Secure gateway module: Difference between revisions

Line 14:

=== The 2015 Jeep Cherokee hack ===

In July 2015, security researchers Charlie Miller & Chris Valasek remotely hijacked a Jeep Cherokee through its Uconnect cellular connection, demonstrating the ability to control steering, brakes, & transmission from a laptop miles away.<ref name="jeep-hack">{{Cite web |url=https://fractionalciso.com/the-groundbreaking-2015-jeep-hack-changed-automotive-cybersecurity/ |title=The Groundbreaking 2015 Jeep Hack Changed Automotive Cybersecurity |publisher=Fractional CISO |access-date=2026-04-04}}</ref> FCA recalled 1.4 million vehicles in response.<ref name="jeep-recall">{{Cite web |url=https://www.computerworld.com/article/1628895/chrysler-recalls-14m-vehicles-after-jeep-hack.html |title=Chrysler recalls 1.4M vehicles after Jeep hack |publisher=Computerworld |date=2015 |access-date=2026-04-04}}</ref> ~~Manufacturers cite this incident as~~ the ~~justification for SGW~~.<ref name="~~alliance~~-~~r2r~~" /> However, Miller & Valasek exploited the vehicle's cellular telematics connection, not the physical OBD-II port.<ref name="jeep-hack" /> The SGW gates the physical port that a technician plugs a scan tool into while standing next to the vehicle. The FTC noted in its "Nixing the Fix" report that manufacturers' cybersecurity justifications for repair restrictions lack empirical support.<ref name="ftc-nixing" />

In July 2015, security researchers Charlie Miller & Chris Valasek remotely hijacked a Jeep Cherokee through its Uconnect cellular connection, demonstrating the ability to control steering, brakes, & transmission from a laptop miles away.<ref name="jeep-hack">{{Cite web |url=https://fractionalciso.com/the-groundbreaking-2015-jeep-hack-changed-automotive-cybersecurity/ |title=The Groundbreaking 2015 Jeep Hack Changed Automotive Cybersecurity |publisher=Fractional CISO |access-date=2026-04-04}}</ref> FCA recalled 1.4 million vehicles in response.<ref name="jeep-recall">{{Cite web |url=https://www.computerworld.com/article/1628895/chrysler-recalls-14m-vehicles-after-jeep-hack.html |title=Chrysler recalls 1.4M vehicles after Jeep hack |publisher=Computerworld |date=2015 |access-date=2026-04-04}}</ref> The hack prompted NHTSA to issue cybersecurity guidance for the automotive industry.<ref name="jeep-hack" /> However, Miller & Valasek exploited the vehicle's cellular telematics connection, not the physical OBD-II port.<ref name="jeep-hack" /> The SGW gates the physical port that a technician plugs a scan tool into while standing next to the vehicle. The FTC noted in its "Nixing the Fix" report that manufacturers' cybersecurity justifications for repair restrictions lack empirical support.<ref name="ftc-nixing" />

== How secure gateway modules work ==

Line 68:

Auto-glass replacement is one of the most common mobile repair services. Technicians drive to the customer's location (home, workplace, roadside) & replace the windshield on-site. AutoAuth's cloud-based PKI authentication requires an internet connection at the exact moment of vehicle authentication.<ref name="eti-overview" />

Mobile technicians working in rural areas, parking garages, or anywhere with poor cellular coverage can't complete the ADAS recalibration. The windshield is physically installed, but the safety system is disabled because the scan tool can't reach AutoAuth's server~~. No offline authentication mode exists~~.<ref name="~~adasdepot~~" /> The technician must either leave the vehicle with uncalibrated ADAS (a liability risk), have the customer drive to a location with internet service (shifting the burden to the consumer), or return later at additional cost.

Mobile technicians working in rural areas, parking garages, or anywhere with poor cellular coverage can't complete the ADAS recalibration. The windshield is physically installed, but the safety system is disabled because the scan tool can't reach AutoAuth's server.<ref name="eti-overview" /> The technician must either leave the vehicle with uncalibrated ADAS (a liability risk), have the customer drive to a location with internet service (shifting the burden to the consumer), or return later at additional cost.

Rural trucks, farm vehicles, & fleet vehicles on highways are the most likely to need windshield replacements from road debris, and the most likely to be in areas where the authentication server can't be reached.

Line 74:

=== Target board proliferation ===

ADAS calibration requires manufacturer-specific ~~physical target boards: large panels with geometric patterns & reflectors that the camera system uses as reference points during the calibration procedure~~. ~~There's no universal standard across~~ manufacturers~~. A shop that calibrates cameras for Toyota, Honda, Stellantis, Ford,~~ & ~~Hyundai needs separate sets of targets for each~~, ~~plus alignment frames & fixtures~~.<ref name="rdn-adas" />

ADAS calibration requires manufacturer-specific equipment. H.R. 6688 addresses this gap by requiring manufacturers to publish calibration procedures & validation metrics, which would allow third-party equipment manufacturers to build compatible tools.<ref name="rdn-adas" />

The GAO found that evolving vehicle technologies create repair information barriers for independent shops, reducing consumer choice & increasing costs.<ref name="gao" />

Line 80:

=== Safety consequences ===

If a technician replaces a windshield but can't bypass the SGW to recalibrate the ADAS, the vehicle ~~may misinterpret road~~ data. Documented consequences include false lane departure warnings, failure to detect pedestrians, & inappropriate deployment of automatic emergency braking.<ref name="rdn-adas" /> Handing an uncalibrated vehicle back to a consumer exposes the independent shop to legal liability in the event of an accident. The H.R. 6688 (ADAS Functionality & Integrity Act), approved by a House subcommittee in February 2026, would give NHTSA authority to develop ADAS calibration guidelines & require manufacturers to publish calibration procedures & validation metrics.<ref name="rdn-adas" />

If a technician replaces a windshield but can't bypass the SGW to recalibrate the ADAS, the vehicle's safety systems operate on misaligned sensor data. H.R. 6688 (ADAS Functionality & Integrity Act), approved by a House subcommittee in February 2026, would give NHTSA authority to develop ADAS calibration guidelines & require manufacturers to publish calibration procedures & validation metrics.<ref name="rdn-adas" />

== Cost burden on independent shops ==

Line 135:

==== European Union ====

EU Regulation 2018/858 mandates non-discriminatory access to OBD & repair/maintenance information (RMI) for independent operators as a condition of vehicle type-approval.<ref name="eu-reg">{{Cite web |url=https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:02018R0858-20240701 |title=Regulation (EU) 2018/858 - Consolidated |publisher=EUR-Lex |date=2018-05-30 |access-date=2026-04-04}}</ref~~> The Motor Vehicle Block Exemption Regulation (MVBER) was extended to 2028, maintaining these access requirements.<ref name="ecj-analysis" /~~>

EU Regulation 2018/858 mandates non-discriminatory access to OBD & repair/maintenance information (RMI) for independent operators as a condition of vehicle type-approval.<ref name="eu-reg">{{Cite web |url=https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:02018R0858-20240701 |title=Regulation (EU) 2018/858 - Consolidated |publisher=EUR-Lex |date=2018-05-30 |access-date=2026-04-04}}</ref>

In October 2023, the European Court of Justice ruled in Case C-296/22 (Carglass/ATU v. Stellantis Italy) that manufacturers can't require personal registration, internet connection to manufacturer servers, or paid subscriptions for OBD access beyond what Regulation 2018/858 permits.<ref name="ecj-ruling">{{Cite web |url=https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:62022CJ0296 |title=Case C-296/22 - CJEU Judgment |publisher=EUR-Lex |date=2023-10 |access-date=2026-04-04}}</ref> The court held that both read & write access to the OBD data stream must be granted to independent repairers & rejected the argument that UN Regulation 155 (vehicle cybersecurity) overrides EU access requirements.<ref name="ecj-analysis">{{Cite web |url=https://www.osborneclarke.com/news/ecj-decision-vehicle-manufacturers-may-not-restrict-access-vehicle-data-stream |title=ECJ decision: vehicle manufacturers may not restrict access to the vehicle data stream |publisher=Osborne Clarke |date=2023 |access-date=2026-04-04}}</ref> The court stated that if manufacturers could "limit at their discretion access to the direct vehicle data stream...it would be open to them to make access to that stream subject to conditions capable of making access impossible in practice."<ref name="ecj-analysis" />

Line 183:

[[John Deere]] restricted access to its proprietary diagnostic software to franchised dealers, preventing farmers from repairing their own tractors. John Deere signed a Memorandum of Understanding with the American Farm Bureau Federation in January 2023 promising to expand diagnostic access, though right-to-repair advocates expressed skepticism about enforcement.<ref name="deere-mou">{{Cite web |url=https://www.npr.org/2023/01/10/1147934682/john-deere-right-to-repair-farmers-tractors |title=John Deere vows to open up its tractor tech, but right-to-repair backers have doubts |publisher=NPR |date=2023-01-10 |access-date=2026-04-04}}</ref> [[Tesla]] requires its proprietary Toolbox 3 diagnostic software for repairs beyond basic OBD-II fault codes; until a price reduction, the software cost $3,000/year.<ref name="tesla-toolbox">{{Cite web |url=https://driveteslacanada.ca/news/tesla-reapirs-more-accessible-toolbox-3-price-drop/ |title=Tesla Makes Vehicle Repairs More Accessible With Major Toolbox 3 Price Drop |publisher=Drive Tesla Canada |date=2025 |access-date=2026-04-04}}</ref>

Apple uses [[Parts pairing|parts pairing]] to lock replacement components to ~~specific~~ device serial numbers~~.<ref name="ftc-nixing" />~~ BMW charged ~~monthly~~ subscription fees for ~~heated seats & other~~ features already ~~physically~~ installed in ~~the vehicle, documented in the~~ [[BMW feature lockout scandal]].~~<ref name="ftc-policy" />~~

Similar patterns exist across industries: Apple uses [[Parts pairing|parts pairing]] to lock replacement components to device serial numbers, & BMW charged subscription fees for hardware features already installed in vehicles (see [[BMW feature lockout scandal]]).

== See also ==

@@ Line 14: / Line 14: @@
 === The 2015 Jeep Cherokee hack ===
-In July 2015, security researchers Charlie Miller & Chris Valasek remotely hijacked a Jeep Cherokee through its Uconnect cellular connection, demonstrating the ability to control steering, brakes, & transmission from a laptop miles away.<ref name="jeep-hack">{{Cite web |url=https://fractionalciso.com/the-groundbreaking-2015-jeep-hack-changed-automotive-cybersecurity/ |title=The Groundbreaking 2015 Jeep Hack Changed Automotive Cybersecurity |publisher=Fractional CISO |access-date=2026-04-04}}</ref> FCA recalled 1.4 million vehicles in response.<ref name="jeep-recall">{{Cite web |url=https://www.computerworld.com/article/1628895/chrysler-recalls-14m-vehicles-after-jeep-hack.html |title=Chrysler recalls 1.4M vehicles after Jeep hack |publisher=Computerworld |date=2015 |access-date=2026-04-04}}</ref> Manufacturers cite this incident as the justification for SGW.<ref name="alliance-r2r" /> However, Miller & Valasek exploited the vehicle's cellular telematics connection, not the physical OBD-II port.<ref name="jeep-hack" /> The SGW gates the physical port that a technician plugs a scan tool into while standing next to the vehicle. The FTC noted in its "Nixing the Fix" report that manufacturers' cybersecurity justifications for repair restrictions lack empirical support.<ref name="ftc-nixing" />
+In July 2015, security researchers Charlie Miller & Chris Valasek remotely hijacked a Jeep Cherokee through its Uconnect cellular connection, demonstrating the ability to control steering, brakes, & transmission from a laptop miles away.<ref name="jeep-hack">{{Cite web |url=https://fractionalciso.com/the-groundbreaking-2015-jeep-hack-changed-automotive-cybersecurity/ |title=The Groundbreaking 2015 Jeep Hack Changed Automotive Cybersecurity |publisher=Fractional CISO |access-date=2026-04-04}}</ref> FCA recalled 1.4 million vehicles in response.<ref name="jeep-recall">{{Cite web |url=https://www.computerworld.com/article/1628895/chrysler-recalls-14m-vehicles-after-jeep-hack.html |title=Chrysler recalls 1.4M vehicles after Jeep hack |publisher=Computerworld |date=2015 |access-date=2026-04-04}}</ref> The hack prompted NHTSA to issue cybersecurity guidance for the automotive industry.<ref name="jeep-hack" /> However, Miller & Valasek exploited the vehicle's cellular telematics connection, not the physical OBD-II port.<ref name="jeep-hack" /> The SGW gates the physical port that a technician plugs a scan tool into while standing next to the vehicle. The FTC noted in its "Nixing the Fix" report that manufacturers' cybersecurity justifications for repair restrictions lack empirical support.<ref name="ftc-nixing" />
 == How secure gateway modules work ==
@@ Line 68: / Line 68: @@
 Auto-glass replacement is one of the most common mobile repair services. Technicians drive to the customer's location (home, workplace, roadside) & replace the windshield on-site. AutoAuth's cloud-based PKI authentication requires an internet connection at the exact moment of vehicle authentication.<ref name="eti-overview" />
-Mobile technicians working in rural areas, parking garages, or anywhere with poor cellular coverage can't complete the ADAS recalibration. The windshield is physically installed, but the safety system is disabled because the scan tool can't reach AutoAuth's server. No offline authentication mode exists.<ref name="adasdepot" /> The technician must either leave the vehicle with uncalibrated ADAS (a liability risk), have the customer drive to a location with internet service (shifting the burden to the consumer), or return later at additional cost.
+Mobile technicians working in rural areas, parking garages, or anywhere with poor cellular coverage can't complete the ADAS recalibration. The windshield is physically installed, but the safety system is disabled because the scan tool can't reach AutoAuth's server.<ref name="eti-overview" /> The technician must either leave the vehicle with uncalibrated ADAS (a liability risk), have the customer drive to a location with internet service (shifting the burden to the consumer), or return later at additional cost.
 Rural trucks, farm vehicles, & fleet vehicles on highways are the most likely to need windshield replacements from road debris, and the most likely to be in areas where the authentication server can't be reached.
@@ Line 74: / Line 74: @@
 === Target board proliferation ===
-ADAS calibration requires manufacturer-specific physical target boards: large panels with geometric patterns & reflectors that the camera system uses as reference points during the calibration procedure. There's no universal standard across manufacturers. A shop that calibrates cameras for Toyota, Honda, Stellantis, Ford, & Hyundai needs separate sets of targets for each, plus alignment frames & fixtures.<ref name="rdn-adas" />
+ADAS calibration requires manufacturer-specific equipment. H.R. 6688 addresses this gap by requiring manufacturers to publish calibration procedures & validation metrics, which would allow third-party equipment manufacturers to build compatible tools.<ref name="rdn-adas" />
 The GAO found that evolving vehicle technologies create repair information barriers for independent shops, reducing consumer choice & increasing costs.<ref name="gao" />
@@ Line 80: / Line 80: @@
 === Safety consequences ===
-If a technician replaces a windshield but can't bypass the SGW to recalibrate the ADAS, the vehicle may misinterpret road data. Documented consequences include false lane departure warnings, failure to detect pedestrians, & inappropriate deployment of automatic emergency braking.<ref name="rdn-adas" /> Handing an uncalibrated vehicle back to a consumer exposes the independent shop to legal liability in the event of an accident. The H.R. 6688 (ADAS Functionality & Integrity Act), approved by a House subcommittee in February 2026, would give NHTSA authority to develop ADAS calibration guidelines & require manufacturers to publish calibration procedures & validation metrics.<ref name="rdn-adas" />
+If a technician replaces a windshield but can't bypass the SGW to recalibrate the ADAS, the vehicle's safety systems operate on misaligned sensor data. H.R. 6688 (ADAS Functionality & Integrity Act), approved by a House subcommittee in February 2026, would give NHTSA authority to develop ADAS calibration guidelines & require manufacturers to publish calibration procedures & validation metrics.<ref name="rdn-adas" />
 == Cost burden on independent shops ==
@@ Line 135: / Line 135: @@
 ==== European Union ====
-EU Regulation 2018/858 mandates non-discriminatory access to OBD & repair/maintenance information (RMI) for independent operators as a condition of vehicle type-approval.<ref name="eu-reg">{{Cite web |url=https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:02018R0858-20240701 |title=Regulation (EU) 2018/858 - Consolidated |publisher=EUR-Lex |date=2018-05-30 |access-date=2026-04-04}}</ref> The Motor Vehicle Block Exemption Regulation (MVBER) was extended to 2028, maintaining these access requirements.<ref name="ecj-analysis" />
+EU Regulation 2018/858 mandates non-discriminatory access to OBD & repair/maintenance information (RMI) for independent operators as a condition of vehicle type-approval.<ref name="eu-reg">{{Cite web |url=https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:02018R0858-20240701 |title=Regulation (EU) 2018/858 - Consolidated |publisher=EUR-Lex |date=2018-05-30 |access-date=2026-04-04}}</ref>
 In October 2023, the European Court of Justice ruled in Case C-296/22 (Carglass/ATU v. Stellantis Italy) that manufacturers can't require personal registration, internet connection to manufacturer servers, or paid subscriptions for OBD access beyond what Regulation 2018/858 permits.<ref name="ecj-ruling">{{Cite web |url=https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:62022CJ0296 |title=Case C-296/22 - CJEU Judgment |publisher=EUR-Lex |date=2023-10 |access-date=2026-04-04}}</ref> The court held that both read & write access to the OBD data stream must be granted to independent repairers & rejected the argument that UN Regulation 155 (vehicle cybersecurity) overrides EU access requirements.<ref name="ecj-analysis">{{Cite web |url=https://www.osborneclarke.com/news/ecj-decision-vehicle-manufacturers-may-not-restrict-access-vehicle-data-stream |title=ECJ decision: vehicle manufacturers may not restrict access to the vehicle data stream |publisher=Osborne Clarke |date=2023 |access-date=2026-04-04}}</ref> The court stated that if manufacturers could "limit at their discretion access to the direct vehicle data stream...it would be open to them to make access to that stream subject to conditions capable of making access impossible in practice."<ref name="ecj-analysis" />
@@ Line 183: / Line 183: @@
 [[John Deere]] restricted access to its proprietary diagnostic software to franchised dealers, preventing farmers from repairing their own tractors. John Deere signed a Memorandum of Understanding with the American Farm Bureau Federation in January 2023 promising to expand diagnostic access, though right-to-repair advocates expressed skepticism about enforcement.<ref name="deere-mou">{{Cite web |url=https://www.npr.org/2023/01/10/1147934682/john-deere-right-to-repair-farmers-tractors |title=John Deere vows to open up its tractor tech, but right-to-repair backers have doubts |publisher=NPR |date=2023-01-10 |access-date=2026-04-04}}</ref> [[Tesla]] requires its proprietary Toolbox 3 diagnostic software for repairs beyond basic OBD-II fault codes; until a price reduction, the software cost $3,000/year.<ref name="tesla-toolbox">{{Cite web |url=https://driveteslacanada.ca/news/tesla-reapirs-more-accessible-toolbox-3-price-drop/ |title=Tesla Makes Vehicle Repairs More Accessible With Major Toolbox 3 Price Drop |publisher=Drive Tesla Canada |date=2025 |access-date=2026-04-04}}</ref>
-Apple uses [[Parts pairing|parts pairing]] to lock replacement components to specific device serial numbers.<ref name="ftc-nixing" /> BMW charged monthly subscription fees for heated seats & other features already physically installed in the vehicle, documented in the [[BMW feature lockout scandal]].<ref name="ftc-policy" />
+Similar patterns exist across industries: Apple uses [[Parts pairing|parts pairing]] to lock replacement components to device serial numbers, & BMW charged subscription fees for hardware features already installed in vehicles (see [[BMW feature lockout scandal]]).
 == See also ==