They're swapping out hardware, which is why they're asking money for this to compensate the labor costs. Not saying this justifies it, but the title is misleading.
It doesn't matter. If a customer buys faulty hardware, it's the seller's responsibility to replace it with working hardware. If the breaks had a manufacturing defect, you wouldn't expect the customer to pay for the replacement.
I've been holding my breath ever since spectre/meltdown for a free cpu upgrade to make up for the slower performance that the mitigations cause.
It's intel's bug, they promised a certain processor speed, shouldn't it be their responsibility to replace it since their own security oversight resulted in the hardware not working as advertised?
Did you expect the same from intel/amd when those bugs came out? Is it different from this situation?
What if, the software is significantly more robust than Dodge Chevy Honda or Kia. But! Check this out what if you were offered an additional layer of security? You can choose it or not. It's an option. I didn't see these being easier to steal than a car using a canbus.... If it is. Sure free upgrade. But if this is improving a system that is already less vulnerable than 50% of vehicles. I can see why they'd charge.
Maybe you live in a country where car thieves hack into cars left and right. Maybe you live in a country where thieves just tow your car in the middle of the day and don't care about your locks at all. Do you expect car maker to ship you free fixes against every scenario? Security is a spectrum. Make your police better if you don't like it.
Swapping software, pentesting, testing, QA, CI/CD pipelines, image caches aren't free either. Can we then start making more money as software developers to patch CVEs? We clearly should consider holding ourselves to a lower standard. Your requests are getting 5xx errors? Pay me more to fix it, not my problem that your requests is failing.
> Pay me more to fix it, not my problem that your requests is failing.
If you are employed in a position where there is a defect in the product then you are already being paid. Imagine going to a restaurant and you get an uncooked frozen steak, and when you tell the waiter they tell you that since the cook will need to spend more time on it you now have to pay extra.
I want a dumb EV. No infotainment system. Just speakers and a way to plug my device into them. Anything critical to the car should be completely air gapped and require an absolute minimum amount of software, preferably zero.
Agreed. I'd actually like to buy an EV, but so far there are no candidates which meet my minimum requirements, which are pretty much what you said + serviceable by any mechanic with aftermarket parts + using Na-ion, not Li-ion batteries. And it shouldn't be super ugly like most new cars are today (e.g. Rivian, VW ID Buzz).
Though I'm pretty sure you can't even legally make such a car anymore, at least in Europe, where certain "smart" features are required for new cars. Perhaps a manufacturer of such an EV could put all of that into one box which the user can simply pull out and discard.
We have a Volkswagen e-Up, it's basically that. Analog cluster, a very small radio screen that also displays the world's smallest reverse camera view, and a dashboard mount for your phone. It's a fantastic little car, I honestly like it more than our 400bhp Volvo XC60.
The e-Up is great, but there is still the remote control modem installed by default that lets Volkswagen « Cloud » and the app control the car remotely, and get data such as the GPS location of the car.
Yeah I’ve seen these posted here previously! Probably the most appealing new car to me at the moment. Hopefully they take off and we can get them outside the US
That’s illegal in the EU, 911 eCall requires an always-on cellular connection with an attached device that records your location. Would you please think of the children?
This is a violation of UN regulation 155/156 where the vendor must provide free fixes and updates in case of safety or cybersecurity violations.
I'm mentioning this specifically because the CAN bus is involved, which is mandatory to be safety conform and has to be ASIL-C/D conform. If you cannot guarantee that, you will lose the license.
Without conformance to UN Regulation 155/156, the car manufacturer might lose its license for the underlying car platform (not only the downstreamed models), meaning refunding/damages need to be paid for all buyers of cars of that platform.
So chances are this can be fought in court, and Hyundai probably has to offer free replacement of that defective part.
The vast majority of countries have into their laws that road vehicles must adhere to UN vehicle regulations. That's how enforcement happens - by whatever regulatory authority of the country the vehicle is to be used in. Canada and the US are among the exceptions in that they have their own standards.
If the ignition and door locks in your vehicle were mistakenly designed in such a way that they are trivially shimmed or could be operated by any key it seems absurd to suggest the customer should pay you to replace these mechanisms with ones that are properly secured. This seems roughly analogous to that situation at least to my understanding.
The story has a bad spin yes. But it’s just as much of a controversy if they had require people themselves pay the cost if they found out the cars where shipped with defective breaks. It’s a product error not wear and tear or user error, they should eat the costs, but the cybersecurity framing of it is being used to attempt to push the cost to the consumer.
> in 2023 over the “Kia Boyz” attacks that allowed thieves to bypass a vehicle’s security system using a USB cable.
The USB cable happened to have the right size to engage the starter mechanism. Any physical object with similar dimensions could have been used. It really undercuts how absolutely terrible the Kia security design was around that component.
The Kia Boys stuff, child labor, and ICCU failures weren't enough? The Ioniq 5 absolutely looks like a compelling car but from my POV Hyundai seems hell bent on snatching defeat from the jaws of victory.
I don't know about the Hyundai Ioniq, but the Kia Niro has no way to permanently disable keyless entry, which would be the obvious, super easy s/w fix. You can disable it each time you lock your car by holding extra buttons on the fob for a few secs, but it's auto re-enabled next time you unlock. It's everything you need to know before you make your smart decision not to buy a Kia. Cheap(er) for a reason.
But looks from their point of view. It's the most stolen car in the UK. The brand doesn't seem to be suffering much. Having terrible security just helps sales!
We are not scared of regulation in the UK. And this car has existed, in the UK, with this flaw, for over 6 years. Quite clearly nobody is interested in doing either of those things you suggest.
Plus the UK is about to reintroduce financial incentives for private EV purchase, they want to push sales, not clamp down on crap products.
Also be aware that homologation means there is no one-sized-fits-all, canonical vehicle for all markets but many variations for different markets with variations in security and safety features. Some markets get proper security measures while others get screwed.
Do you mean the button on the door handler or the button on the key fob? The former is their keyless entry and is vulnerable to attack. I was under the impression all Ioniq 5s had this feature, but obviously I defer to your experience.
Readit News
It's intel's bug, they promised a certain processor speed, shouldn't it be their responsibility to replace it since their own security oversight resulted in the hardware not working as advertised?
Did you expect the same from intel/amd when those bugs came out? Is it different from this situation?
Following the same logic: old phones, even iphones can be hacked. Should manufacturers replace the hardware?
Maybe you live in a country where car thieves hack into cars left and right. Maybe you live in a country where thieves just tow your car in the middle of the day and don't care about your locks at all. Do you expect car maker to ship you free fixes against every scenario? Security is a spectrum. Make your police better if you don't like it.
/controversial opinion
But yeah, “patch” usually implies software vs. hardware.
Either way, agree with other comments that Hyundai should just eat the costs if it prevents theft due to an exploit.
Having said that, given what the car costs, the fee doesn’t seem completely unreasonable.
If you are employed in a position where there is a defect in the product then you are already being paid. Imagine going to a restaurant and you get an uncooked frozen steak, and when you tell the waiter they tell you that since the cook will need to spend more time on it you now have to pay extra.
Deleted Comment
Though I'm pretty sure you can't even legally make such a car anymore, at least in Europe, where certain "smart" features are required for new cars. Perhaps a manufacturer of such an EV could put all of that into one box which the user can simply pull out and discard.
https://www.slate.auto/en
See also ‘smart’ tvs vs digital signage displays aka dumb tvs.
[0] https://www.slate.auto/en
Anyway, that is not what majority want to buy. Even more, a car is not what majority want to buy in the USA. SUV/trucks are desirable.
I'm mentioning this specifically because the CAN bus is involved, which is mandatory to be safety conform and has to be ASIL-C/D conform. If you cannot guarantee that, you will lose the license.
Without conformance to UN Regulation 155/156, the car manufacturer might lose its license for the underlying car platform (not only the downstreamed models), meaning refunding/damages need to be paid for all buyers of cars of that platform.
So chances are this can be fought in court, and Hyundai probably has to offer free replacement of that defective part.
https://www.theverge.com/news/757205/hyundai-ioniq-5-securit...
> in 2023 over the “Kia Boyz” attacks that allowed thieves to bypass a vehicle’s security system using a USB cable.
The USB cable happened to have the right size to engage the starter mechanism. Any physical object with similar dimensions could have been used. It really undercuts how absolutely terrible the Kia security design was around that component.
More work for the thieves, but hardly a fix to inspire confidence.
https://www.rtl-sdr.com/flipperzero-darkweb-firmware-bypasse...
The flipper firmware is only about six months old, and it is still not as convenient and distributed.
The actual firmware exploit is the same idea.
But looks from their point of view. It's the most stolen car in the UK. The brand doesn't seem to be suffering much. Having terrible security just helps sales!
Until it’s banned by regulators or made uninsurable…
Plus the UK is about to reintroduce financial incentives for private EV purchase, they want to push sales, not clamp down on crap products.