system|ADAS]]-equipped vehicle requires camera recalibration that the SGW blocks without active internet authentication.<ref name="autel-sgw">{{Cite web |url=https://autel.us/security-gateways/ |title=It Might Be An OEM Security Gateway |publisher=Autel |access-date=2026-04-04}}</ref> The Federal Trade Commission found "scant evidence to support manufacturers' justifications for repair restrictions" in its 2021 report to Congress, & the GAO confirmed in 2024 that independent shops face repair information limitations resulting in fewer choices & higher costs for consumers.<ref name="ftc-nixing">{{Cite web |url=https://www.ftc.gov/reports/nixing-fix-ftc-report-congress-repair-restrictions |title=Nixing the Fix: An FTC Report to Congress on Repair Restrictions |publisher=Federal Trade Commission |date=2021-05 |access-date=2026-04-04}}</ref><ref name="gao">{{Cite web |url=https://www.gao.gov/products/gao-24-106633 |title=Vehicle Repair: Information on Evolving Vehicle Technologies and Consumer Choice |publisher=Government Accountability Office |date=2024-03-21 |access-date=2026-04-04}}</ref>
The auto-glass & collision repair industries bear a disproportionate burden because every windshield replacement on an [[Advanced driver-assistance system|ADAS]]-equipped vehicle requires camera recalibration that the SGW blocks without active internet authentication.<ref name="rdn-adas">{{Cite web |url=https://www.repairerdrivennews.com/2026/03/04/industry-responds-to-federal-bill-requiring-nhtsa-guidelines-for-adas-calibrations/ |title=Industry responds to federal bill requiring NHTSA guidelines for ADAS calibrations |author=Teresa Moss |publisher=Repairer Driven News |date=2026-03-04 |access-date=2026-04-04}}</ref> The Federal Trade Commission found "scant evidence to support manufacturers' justifications for repair restrictions" in its 2021 report to Congress, & the GAO confirmed in 2024 that independent shops face repair information limitations resulting in fewer choices & higher costs for consumers.<ref name="ftc-nixing">{{Cite web |url=https://www.ftc.gov/reports/nixing-fix-ftc-report-congress-repair-restrictions |title=Nixing the Fix: An FTC Report to Congress on Repair Restrictions |publisher=Federal Trade Commission |date=2021-05 |access-date=2026-04-04}}</ref><ref name="gao">{{Cite web |url=https://www.gao.gov/products/gao-24-106633 |title=Vehicle Repair: Information on Evolving Vehicle Technologies and Consumer Choice |publisher=Government Accountability Office |date=2024-03-21 |access-date=2026-04-04}}</ref>


== History of OBD-II & the shift to closed diagnostics ==
== History of OBD-II & the shift to closed diagnostics ==
Line 22: Line 22:
The SGW divides a vehicle's Controller Area Network (CAN) bus into "public" & "private" sectors.<ref name="youcanic" /> The public sector includes the telematics unit & the Data Link Connector (DLC, the physical OBD-II port). Everything on the internal CAN bus is private: engine control modules, transmission controllers, body control modules, & ADAS processors. The SGW sits between these two networks & decides which commands pass through based on an approved, authenticated list.<ref name="jscan">{{Cite web |url=https://jscan.net/fca-security-gateway-module-basic-info-and-location/ |title=FCA Security Gateway Module Basic Info and Location |publisher=JScan |access-date=2026-04-04}}</ref>
The SGW divides a vehicle's Controller Area Network (CAN) bus into "public" & "private" sectors.<ref name="youcanic" /> The public sector includes the telematics unit & the Data Link Connector (DLC, the physical OBD-II port). Everything on the internal CAN bus is private: engine control modules, transmission controllers, body control modules, & ADAS processors. The SGW sits between these two networks & decides which commands pass through based on an approved, authenticated list.<ref name="jscan">{{Cite web |url=https://jscan.net/fca-security-gateway-module-basic-info-and-location/ |title=FCA Security Gateway Module Basic Info and Location |publisher=JScan |access-date=2026-04-04}}</ref>


Without authentication, technicians can still read basic emissions data & some diagnostic trouble codes. They can't clear those codes, perform bidirectional controls (manually triggering a fuel pump, cycling an ABS motor, or operating a window actuator), execute module programming or service resets, or conduct ADAS calibrations.<ref name="autel-sgw" /><ref name="youcanic" />
Without authentication, technicians can still read basic emissions data & some diagnostic trouble codes. They can't clear those codes, perform bidirectional controls (manually triggering a fuel pump, cycling an ABS motor, or operating a window actuator), execute module programming or service resets, or conduct ADAS calibrations.<ref name="autel-sgw">{{Cite web |url=https://autel.us/security-gateways/ |title=It Might Be An OEM Security Gateway |publisher=Autel |access-date=2026-04-04}}</ref><ref name="youcanic" />


=== Authentication flow ===
=== Authentication flow ===
Line 56: Line 56:
== ADAS recalibration & the auto-glass industry ==
== ADAS recalibration & the auto-glass industry ==


SGW's impact extends beyond cost into vehicle safety. Advanced Driver Assistance Systems rely on networks of sensors: forward-facing windshield cameras for lane departure warning, lane keep assist, & automatic emergency braking; radar sensors for adaptive cruise control & blind spot monitoring; and in some vehicles, LiDAR, 360-degree cameras, & night vision systems.<ref name="rdn-adas">{{Cite web |url=https://www.repairerdrivennews.com/2026/03/04/industry-responds-to-federal-bill-requiring-nhtsa-guidelines-for-adas-calibrations/ |title=Industry responds to federal bill requiring NHTSA guidelines for ADAS calibrations |author=Teresa Moss |publisher=Repairer Driven News |date=2026-03-04 |access-date=2026-04-04}}</ref>
SGW's impact extends beyond cost into vehicle safety. Advanced Driver Assistance Systems rely on networks of sensors: forward-facing windshield cameras for lane departure warning, lane keep assist, & automatic emergency braking; radar sensors for adaptive cruise control & blind spot monitoring; and in some vehicles, LiDAR, 360-degree cameras, & night vision systems.<ref name="rdn-adas" />


=== Why windshield replacement triggers recalibration ===
=== Why windshield replacement triggers recalibration ===
Retrieved from "https://consumerrights.wiki/w/Secure_gateway_module"