> limit or disable certain functionality in the vehicle: ... over-the-air updates, which provide new ... safety enhancements ...
I wonder what happens if you disable the e-SIM (in the US) and then a safety recall appears via software update - do dealers have any way to update control modules besides OTA?
This is a huge unresolved issue with EVs IMO; ICE cars are required to provide emissions-relevant updates over software which can operate using a J2534 passthrough device, which effectively means powertrain modules have to allow (potentially signed) updates over CAN using software that can be obtained by an end user (a lot of people don't know this; for almost any ICE car in the US, you can buy a 3-day or 1-week subscription to the dealership level diagnostic software for a somewhat reasonable fee and use it with a J2534 device).
But for EVs, there's no such rule and as far as I can tell it's entirely a gray area in the US now; the NHTSA require a "remedy" for recalls but nobody seems to have pushed back to determine whether OTA is truly a remedy. The traditional autos all offer dealerships as a backup option, but Tesla and Rivian have several recalls with only OTA remedies already. This seems sketchy.
> I wonder what happens if you disable the e-SIM (in the US) and then a safety recall appears via software update - do dealers have any way to update control modules besides OTA?
I would assume so. Even on older cars, service techs can typically manually push firmware updates over the OBD-II / J2534 port. Rivian's OBD-II port actually hides an Ethernet signal inside of it - so the interface is certainly there.
Fun fact: You can buy an Ethernet adapter directly from Rivian here to connect to the car's internal network: https://rivianservicetools.com/Catalog/Product/TSN00535-300-...
> Rivian's OBD-II port actually hides an Ethernet signal inside of it - so the interface is certainly there.
Nice. This is really normal now, for what it's worth - all of the European makes have moved this direction as well (DoIP over ENET). There's shockingly little documentation about Rivian online, though, probably because emissions regulation doesn't mandate it.
For those unfamiliar with DoIP:
https://automotivevehicletesting.com/vehicle-diagnostics/doi...
The first link leads malicious ads/malware. On iphone says viruses detected pretending to be apple/google
I am on desktop and saw no such warning, but I'm also using adblockers and noscript.
Yeah, I got a cable to update my 2017 BMW's infotainment system, and it's OBD-II to RJ45. Doesn't seem to be too new of a thing.
Yep! Depending on the vintage, BMWs have "real" DoIP or a BMW-ized version (sort of like how KWP2000 was the predecessor to UDS). For emissions modules, they still also have to support updates over UDS as well as ENET, though, for the above mentioned J2534 reasons (Ethernet wasn't added to J2534 until 2022).
> Even on older cars, service techs can typically manually push firmware updates
Older cars have no concept of such updates.
Happy with my 70s and 80s and early 90s cars.
This is tangential, but Kia declined to cover an engine failure, under warranty that was extended by recall, because I had not done an update.
Edit: I eventually recovered most of the cost via a settlement court.
Even more tangential: Kia declined to cover an engine failure, under warranty that was extended by recall because I change my own oil.
Kia's engines are known to fail predictably even within first 100K miles. They extended their warranty because of it. But then they weasel out of it unless you hire an attorney and go to war.
This would be a violation of the Magnuson-Moss Warranty act of 1975 which requires they show the work done directly caused the failure.
If this were a widespread policy I bet class action lawyers would be all over it without you having to pay for it.
Maybe they researched customers’ backgrounds and only screwed the ones they thought wouldn’t lawyer up
Yeah, because you allegedly consented to them being able to update your ECUs via the mobile link in the cars when you bought the car.
As if I needed another reason to keep my 2014 skoda.
If i ever have to get a new car, i will disable telemetry, and i will buy it either without telemetry, or with the agreement that i do not consent to telemetry.
(read the fine print before getting a new car. the shit they can do that can go wrong and you have to pay for.. no wonder old cars cost as much as new ones.)
I assure you that “old cars costing as much as new ones” isn’t the result of the market force of people reading contractual fine print and/or freaking out about telemetry. Concentric circles of echo chambers over here.
The main reason is more tangible to people. It is more reliability and simplicity. For instance the Toyota Tundra used to have a V8 that was pretty bomb proof. But over the years, manufacturers put in more efficient but more prone to problems turbocharged smaller engines. The bearing clearances went down, thinner oil then can be used which is also more efficient. But the margin for error when you are putting what used to be a performance engine in a car is much smaller and there have been issues. As car prices have gone up, people value a time tested drivetrain. There have been a lot of problematic CVT transmissions too.
I agree. I have never met anyone in real life that's concerned about telemetry on their car.
They're worried about the cost of a new car, and the cost of all the electronics, should they go bad.
I’ve certainly met them, particularly in the context of Chinese EVs.
I really wish car review publications would start adding a ‘Privacy’ section along side the Perfectly, Road Handling etc parts of reviews
Do they seriously not? Malpractice
I realize that I'm not a person in your real life, but FYI I'm concerned about the telemetry in my car.
(Just stating this as a data point for you.)
How do you disable telemetry in a new car. I have a 2022 Kona. It's the first car I've had with telemetry. No idea how to disable it.
1. get a _real_, unabridged service manual. that takes some darkweb experience nowadays.
2. identify anything that looks like capable of housing a cell modem. that takes some understanding of contemporary car electronics
3. deny RF interface to units identified. that takes some understanding what RF = radio frequency interface is and also getting rid of fear of disassembling significant portions of your car.
All in all that is a great learning experience.
If I disable the modem, does that disable the SOS feature? Do I need to tell my insurance company?
> do dealers have any way to update control modules besides OTA?
I get some updates OTA, but the dealer has to install some others, and when I took it there they updated it with a USB stick.
Nice, thanks for the reply; this is surprisingly undocumented online. Presumably if they got cornered and the module under repair was updatable via this mechanism they'd have some ability to use that system, then. I wonder how charitable they will be about using it for non-recall updates for customers who have solely chosen to opt out.
Rivian are probably the only major manufacturer I've never had a chance to look at in any RE capacity and I'm getting more curious by the second. The reaction their vehicles had to the infamous bricked-infotainment update actually represented a pretty good adherence to safety guidelines (the drivetrain as well as the speedometer and warning lights on the cluster still worked in a degraded format even when the infotainment was bricked) IMO, so they do seem to apply a reasonable degree of care.
I said this elsewhere, but I had trouble with Kia even for an issue covered by recall. Because I hadn’t had the update done, they refused to cover.
I wonder what happens if they issue a recall that you want to refuse.
What if they did the EV equivalent of Dieselgate[1]? Say it has a dangerous amount of torque or something, but you like that.
Could you just turn off the network and keep it in the desired (unsupported) state?
[1]: https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal
In the US, a vehicle with an outstanding recall technically isn't roadworthy, though consumer level enforcement of this is non-existent in practice. It's mostly enforced on dealers, who can't sell a vehicle with active recalls. The only way I can imagine it mattering to a consumer is if they sold it.
I can imagine car insurance refusing to pay out in the case of an accident
Doesn't being legally non roadworthy only apply to NHTSA safety recalls while there are other types of recalls for non compliance or manufacturer voluntary recalls?
"a lot of people don't know this; for almost any ICE car in the US, you can buy a 3-day or 1-week subscription to the dealership level diagnostic software for a somewhat reasonable fee and use it with a J2534 device"
Whoa, didn't know that. Well the caveat is finding a decent J2534 device, right? There are a lot of cheapo knockoffs. Then actually knowing how to use the software with it.
I'm pretty sure decent ones run about 50-80 dollars, a very good one.
Oh that's not bad at all, I thought it was like $500. My cheapo knockoff was $20.
Have you flashed anything? I need to flash the gearbox on my CRV, really wanted to DIY it at home and not get upcharged by the stealerships.
https://www.crvownersclub.com/attachments/tsb-15-086-crv-tra...
No, but I'm not a good person to ask. My two cars are on opposite extremes, one is simple and doesn't need anything beyond OBD2, and the other is too scary to mess with digitally.
My experience is J2534 support is sketchy and if you want to do the things you actually want to do you need a manufacturer approved device with an insane markup. Also the subscriptions are insanely expensive, not even close to reasonable and you need to be a company (at least you used to be with Ford last time I checked, but they accept the UK or Dutch royal residence as a valid company location so there is that...)
> at least you used to be with Ford last time I checked
Certainly not any time in the last 15 years that I’ve been buying IDS/FDRS and service manual access.
...do dealers have any way to update control modules besides OTA?
Of course they do. It would be absolutely silly not to. And in the case of safety recalls, their duty to inform you would entail a more traditional and substantiated disclosure i.e. a letter.
What ever happened to take it to a dealer or authorized repair place to have it done? While I may be willing to take certain things apart that, the one thing in life I have resisted is any kind of monkeying with my car. There are certain things where I'm willing to accept that I took it apart and it no longer works because I bricked it, shorted something, or otherwise damaged it beyond my skill set to undo. My car is not one of them. However, I also do not want my car to be under the direct control of someone else that can decide I can no longer operate my car. If there's an update, I'll bring it in to have someone trained/responsible for that update.
The perfect modern consumer/sucker...
My car needed another key. The stealership quoted me >$400 for it. I took it as a personal insult and did the research and ordered an OBD device and also discovered you can order replacement keys on aliexpress, and they'll even cut them for you with a good picture of your existing key. It was actually a fun project and very satisfying when I was able to successfully program and link the RFID chip to the ECU to start the engine.
May not be feasible with more locked-down modern cars which I wouldn't touch with a ten-foot pole, but I was able to fix it for about $150, not including my time of course. But I have the OBD device to use next time now as well.
Excellent. Sounds about what I’ve paid.
eBay key fob (new) + local locksmith, easy and no insults!
Some people like messing with cars. They take the time to understand what's happening and learn the process and pitfalls. Hobbyists wiil never be as good as trained professionally but we can still get the job done. I went through the trouble to diagnose and replace a bad alternator on my civic after the battery started dying too fast. I did it cause it was fun.
The other reason i did it is because the dealership and other shops quoted me over 10 times the cost of parts, and I literally did not have the money to take them up should i have wanted to. Car maintenance is expensive, _especially_ at the dealership.
Some how, we've changed the direction of the conversation to something you lost vs a software update to the brains of the car. I'm guessing just to make the obvious point the dealership is not the cheapest place for repair.??? This isn't change the tire or get an oil change. This is something a consumer has deliberately done to prevent the manufacture from making an OTA software update. These are the kinds of changes that I want someone available right then and there to be responsible if the update borked the car.
I wonder what happens if you disable the e-SIM (in the US) and then a safety recall appears via software update - do dealers have any way to update control modules besides OTA?
Yes.
You get a letter in the mail asking you to take your car to the dealer so they can install the update.
Been there. Done this.
Interesting, I reviewed every Rivian software update recall letter I could find before I posted this and they all said something like "If you have not already updated to software version 2025.18.30 or later, please do so to remedy this issue at no cost to you," with no mention of the dealership as a remedy - for example, https://static.nhtsa.gov/odi/rcl/2025/RCLRPT-25V585-0759.pdf . This is different from other manufacturers who explicitly mention the dealer, like this Ford EV recall: https://static.nhtsa.gov/odi/rcl/2025/RCAK-25V863-3736.pdf
Of course they don't mention it. They don't want you to bring it in and have to pay a tech to do the update for you. It doesn't mean the dealership can't do it.
Aren’t Rivian dealers relatively rare? I’d compare them to Tesla.
WiFi. Flip it on for an update, then leave it off.
> do dealers have any way to update control modules besides OTA?
Yes.
I kinda assume the dealer does this as part of any service they do. Either that, or they update some other way. My software notices went away when I had my service done, even though I’ve opted out of everything (and verified again after).
WiFi is, err, still OTA, although it does answer the eSIM question. I assume the truly concerned/paranoid wouldn't want to connect to WiFi either, since presumably telemetry / tracking metadata could be uploaded at that time too.
Anyone concerned about preventing telemetry from being uploaded would probably also be concerned about taking it to the dealer for an update, though. Because how do you know the dealer won't just do an update by turning the car's e-SIM back on, then turning it off before giving the car back to you? Which would then allow the car to upload all the stored telemetry you're concerned about. (Note: generic "you" meaning "the person concerned about telemetry", not bri3d in particular). Or, as long as they've connected a device to the car that can upload data, how do you know that that device won't also download stored data, which the dealership can then upload over their own WiFi?
I believe the truly concerned/paranoid will not want to take their car to the dealership for updates at all. Which would, IMHO, be a mistake: having known security holes in your car's software is more likely to lead to a privacy invasion (via getting your car hacked at some point) than letting the dealership get their hands on it for a few hours.
(I should note that all of this is theoretical for me: I drive a car that's old enough it doesn't have any software).
EDIT to add this P.S.: Actually, I can think of one category of people who would be concerned enough to turn off the car's ability to connect to the Internet, but feel fine about taking it to a dealer for updates. That would be people who want to turn off the car's Internet connectivity not because of privacy concerns, but because they don't want anyone to be able to disable the car (either via hacking or via "legitimate" means, i.e. the manufacturer does it) while they're driving. Such a person would care a lot about the car's Internet access being completely off while they are driving, but not care about it being turned on while it is at the dealership.
This is the exact mindset that has amused me for years with computers. People use an OS with which they have a seriously hostile relationship. Why would you continue to pay a lot of money for a product you consider to be your adversary?
What's special about EVs that gives them this loophole? Is it something to do with not having dealerships and going direct to consumer?
Emissions. Most things about ICE cars come through EPA and CARB.
I'm pretty sure that the only diagnostic codes that an ECU is required to output are emissions-related codes. Since EVs have no emissions, I'm gonna guess they can force all diagnostics through the dealer if they really want to.
without oil change and wear of brakes there is little need for inspections.
Ball-joints and tires are still consumables, and they go faster as weight goes up.
Surely wheel bearings too. And you have to do a safety every year to check for rust perforation (at least in the U.S. states that still do that).
[dead]
[flagged]