Code Breakers: How Access to Mysterious Repair Data Can Help (and Hurt) You

Jim Motavalli

Jim Motavalli | May 22, 2013

You’re happily driving down the road and suddenly the car stops, coughing and spluttering. You open the hood, but the last time you could make any sense of what’s going on under there was back in high school. What happened to the carburetor, anyway?

This OBD-II connector yields diagnostic computer code to sophisticated $25,000 to $50,000 automotive analyzers.
This OBD-II connector yields diagnostic computer code to sophisticated $25,000 to $50,000 automotive analyzers.

Well, the chances are your local independent garage may not know what’s going on either, because they don’t have access to the safety bulletins, recall information and computer codes that the dealer-connected service departments get. Fixing cars these days means plugging them into a machine that spits out a code that’s probably not going to mean anything to you.

There are whole websites designed to decrypt these Onboard Diagnostic (OBD-II) trouble codes, but in general you’re on your own and sometimes your neighborhood mechanic is, too. Obviously, there’s a big advantage to carmakers if they hold the keys to the repair kingdom.

But not anymore, at least for Bay State residents. In November, Massachusetts approved the first-in-the-nation Right to Repair referendum, which requires that all repair information be made available to all consumers and repair shops, not just dealers. Advocates say it will save consumers an average of $300 to $500 per visit. The referendum will have to be reconciled with a compromise bill that passed the legislature last summer. The ballot initiative requires a universal system by 2015; but the legislation—heavily favored by automakers and their lobbyists—gave them until 2018.

Automakers are none too keen on the law, because they say all the relevant repair data is already being made public. According to the Massachusetts Auto Coalition, which is affiliated with the national Auto Alliance trade group, "Massachusetts consumers know they can already get their cars serviced and repaired wherever they like. They don’t need an unnecessary law to prove that. Instead, passage of this initiative could actually complicate the system in place today, limiting repair choice, threatening vehicle security and safety, forcing the costly redesign of automobiles, and harming consumers."

Yeah, yeah, yeah. Personally, I’m all for the law, which has a basic element of fairness to it. But there’s an interesting wrinkle—some people think it will make it easier to steal your car. Think about it—the codes are the keys to the kingdom to control your vehicle, open it up and start it up, too. According to Extreme Tech, A transmitter can send thousands of door-unlock codes to a car and if there’s no ‘excessive-tries’ lockout, the door can eventually be opened. Videos show a diagnostics reader pulling ignition key codes from the on-board diagnostics connector and being programmed into a smart key chip that starts the car.” Eek!

Stealing a car is now much more sophisticated than the old screwdriver in the window gambit.
Stealing a car is now much more sophisticated than the old screwdriver in the window gambit.

Soccer star David Beckham’s BMW X5 was stolen in Madrid by this kind of crook, using some sophisticated software, and it ended up in Macedonia being driven by a government minister. Thieves got away with his other X5, too.

The danger, critics say, is that the bad guys will be able to bust the security around microprocessor-equipped smart keys, automaker alarm systems and engine-start buttons. According to Gizmodo, “By specializing, it’s possible for…gangs to guess, through sheer trial and error, the electronic antitheft codes found in keyless entry fobs. Another possibility, one that’s more likely, is that they already know the vendor’s proprietary code algorithm (it was either stolen, purchased, or provided by an insider or someone within a dealership).”

A Johns Hopkins computer professor, Aviel D. Rubin, heard about this and, having some time on his hands, had a gaggle of graduate students work on the RFID-based computer code in new car keys. It took them only three months with an antenna-equipped laptop and some software to, at least theoretically, steal a bunch of cars. “It was a trial-and-error process,” Rubin told NBC News. “We wanted to see if it could be broken and found out that it could. We were surprised.”

I see the problem easily enough, but folks, these gangs are already operating and stealing cars long before any state law is operating. The auto thieves, particularly in Europe, have the key information already. And if that prof could do it, anybody with a modicum of knowledge is going to bust in. Computer and software companies don’t give away their proprietary code, but hackers get in anyway.

The lines of data that need to be public don’t have to have anything to do with ignition keys—it’s just the basic information about what’s wrong with the car. Think of your mechanic like a doctor whose patient has four wheels—don’t you want him or her to have all the facts? You bet it’s a safety issue, because a badly performing car is a menace on the highway.  

My guess is that the Massachusetts law is just the first of many. In reality, we need federal legislation that would ensure code information is available nationally. Knowledge is power!

Get the Car Talk Newsletter

Got a question about your car?

Ask Someone Who Owns One