Open-source ECU's and car security

[smallscaleH2]

Dear Skanda, Just read your article at https://medium.com/swlh/why-is-hacking-vehicles-over-the-internet-so-easy-46e91c5691f4

If the car owner changes his stock ECU with an an open-source ECU (like speeduino, rusEfi, FreeEMS, SECU-3, VEMS) wouldn't that increase security as:

• it could provide better compartmentalization then the standard ECU (the ECU being less easy to get to from say the on-board GPS, radiosystem, ...)
• since it's open-source and since there are far fewer open-source ECU's then ECU's from companies, there may be a larger community looking at the open-source ECU development and vulnerabilities, and patching thereof may be quicker

Also, another big benefit would be that open-source ECU's can be customised better (for example the air-fuel ratio or AFR), and allow running on more fuels (including renewable ones). Also see my post over at speeduino forum concerning the AFR changing: https://speeduino.com/forum/viewtopic.php?f=19&t=1502&start=10 and also see my repo over at https://github.com/smallscaleH2/Dual_fuel_system_with_250bar_H2_tank/blob/master/Description

I agree that it is a lot of extra work, and not many (actually very few) car owners will do this, but if they do, wouldn't it increase car security and decrease the chance that a scenario like the one you mentioned would occur ?

[skandavivek]

Just saw your comment - thanks! I think part of the problem is that ECUs and CAN were built with efficiency in mind (reducing physical wiring) not necessarily future cybersecurity issues. But now we are living in such a world where the doors and everything else inside can be accessed by unauthorized users. The big takeaway is that of course we need to prevent cybersecurity breaches. But we also need to be prepared in the event such breaches happen, how do we make ourselves resilient as a society?