Slashdot Mirror

← Back to Stories (view on slashdot.org)

You Can Legally Hack Your Own Car, Pacemaker, or Smartphone Now (wired.com)

Posted by msmash on from the fixing-things dept.

Earlier this year, we ran a story about how even possessions as personal as one's car or tractor, or insulin pump could not be legally hacked by the owner, but those constraints are things of the past now. From a report on Wired: Last Friday, a new exemption to the decades-old law known as the Digital Millennium Copyright Act quietly kicked in, carving out protections for Americans to hack their own devices without fear that the DMCA's ban on circumventing protections on copyrighted systems would allow manufacturers to sue themt (Editor's note: the website may block users who use adblocking tools. Here's an alternate source). One exemption, crucially, will allow new forms of security research on those consumer devices. Another allows for the digital repair of vehicles. Together, the security community and DIYers are hoping those protections, which were enacted by the Library of Congress's Copyright Office in October of 2015 but delayed a full year, will spark a new era of benevolent hacking for both research and repair. "This is a tremendously important improvement for consumer protection," says Andrea Matwyshyn, a professor of law and computer science at Northeastern University. "The Copyright Office has demonstrated that it understands our changed technological reality, that in every aspect of consumers' lives, we rely on code," says Matwyshyn, who argued for the exemptions last year. For now, the exemptions are limited to a two-year trial period. And the security research exemption in particular only applies to what the Copyright Office calls "good-faith" testing, "in a controlled environment designed to avoid any harm to individuals or to the public." As Matwyshyn puts it, "We're not talking about testing your neighbor's pacemaker while it's implanted. We're talking about a controlled lab and a device owned by the researcher."

26 of 106 comments (clear)

  1. About damn time! by houstonbofh · · Score: 5, Insightful

    Of course it will be interesting to watch the challenges to this. Just because the law says you can, it does not mean the companies will let you...

    1. Re:About damn time! by Oswald+McWeany · · Score: 2

      Nor does it mean you won't be held liable. If you hack your Tesla auto-pilot and it drives you into a market full of screaming people. You're liable not Tesla.

      --
      "That's the way to do it" - Punch
    2. Re:About damn time! by zlives · · Score: 5, Informative

      you are liable even if you don't hack it.

    3. Re:About damn time! by zlives · · Score: 2

      according to Tesla, https://www.tesla.com/videos/e...

      "While truly driverless cars are still a few years away, Tesla Autopilot functions like the systems that airplane pilots use when conditions are clear. The driver is still responsible for, and ultimately in control of, the car."

    4. Re:About damn time! by bluefoxlucid · · Score: 2

      Actually, I've already got one: a pacemaker is a medical device, and altering its code changes it, thus is verboten. This is a good thing: every time a medical device's firmware changes, it needs re-certification, so they can't just load new shit into their devices and sell them as if they were already FDA-approved and tested to perform their function correctly. It's also a bad thing, because device makers don't update code so as to avoid recertification; we really need a strict-audit process to allow updating for non-behavioral defect correction (including flow behavior: no refactoring) with full code changes and internal verification submitted, which we can at any future time examine to determine if you actually did substantially-modify the software.

      There is an FDA approval process for personal-use drugs and devices. For drugs, it has to be a non-controlled, non-approved substance (not another manufacturer's generic of an FDA-approved drug) for personal, non-medical (recreational) use OR such a substance for medical use under the supervision of a healthcare professional. For medical use of such drugs, you don't need a prescription; you only need to tell the FDA what doctor knows what you're using the drug for. I'm not sure what you have to file to inform the FDA of non-approved, modified medical devices.

      --
      Support my political activism on Patreon.
    5. Re:About damn time! by c · · Score: 2

      Just because the law says you can, it does not mean the companies will let you...

      Given the security track record of automakers, medical device manufacturers and (to a somewhat lesser degree) smartphone OEM's, I think it'll be a while before we need to worry about that.

      --
      Log in or piss off.
    6. Re:About damn time! by SlaveToTheGrind · · Score: 2

      Well if Tesla says they're not liable for product malfunctions, that's the end of it. /sarc

    7. Re:About damn time! by mrchaotica · · Score: 3, Informative

      There won't be any challenges, they just won't sue you under the DMCA.

      That's a victory!

      They'll still void any warranty you may have and either refuse to work on it, or just fuck you bigtime if anything goes wrong that's even remotely connected to the "hack".

      No, that's what the Magnuson-Moss Warranty Act is for. In order to void your warranty, the burden of proof is on them to show that your modifications caused the problem.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    8. Re:About damn time! by uncqual · · Score: 2, Funny

      If the people in the market were screaming, they must have seen me and it's their responsibility to get out of the way of my Tesla -- just like bicyclists and ICE powered cars are expected to do.

      --
      Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading /.
    9. Re: About damn time! by bestweasel · · Score: 2

      He has a heart?

  2. What about running the software to talk to the car by Joe_Dragon · · Score: 2

    What about running the software to talk to the car?

    Can they make an DMCA clam on it?

  3. Awesome! I've been waiting to hack my packemaker! by whopis · · Score: 5, Funny

    I hear it is really easy to overclock them.

    Just update this regist-aaaaaarrrrghhhhh

  4. Re:Awesome! I've been waiting to hack my packemake by shadowp157 · · Score: 2
    Now all they need is insecure wireless access!

    With default passwords of course.

  5. Kickstarter for source code and tools for my car? by cliffjumper222 · · Score: 2

    Could someone do a kickstarter to open up my car's SW and create dev tools for it? I have a 2015 Subraru Outback with EyeSight and I've already taken into the shop for two SW bug updates (one affected braking). I won't necessarily change anything, but it'd be good to have a look see. I'd also like an assessment of the SW quality level from someone knowledgeable in automotive programming. I could imagine a new kind of car review site that will take car code and run it through non-real time simulations and perform quality assessments just like other parts of the car are reviewed.

  6. Re:EPA rules? by HornWumpus · · Score: 2

    You realize the old code passes smog checks?

    I don't believe OBD2 even has a check version# function. Even if it does that will be easily hacked up to version FFFF.

    The truth is: I wouldn't drive a water cooled VW if you paid me. I might make a side business of making diesel VWs run better again, than sell them. The problem would be how do you tell prospective customers you've unfucked the ECU without drawing heat.

    There just isn't enough money in it for me, could just Creative commons a project (torrenting the ECU image to avoid legal problems) so people can fix their own. I bet the butthurt in the comments on sourceforge for that project would be epic.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  7. Re:Decades old?! by Anonymous Coward · · Score: 5, Interesting

    I believe it was technically 'passed' in 1998 but was actually 'enacted' (went into effect) a few months into 2000, because of fears that the DMCA (hence the term 'millennium' in the name) would impact the Y2K issues that needed addressed.

    People in the know were afraid that DMCA would block Y2K fixes that were needed. (they were right to worry about this, but not right enough to realize 'wait why are we passing a law that we already know has major issues... ohh wait... thank you for the donation MPAA, RIAA, etc)

  8. Re:Kickstarter for source code and tools for my ca by HornWumpus · · Score: 2

    Google 'Subaru ECU tuning'. Not everything you want, but mostly.

    The laws against this, haven't been stopping anyone. Thank dog for racers.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  9. Re:Awesome! I've been waiting to hack my packemake by Solandri · · Score: 2

    Not sure why pacemakers were given as an example. Aside from carriers locking down smartphones, the place this will affect most of the public is in printers with stupid kill-switches if they detect a non-authentic (i.e. 3rd party without the 1000x price markup) ink or toner cartridge.

  10. John Deere by PPH · · Score: 2

    We're coming after you next!

    --
    Have gnu, will travel.
  11. Re:Kickstarter for source code and tools for my ca by HornWumpus · · Score: 2

    4 program switch out boards were common back in the day when you had to physically change out chips (for Ford Mustangs anyhow).

    These days you just reflash the bad code before the smog check, then fix it again after passing.

    Not all tunes will necessarily make the car fail smog.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  12. Re:Awesome! I've been waiting to hack my packemake by networkBoy · · Score: 4, Insightful

    I'll bite:
    Because Pacemakers (and the related implanted defibrillators) are something that independent security research on is a good thing.
    Up till now, however, anyone hacking these for research could be sued under DMCA.

    Another good effect:
    Voting machines! (Assuming you manage to legally acquire one).

    --
    whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  13. Map Updates for Car Nav Systems! by Mike+Van+Pelt · · Score: 4, Interesting
    I would love to be able to update the maps in my car's navigation system (2008 vintage) but not at Toyota's price: More than the price of two (2) brand new Garmins with included lifetime map updates. For a single DVD with one (1) map update.

    Mostly, I just use my phone these days; Google Maps is always up to date, and I can download maps so I don't need to worry about cell coverage in the middle of nowhere.

  14. Re:You don't necessarily own the products you purc by sydbarrett74 · · Score: 2

    Hopefully these exemptions will open the door to further challenges in court. As more and more people see the ludicrous degree to which the deck is stacked against consumers and the general welfare, things will slowly change through legal precedents and changed laws. One of the effects of this presidential election is that a majority of people realise the emperor has no clothes -- the lies (i.e., the Washington Consensus signed onto by both political parties) they've had shoved down their throats for decades no longer taste so good and are being expurgated. Let's cross our fingers that the issue referenced in the story is one addressed by more citizen vigilance and knowledge.

    --
    'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
  15. Stupid Tom Tom in my Mazda by jriding · · Score: 2

    Now maybe I can finally fix the Voice only option when the car is moving. Stupid Tom Tom is broken enough with out having to figure out what I am saying.

    --
    love the taste, hate the texture
  16. Re:Kickstarter for source code and tools for my ca by Sloppy · · Score: 2

    That would be illegal. If you happened to somehow magically have that software, the Librarian of Congress just made it legal for you to use it. Writing ("manufacturing") the software remains illegal, as does trafficking in it, marketing it or offering it to the public.

    The problem isn't fixed until DMCA is repealed. LoC can't undo the injustice.

    Everyone please remember to vote more Republicrats into Congress next week, in order to prevent freedom from breaking out. Evil depends on you. (just kidding, I know there are very few ballots containing any other choices. We have all been working to preserve evil for two years; it's not something we merely do next week.)

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  17. Re:Awesome! I've been waiting to hack my packemake by RockDoctor · · Score: 2

    Voting machines! (Assuming you manage to legally acquire one).

    Is there a law preventing one from buying a voting machine?

    Say that I run ... let's say, the Student's Union (managing the pub, laundry, band practice room, and cafe) of Smallsville University (dedicated to the memory of Derek Smalls) ... and I approach Diebold (I may remember the name wrongly) to buy a voting machine for conducting our Union's internal democracy, then they'd turn me away citing [law number and section, of year].

    Diebold may choose to tell me they only consider orders of ten thousand or more machines, for whatever reasons of business, policy or prejudice against Derek Smalls (Messiah on Mondays through Wednesdays) ; but that's a different thing to being prevented by law from selling me one.

    Is there any law preventing me from buying one second-hand? You'll note that I've set up the scenario so I have perfectly reasonable grounds for wanting one - there's no nefarious intent to complicate matters.

    --
    Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"