EENews Automotive recently has published an article with a provocative title: “German car industry plans to close OBD interface”. The news has stir up aftermarket industry and particularly GPS tracking. After all, the diagnostic port blocking might cut a substantial part of OBDII gadget market.
What goal does automotive industry pursue? Is it a desire to make smart cars safer or just a trick to make more money on Big Data?
We have accepted the challenge to tackle the question and decided to have a global look on OBDII port use. Got expert opinions and made the conclusions.
OBDII is the diagnostic port you can send commands into
Initially, the OBD standard was created and adopted in the US to regulate exhaust gases into the atmosphere. Manufacturers actively began to provide cars with electronics. The constant monitoring of all electronic engine components was required.
Afterwards, the functionality of the diagnostic port has been expanded. The port is no longer only for diagnostics use. Telematics has also decided to use OBDII in its favor. Today, if you connect a GPS tracker to OBDII, you can receive a huge amount of vehicle data online: speed, mileage, tachometer values, fuel level, seat belts use etc.
So, what the potential do we have for today? Multitasking port in the car with an ability to accept requests. Yes, exactly! You can not only receive data from OBDII port, but also send commands into it. For example, send active requests to verify car modules state. Then the question of security arises. So, it looks like OBDII port is an instrument to manipulate the car. Hold that thought. We will catch it a little bit later.
Big data — big money. The question is who will make the scoop
The idea to use the growing volume of OBDII data has become a ground for numerous services and applications. This includes a separate segment of the GPS monitoring market — OBDII scanners to diagnose a car and optimize its expenses and insurance telematics as well. It seems that the automakers saw in this rapidly growing market a profit part that is slipping through their fingers. So, the carmakers decided to start OBDII blocking.
At the 19th VDA Technical Congress the leading automobile association of Germany stated that the OBD port will be partially blocked. Namely, the port connection will be active only when a car is moving. If it is not — the data transfer will be unavailable.
“OBD has been designed to service cars in repair shops. In no way, it has been intended to allow third parties to build a form of data-driven economy on the access through this interface”, explained Grote.
However, the data will be available to third parties that are interested in. The automakers themselves will create a server that of course will be under their control. The information from all connected vehicles will be accumulated there. The data will be classified into groups: traffic safety, data enabling brand-specific services, vehicle system monitoring data, and privacy-relevant user data. The interested counterparty, for example an insurance company will be able to request the information from the servers and most likely all this will cost some money.
That's why Yuri Lavrentiev, managing director at Wagencontrol, believes that this is simply an additional opportunity for automakers to make money.
The fact that OBD is closed is not an attempt to protect users from cyberattacks but rather an automakers’ attempt to sell data from a car and have an additional income. It is the right move for the automakers but it has little in common with security.
Imran Khan, Sales Director of GoSafe, is confident that Volkswagen emissions scandal had a huge impact on automobile association decision.
I believe that Volkswagen last carbon emission law suit had a lot to play in this. We also need to see how it is going to implement as this is just a thinking but we don’t know now whether it will happen or not.
Is OBDII really dangerous?
Looking ahead, we can say that the expert answers vary. Let us compare the opinions and arguments.
Yuri Lavrentiev of Wagencontrol believes that direct access to the OBDII port is dangerous. In the article on LinkedIn, he points out that in addition to the diagnostic requests, so-called "active requests" can be carried out via OBD port. They are needed to check the operation of the system modules. Yuri has an example of raising / lowering the cargo platform, changing the working mode of the engine and even turning the steering wheel. "Any software is hackable" - says the author. What if the steering wheel can be turned not only by a diagnostician? Just think about it. Yuri says that contactless reading of CAN data is a solution.
There are also opposite points of view. Robert Nardi from Bosch Automotive Service Solutions believes that this is just a scaremongering. And the so-called “danger” is far-fetched.
Most of the obd2 dongles are just reading the engine and transmission via protocols (ISO 15765, 9141, 14230, J1850). You would need additional software to communicate with other controllers on the CAN line (ABS, SRS etc) for them to accept commands. OBD2/EOBD was developed for emissions control so only access to the engine and transmission sensors was required. Some newer (smarter) dongles are being released that can communicate to ABS etc but they need to know the make/model of the ABS controller onboard to be able to communicate with it.
Edwin Peng, Queclink Vice President, considers OBDII hacking as an issue that can be regulated by a manufacture:
When we talk about hacking, it’s not about the OBD port, it means the tracker itself be hacked and then the hacker can communicate with the OBD port. When we design the OBD tracker, we only implement part of the basic OBD command. We won’t allow the server to send any command that may cause danger. So, based on this I think our OBD device is safe.
In order to add some practice to the theory, we turned to Loccate, a GPS tracking service. According to Ruslan Yusupov, a customer success manager, 2336 OBDII trackers were connected to the system in the past year. Ruslan said that adverse effects of the GPS tracker on car electronics are extremely rare:
Possible threat of hacker attacks is always a serious focus area for us. That is why we invest a lot in user protection at all levels. Anyway, we consider the risk of hacker cyberattacks using mass-produced OBD2 trackers to be low. We think it is because of the limited possibilities of their impact on a car, and because of the small "benefit" for hackers. For many years of practice, we have met only cases of OBD2 trackers incompatibility. There were a couple of cases: the device was in the OBD2 port but the car did not start and an error was displayed on the dashboard. After removing the tracker from the port, the problem was completely solved.
The forecast of OBDII tracker market share in coming years
According to all the facts and opinions, in the foreseeable future, the market of OBDII trackers will likely continue to grow. Even if the German Automobile Association takes OBDII port blocking seriously, this process will not be fast. It is also not clear whether other carmakers will support the initiative. Therefore, in coming years there is no threat for convenient "plug and play" OBDII trackers.
As for hacker attacks, the practice shows the danger is politicized and quite exaggerated. Yes, with the help of special devices it is possible to control individual car modules via the OBDII port. However, doing this remotely with mass-produced OBDII trackers is unrealistic and there is likely no interest in it. Finally, the most cautious drivers can use simple models of GPS trackers without OBDII data reading. Just for getting power from the diagnostic port.
Therefore, if you still do not use OBDII trackers, most likely you lose some customers and profits. Today, almost all leading GPS tracker manufacturers produce OBDII GPS trackers. The choice is extensive but it is better to trust large and proven manufacturers to provide high compatibility. Choosing a software platform, take into account its security and CAN data reading ability without additional customization from a user side because we know that first of all OBDII tracker is a plug and play product.