Joking aside, this system has been abused extensively and is really in need of an overhaul.
I used to live in China and used the postal service to ship a lot of my personal stuff back home when we moved back to the US. It was ridiculously cheap to move that way. I couldn't believe how cheap it was. Each box was just shy of the 25kg limit and right on the maximum allowed dimensions. Each one shipped from South China to Alabama for about $20. I couldn't even mail them to another city in Alabama for that price, but here they were circling half the globe.
I read the article, not the study. But, it's obvious that they're making two very huge assumptions here: 1. World population hits 10B 2. That entire 10B eats like an American/Brit due to rising wages and the ability to afford it
For the sake of argument I'll concede to middle class expansion. Although, that's not really a foregone conclusion.
But, middle class expansion doesn't necessitate eating like an American. The Chinese are a great example of what happens when other cultures are pulled out of poverty. They do eat more meat than they used to, but not even close to Western levels. India is the next "big lump of people" and half of them are vegetarian. Finally, middle class expansion tends to result in smaller families. This is currently true for almost every one of the Western nations, it's also true in China. Even with the one-child policy gone, they're still having fewer children.
Conclusion: Neither 1 nor 2 is very likely. Both of them? Forget about it.
You've absolutely hit the nail on the head. Get rid of the monopolies.. give them the same deregulation we gave to the telecom world with CLECs. Suddenly, prices will drop like hail from a thunderstorm.. just like long distance did in the 90s.
I used to live in China and was in the data center cooling business. R12 is all over the place there in the HVAC industry. Officially, it's prohibited. Unofficially, you can buy it from any A/C dealer in just about any city. I've been gone for a few years, but when I was there, R12 air conditioners were still being made and installed new.
On some cars there are gateways between the distinct CAN busses but often they don't do as much intelligent filtering as they should.
I can only speak with authority for Ford and VW/Audi/Porsche cars. VW/Audi/Porsche most certainly have one of these gateways between the can busses and it's quite good. In this case, we're talking about powertrain can and convenience can. The only messages allowed to pass between those are status updates from the ECU to convenience (engine RPM, temperatures, etc.. for the instrument cluster and some radios that can display vehicle stats), setting change messages from the radio to the body control module and ECU/TCU (sport/eco mode) and cruise control messages from the steering wheel controls.
No other messages will pass the gateway between those two busses.
So, the best they could have achieved if they completely own3d the infotainment system would be to possibly adjust the cruise control settings. Even that is speculative because I believe the steering wheel controls are now on a separate lin bus, which would eliminate that vector. They couldn't affect the brakes. They probably could switch between eco and sport modes or adjust the ride height on the higher end Audi's that have airbags. They might also be able to get the windshield wipers into service mode (they move to the top of their stroke and stop there).
So, ya, I think the headline is click baity. Also, "we didn't want to violate VWs IP" is a crock, by their definition of that, they did it already when they violated the radio to find the exploit. I would wager that they tried to do more but failed and CTA with this statement.
Yes, the article is full of buzzwords, but those words do actually have meaning. I agree that more often than not, the words get tossed around, soul sucking meetings had, papers filled out and minutes recorded and nothing actually happens.
But, that doesn't mean the is theory is bad, only the implementation.
In essence, that's what this article is trying to say. Strategy is not about deciding to make a new product or enter a new market. Strategy is about deciding who you are as a company. That's a much bigger, much harder goal and one that I think most of us wish our companies could do. Decide what exactly it is that you're going to do and then go frigging do it!
It's also home to some of the most fantastically delicious spicy food ever created. I might have been born in the US, but my heart will always be in Chongqing.
The reality over there is that WeChat already was. This is just making it official.
Wechat has required identification tied to a Chinese mobile phone number for some time now. They also started (two years ago I believe) collecting IDs to purchase a sim card. It might not have publicly stated such, but Wechat was already bound to a users ID card and sim card.
When they cracked down on websites and started enforcing the censorship rules more strictly, every Chinese website I use moved to requiring registration validation with a Chinese phone number or Wechat account.
Wifi registration via Wechat has been going for about as long.
Wechat is also, now, the primary means of paying for basically everything. Groceries? Scan the QR at the register. Taxi? Book it with DIDI (Chinese Uber) or scan the QR code. Restuarant? QR code at the table. Scan it and you can place your order through the phone and pay right away.
So: your identity, thoughts, opinions, pictures, personal relationships and money are all now wrapped up in a single app controlled by the government. I can't imagine there will be any abuses of this!
It's easy to say that when churches are considered "charities" and the republicans actively court every church goer they can find.
This distortion is clearly evident from your own article, but ignored in your post. 40% of the way down the page is the breakdown, "Religion and Charitable Giving". The church-goers group gives slightly more than the non church goers to secular causes, but they dwarf everything else on the chart with their donations to the church.
Don't get all holier than though about charity when 70% of your "charitable" contributions went to a church.
ME7 is extremely old (10+ years). Also, immobilizer defeat requires removal of the ECU. It's trivially easy to do once the ECU is removed, but that requires extended access to the car.
We're not talking about whether something can be defeated if you have the keys, a toolbox, an eeprom burner and unlimited time with the car. The root question is about whether a vehicle is hackable, potentially remotely.
The can gateway is "just another device", but it's very difficult to get it to do anything it isn't supposed to do. Yes, all the devices you care about are on the powertrain bus. But, nothing that's easily accessed (infotainment, obd port, headlight distance controls) is on that bus and none of those things can communicate directly with it.
It's exactly the same principle as having an internal network isolated from the internet. A properly configured firewall will allow proper access to inside services, but won't allow malicious activities.
In short: If you want a secure car, get something with a carburetor or buy a VW, Audi, Porsche, Seat, Skoda, Bently, Bugatti or Lamborghini.
I reverse engineer automotive software for a living and I can say without question that Volkswagen Auto Group cars are as secure as you can possibly find.
Most of the cars you hear about being "hacked" are vulnerable because of something in the infotainment system. Once an outsider has access to that, in most cars, they have access to the canbus and can do "bad" things.
Vag cars are not this way. They have multiple can buses, one for each primary function. Body control, convenience and power-train are all on separate buses. Between these buses sits a device called the "can-gateway", which is essentially a canbus firewall. No packets can move between the buses except those that are necessary to allow. A "wheels are spinning, activate ABS" message cannot originate on the convenience or body control bus.
The software for just about everything important is secured with signatures (2048 bit now). Modifying the software for these cars is extremely difficult, getting access in the first place requires enormous amounts of very skilled labor. We spend many thousands of man hours each year just keeping ahead of the security features added to the ECU engine control code (we're a performance company).
It's hard enough to modify anything on these cars when you have every tool imaginable, a seasoned veteran staff, complete access to the cars and nearly unlimited financial resources.
Don't forget that Z series is even more stupid expensive than Sun gear. I get that there's a bunch of R/D that goes into mainframes and keeping a non x86 CPU alive (Sparc/PPC/Zseries). But, if you want new things to be built for them, there has to be a reasonable level of entry for small shops.
$20k+ (Sun) or $100k+ (Zseries) is not a low enough entry level that I'd going to develop anything for it.
I'm very well versed in PPC assembly. I've found a quite wonderful niche working on automotive controllers. I also have several subordinates well versed in Tricore (Infineon automotive CPU) assembly.
Neither of those will ever make it onto any list of "popular" anything, but we all make plenty of money doing it.
As important as those two languages are to what we do, I've never hired anyone that listed either of those things on their resume. The ones that did list them specifically had at best a rudimentary understanding and little other practical background that would make them useful.
Don't learn something because you think you can make money with it. Learn something because you like it and want to use it. Then, find an employer that values your talents and willingness to learn whatever they need you to learn.
I work on PPC systems every day. I also use several. I'd wager that you do as well.
Have cable or satellite TV? 90% chance it's using a Power cpu. Drive a car with fuel injection? 65% chance your engine is run by Power, 90% chance something in the car is (ABS, nav, transmission).
It's been around a long time (30+ years), been 64 bit much longer than x86 or ARM, has good OS support and good compilers.
I work on and like ARM as well, but if IBM can make a value proposition in China with PPC, they actually have a chance at getting some market share outside embedded.
The first option would be a PCMCIA ethernet card. Since you have 3.11, if you install a PCMCIA nic that has windows 3.11 drivers, you can simply use windows file sharing to copy everything. There's plenty of old nics on ebay.
Second option is to use pkzip to zip up everything you want. Buy a null modem cable and transfer the zip files using x/y/zmodem. Windows 3.11 had a terminal program and the windows XP laptop will have hyper-terminal.
The second option is much slower, but null modems are easier to find than pcmcia network cards with windows 3.11 drivers.
I'm the head of software engineering at a small company and was a technical director at an MNC previously. I've hired hundreds of programmers.
I regularly hire EEs as programmers, but not for web development. Web development is mostly the bastion of very nimble, hacky types. As others have said, it's frequently more about putting together a reasonably elegant hack in a short period of time.
I hire EEs for board support and other embedded development. Those are the places where real engineering skills are the most useful. I don't want my BSP full of dirty hacks or hard to find/duplicate bugs. I want code that is planned, organized and well executed. That's exactly (in my experience), what I get from engineer coders.
The exception to my above generalization about web development is Java. Java backed websites (JSP and the like) are mostly developed by engineers and are used by large companies. If you want to maintain your engineering mindset and build websites, Java dev as a nameless drone at a big company is the way to do it.
Otherwise, I'd suggest boning up on your C and getting into embedded stuff. I personally find embedded work much more satisfying. It's also much easier to stay relevant without knowing the ins and outs of the latest NoSQL db or javascript library.
I don't work with Fords, so I can't answer your question specifically. In general, the trend in cars is to have fewer controllers and devices on the bus controlling more and more things. In the VW/Audi world, all of the "body control" stuff is handled by a single module under the dash.
At the same time, many of those modules and the wires between them are accessible easily under the hood. I can reach under a VW, remove a plastic underbody panel and get to the powertrain (most important) canbus without opening the hood. I'd come up greasy, but I could certainly do it from under the car. With a little practice, I could probably do it in under a minute.
In the VW case though, that wouldn't do any good. I couldn't start the car or unlock the doors (door locks aren't on the powertrain can and the gateway won't pass through a door unlock message originating on powertrain). I could monitor their engine/transmission/ABS though and could turn off the car, change the gears or set/adjust the cruise control once the engine was running. I might even be able to trick the ABS into thinking the car is skidding and get it to lock up the brakes (I haven't played with ABS controllers much, so I'm not 100% certain of this one),
"Does nobody do signing or encryption of signals to control systems"
VW/Audi does. The newest generation use 2048bit RSA signatures for everything. The previous generation used 1024, which is still pretty much unfactorable for a reasonable price.
But, they can't use encryption of any consequence or signing on the bus. It's all real time and needs to be that way. Would you want your airbag to wait to deploy until it had verified even a 512bit signature on the "oh crap we've been in an accident" message?
Same thing with ABS.
The only real place they can use that (and they DO use it here) is for starting. When you're starting a car, there is no imminent danger. In VW/Audi, they have the "immobilizer" system. It uses RSA again. The instrument cluster, ECU and each key have a coded serial number. Each devices holds a hashed/signed copy of the serial numbers of the other 2 and the VIN. If the 3 don't all agree, the car won't start.
There are some ways around the system, but they require opening the ECU and various other things that are quite time consuming and very obvious. Nobody has (to the best of my knowledge) beaten the immobilizer system via methods that don't require a grinder.
I work in the automotive after market (ECU tuning). I can actually back up what they're saying. Even if they did come by it via speculation, they're actually pretty much dead on.
That is primarily because the german cars use what we call a "Can Gateway" but is better of though as a firewall. Every different system in the car has it's own private canbus. Anything that needs to travel between the busses has to go through the gateway. In the case of VW/Audi vehicles, it's locked down quite well. It knows what packets belong on what bus and only allows a very limited subset of properly formatted and required packets to pass between those busses.
Vehicles that share common can without a gateway are readily exploitable. I could plug a can interface into the headlights, A/C or any other system on the global bus and lock/unlock the doors, roll the windows up/down, trigger the traction control/ABS or even start/stop the car (if it uses a push button start).
Doing those things requires access to the can wires, but the bus is used for so much now-a-days, there's always plenty of places to access it. Many of them without requiring keys or an open hood.
Slashdot Mirror
Blind squirrel, acorn.. you all know the retort.
Joking aside, this system has been abused extensively and is really in need of an overhaul.
I used to live in China and used the postal service to ship a lot of my personal stuff back home when we moved back to the US. It was ridiculously cheap to move that way. I couldn't believe how cheap it was. Each box was just shy of the 25kg limit and right on the maximum allowed dimensions. Each one shipped from South China to Alabama for about $20. I couldn't even mail them to another city in Alabama for that price, but here they were circling half the globe.
I read the article, not the study. But, it's obvious that they're making two very huge assumptions here:
1. World population hits 10B
2. That entire 10B eats like an American/Brit due to rising wages and the ability to afford it
For the sake of argument I'll concede to middle class expansion. Although, that's not really a foregone conclusion.
But, middle class expansion doesn't necessitate eating like an American. The Chinese are a great example of what happens when other cultures are pulled out of poverty. They do eat more meat than they used to, but not even close to Western levels. India is the next "big lump of people" and half of them are vegetarian. Finally, middle class expansion tends to result in smaller families. This is currently true for almost every one of the Western nations, it's also true in China. Even with the one-child policy gone, they're still having fewer children.
Conclusion: Neither 1 nor 2 is very likely. Both of them? Forget about it.
Alexa is only on if you hold the button. She's off by default and isn't always listening.
Yes, you can run Kodi on it, works great.
You've absolutely hit the nail on the head. Get rid of the monopolies.. give them the same deregulation we gave to the telecom world with CLECs. Suddenly, prices will drop like hail from a thunderstorm.. just like long distance did in the 90s.
I used to live in China and was in the data center cooling business. R12 is all over the place there in the HVAC industry. Officially, it's prohibited. Unofficially, you can buy it from any A/C dealer in just about any city. I've been gone for a few years, but when I was there, R12 air conditioners were still being made and installed new.
On some cars there are gateways between the distinct CAN busses but often they don't do as much intelligent filtering as they should.
I can only speak with authority for Ford and VW/Audi/Porsche cars. VW/Audi/Porsche most certainly have one of these gateways between the can busses and it's quite good. In this case, we're talking about powertrain can and convenience can. The only messages allowed to pass between those are status updates from the ECU to convenience (engine RPM, temperatures, etc.. for the instrument cluster and some radios that can display vehicle stats), setting change messages from the radio to the body control module and ECU/TCU (sport/eco mode) and cruise control messages from the steering wheel controls.
No other messages will pass the gateway between those two busses.
So, the best they could have achieved if they completely own3d the infotainment system would be to possibly adjust the cruise control settings. Even that is speculative because I believe the steering wheel controls are now on a separate lin bus, which would eliminate that vector. They couldn't affect the brakes. They probably could switch between eco and sport modes or adjust the ride height on the higher end Audi's that have airbags. They might also be able to get the windshield wipers into service mode (they move to the top of their stroke and stop there).
So, ya, I think the headline is click baity. Also, "we didn't want to violate VWs IP" is a crock, by their definition of that, they did it already when they violated the radio to find the exploit. I would wager that they tried to do more but failed and CTA with this statement.
Yes, the article is full of buzzwords, but those words do actually have meaning. I agree that more often than not, the words get tossed around, soul sucking meetings had, papers filled out and minutes recorded and nothing actually happens.
But, that doesn't mean the is theory is bad, only the implementation.
In essence, that's what this article is trying to say. Strategy is not about deciding to make a new product or enter a new market. Strategy is about deciding who you are as a company. That's a much bigger, much harder goal and one that I think most of us wish our companies could do. Decide what exactly it is that you're going to do and then go frigging do it!
It's also home to some of the most fantastically delicious spicy food ever created. I might have been born in the US, but my heart will always be in Chongqing.
I also have fond memories of riding a 47 into Hong Kong and Narita. I'll miss the ole' girl.
The reality over there is that WeChat already was. This is just making it official.
Wechat has required identification tied to a Chinese mobile phone number for some time now. They also started (two years ago I believe) collecting IDs to purchase a sim card. It might not have publicly stated such, but Wechat was already bound to a users ID card and sim card.
When they cracked down on websites and started enforcing the censorship rules more strictly, every Chinese website I use moved to requiring registration validation with a Chinese phone number or Wechat account.
Wifi registration via Wechat has been going for about as long.
Wechat is also, now, the primary means of paying for basically everything. Groceries? Scan the QR at the register. Taxi? Book it with DIDI (Chinese Uber) or scan the QR code. Restuarant? QR code at the table. Scan it and you can place your order through the phone and pay right away.
So: your identity, thoughts, opinions, pictures, personal relationships and money are all now wrapped up in a single app controlled by the government. I can't imagine there will be any abuses of this!
So, the US FCC removes protections from the internet in the US and within a week England votes to make broadband a right?
I realize the cord was only cut 240 years ago, but isn't it time that we stopped acting like the teenage rebel?
It's easy to say that when churches are considered "charities" and the republicans actively court every church goer they can find.
This distortion is clearly evident from your own article, but ignored in your post. 40% of the way down the page is the breakdown, "Religion and Charitable Giving". The church-goers group gives slightly more than the non church goers to secular causes, but they dwarf everything else on the chart with their donations to the church.
Don't get all holier than though about charity when 70% of your "charitable" contributions went to a church.
+1 for APR
It's very good. It has rules in it for every packet that it can possibly see and where that packet is allowed to go.
Spam error packets like these jackasses are using would be silently eaten by the gateway resulting in 0 ill effects to the car.
ME7 is extremely old (10+ years). Also, immobilizer defeat requires removal of the ECU. It's trivially easy to do once the ECU is removed, but that requires extended access to the car.
We're not talking about whether something can be defeated if you have the keys, a toolbox, an eeprom burner and unlimited time with the car. The root question is about whether a vehicle is hackable, potentially remotely.
The can gateway is "just another device", but it's very difficult to get it to do anything it isn't supposed to do. Yes, all the devices you care about are on the powertrain bus. But, nothing that's easily accessed (infotainment, obd port, headlight distance controls) is on that bus and none of those things can communicate directly with it.
It's exactly the same principle as having an internal network isolated from the internet. A properly configured firewall will allow proper access to inside services, but won't allow malicious activities.
In short: If you want a secure car, get something with a carburetor or buy a VW, Audi, Porsche, Seat, Skoda, Bently, Bugatti or Lamborghini.
I reverse engineer automotive software for a living and I can say without question that Volkswagen Auto Group cars are as secure as you can possibly find.
Most of the cars you hear about being "hacked" are vulnerable because of something in the infotainment system. Once an outsider has access to that, in most cars, they have access to the canbus and can do "bad" things.
Vag cars are not this way. They have multiple can buses, one for each primary function. Body control, convenience and power-train are all on separate buses. Between these buses sits a device called the "can-gateway", which is essentially a canbus firewall. No packets can move between the buses except those that are necessary to allow. A "wheels are spinning, activate ABS" message cannot originate on the convenience or body control bus.
The software for just about everything important is secured with signatures (2048 bit now). Modifying the software for these cars is extremely difficult, getting access in the first place requires enormous amounts of very skilled labor. We spend many thousands of man hours each year just keeping ahead of the security features added to the ECU engine control code (we're a performance company).
It's hard enough to modify anything on these cars when you have every tool imaginable, a seasoned veteran staff, complete access to the cars and nearly unlimited financial resources.
Don't forget that Z series is even more stupid expensive than Sun gear. I get that there's a bunch of R/D that goes into mainframes and keeping a non x86 CPU alive (Sparc/PPC/Zseries). But, if you want new things to be built for them, there has to be a reasonable level of entry for small shops.
$20k+ (Sun) or $100k+ (Zseries) is not a low enough entry level that I'd going to develop anything for it.
I'm very well versed in PPC assembly. I've found a quite wonderful niche working on automotive controllers. I also have several subordinates well versed in Tricore (Infineon automotive CPU) assembly.
Neither of those will ever make it onto any list of "popular" anything, but we all make plenty of money doing it.
As important as those two languages are to what we do, I've never hired anyone that listed either of those things on their resume. The ones that did list them specifically had at best a rudimentary understanding and little other practical background that would make them useful.
Don't learn something because you think you can make money with it. Learn something because you like it and want to use it. Then, find an employer that values your talents and willingness to learn whatever they need you to learn.
That's the best path to a good paying job.
I work on PPC systems every day. I also use several. I'd wager that you do as well.
Have cable or satellite TV? 90% chance it's using a Power cpu. Drive a car with fuel injection? 65% chance your engine is run by Power, 90% chance something in the car is (ABS, nav, transmission).
It's been around a long time (30+ years), been 64 bit much longer than x86 or ARM, has good OS support and good compilers.
I work on and like ARM as well, but if IBM can make a value proposition in China with PPC, they actually have a chance at getting some market share outside embedded.
Regarding the PCMCIA, that old laptop probably predates cardbus. So, look for one that doesn't have the gold color near the connector.
3com, Xircom and US Robotics are your best bet for ones that will have drivers available.
The first option would be a PCMCIA ethernet card. Since you have 3.11, if you install a PCMCIA nic that has windows 3.11 drivers, you can simply use windows file sharing to copy everything. There's plenty of old nics on ebay.
Second option is to use pkzip to zip up everything you want. Buy a null modem cable and transfer the zip files using x/y/zmodem. Windows 3.11 had a terminal program and the windows XP laptop will have hyper-terminal.
The second option is much slower, but null modems are easier to find than pcmcia network cards with windows 3.11 drivers.
I'm the head of software engineering at a small company and was a technical director at an MNC previously. I've hired hundreds of programmers.
I regularly hire EEs as programmers, but not for web development. Web development is mostly the bastion of very nimble, hacky types. As others have said, it's frequently more about putting together a reasonably elegant hack in a short period of time.
I hire EEs for board support and other embedded development. Those are the places where real engineering skills are the most useful. I don't want my BSP full of dirty hacks or hard to find/duplicate bugs. I want code that is planned, organized and well executed. That's exactly (in my experience), what I get from engineer coders.
The exception to my above generalization about web development is Java. Java backed websites (JSP and the like) are mostly developed by engineers and are used by large companies. If you want to maintain your engineering mindset and build websites, Java dev as a nameless drone at a big company is the way to do it.
Otherwise, I'd suggest boning up on your C and getting into embedded stuff. I personally find embedded work much more satisfying. It's also much easier to stay relevant without knowing the ins and outs of the latest NoSQL db or javascript library.
I don't work with Fords, so I can't answer your question specifically. In general, the trend in cars is to have fewer controllers and devices on the bus controlling more and more things. In the VW/Audi world, all of the "body control" stuff is handled by a single module under the dash.
At the same time, many of those modules and the wires between them are accessible easily under the hood. I can reach under a VW, remove a plastic underbody panel and get to the powertrain (most important) canbus without opening the hood. I'd come up greasy, but I could certainly do it from under the car. With a little practice, I could probably do it in under a minute.
In the VW case though, that wouldn't do any good. I couldn't start the car or unlock the doors (door locks aren't on the powertrain can and the gateway won't pass through a door unlock message originating on powertrain). I could monitor their engine/transmission/ABS though and could turn off the car, change the gears or set/adjust the cruise control once the engine was running. I might even be able to trick the ABS into thinking the car is skidding and get it to lock up the brakes (I haven't played with ABS controllers much, so I'm not 100% certain of this one),
"Does nobody do signing or encryption of signals to control systems"
VW/Audi does. The newest generation use 2048bit RSA signatures for everything. The previous generation used 1024, which is still pretty much unfactorable for a reasonable price.
But, they can't use encryption of any consequence or signing on the bus. It's all real time and needs to be that way. Would you want your airbag to wait to deploy until it had verified even a 512bit signature on the "oh crap we've been in an accident" message?
Same thing with ABS.
The only real place they can use that (and they DO use it here) is for starting. When you're starting a car, there is no imminent danger. In VW/Audi, they have the "immobilizer" system. It uses RSA again. The instrument cluster, ECU and each key have a coded serial number. Each devices holds a hashed/signed copy of the serial numbers of the other 2 and the VIN. If the 3 don't all agree, the car won't start.
There are some ways around the system, but they require opening the ECU and various other things that are quite time consuming and very obvious. Nobody has (to the best of my knowledge) beaten the immobilizer system via methods that don't require a grinder.
I work in the automotive after market (ECU tuning). I can actually back up what they're saying. Even if they did come by it via speculation, they're actually pretty much dead on.
That is primarily because the german cars use what we call a "Can Gateway" but is better of though as a firewall. Every different system in the car has it's own private canbus. Anything that needs to travel between the busses has to go through the gateway. In the case of VW/Audi vehicles, it's locked down quite well. It knows what packets belong on what bus and only allows a very limited subset of properly formatted and required packets to pass between those busses.
Vehicles that share common can without a gateway are readily exploitable. I could plug a can interface into the headlights, A/C or any other system on the global bus and lock/unlock the doors, roll the windows up/down, trigger the traction control/ABS or even start/stop the car (if it uses a push button start).
Doing those things requires access to the can wires, but the bus is used for so much now-a-days, there's always plenty of places to access it. Many of them without requiring keys or an open hood.