These were replies to points made on other threads elsewhere, but I believe they apply here to, as reasoning behind Tesla not
'opening up' their cars for what some would term
'regular maintenance' by supposed
'independent shops'...
Please take a look at the 'RISK FACTORS' section of Tesla's SEC filings. One of the points they call out involves aftermarket, third party modifications to their cars. I understand it may seem rather sensationalistic to some, but Tesla must indeed 'make it difficult' for others to apply 'an aftermarket solution' for many things. Not so much those who simply want to add a handy dandy HUD, or other secondary display device, as it is to dissuade those who want to hijack every aspect of the vehicle OS both for electric 'hot rodding' as well as for nefarious purposes. Tesla must protect their intellectual property, the aspects of the vehicle that are unique to their own design process, the things that keep the cars safe. Because the reports of a fatal street racing crash on a broadcast of 'I'mWitlessNews at 10:00' won't mention at all that someone used a aftermarket mod that defeated safety systems like stability & traction control systems along with ABS when they spout their drivel about 'The DANGERS of ELECTRIC Cars!' at all. Tesla must be aware of such things at all times.
--------
I do not make this stuff up:
Any unauthorized control or manipulation of our vehicles’ systems could result in loss of confidence in us and our vehicles and harm our business.
Our vehicles contain complex information technology systems. For example, our vehicles are designed with built-in data connectivity to accept and install periodic remote updates from us to improve or update the functionality of our vehicles. We have designed, implemented and tested security measures intended to prevent unauthorized access to our information technology networks, our vehicles and their systems. However, hackers have reportedly attempted, and may attempt in the future, to gain unauthorized access to modify, alter and use such networks, vehicles and systems to gain control of, or to change, our vehicles’ functionality, user interface and performance characteristics, or to gain access to data stored in or generated by the vehicle. We encourage reporting of potential vulnerabilities in the security of our vehicles via our security vulnerability reporting policy, and we aim to remedy any reported and verified vulnerabilities. Accordingly, we have received reports of potential vulnerabilities in the past and have attempted to remedy them. However, there can be no assurance that vulnerabilities will not be identified in the future, or that our remediation efforts are or will be successful.
Any unauthorized access to or control of our vehicles or their systems or any loss of data could result in legal claims or proceedings. In addition, regardless of their veracity, reports of unauthorized access to our vehicles, their systems or data, as well as other factors that may result in the perception that our vehicles, their systems or data are capable of being “hacked,” could negatively affect our brand and harm our business, prospects, financial condition and operating results. We have been the subject of such reports in the past.
Tesla SEC Filing -- RISK FACTORS
--------
In retail, anything you do to make life easier for Customers, consequently also makes life easier for Criminals. It is a fundamental factor of Loss Prevention Services (Security) to monitor the leaks that occur as a result. There is a certain level of loss that is expected as a part of regular business. That doesn't mean you should allow your world to be overrun entirely by those who choose to take advantage. There are a multitude of reason why the phrase, "This is why we can't have nice things," was coined.
Take a look around Los Angeles. By the building codes, public places are supposed to have at least two easily accessible points of ingress/egress. It is a matter of safety, and businesses typically are not supposed to be allowed a Certificate of Occupancy if that parameter is not met. When a local fire marshal notes that an entry/exit point is blocked, or locked, or non-operational, fines and citations should be applied.
But ever since the riots of 25 years ago, that requirement has been largely ignored. In particular, new construction for grocery stores, department stores, big box stores, and particularly drug stores, may have only one point of entry/exit. Older strip malls that previously had two openings either permanently closed or blocked off the secondary entry with shelves of stock. All so that potential thieves and looters would only have one way in, and one way out. The need for loss prevention and security overwhelmed that of fire safety. Of course, this also means that if someone during a future riot were to simply start a fire that blocked that entry/exit route, everyone left inside would probably die. Oops.
Anyway, I digress... Early on, shortly after the release of the Tesla Model S, the USB ports in the center console allowed you to plug in a mouse and a keyboard to operate the MCU if you wanted to. It was quite convenient for those who didn't want to use the touchscreen for all entry of addresses or web searches. But, at some point afterward, during one of the Over-the-Air updates, the USB keyboard functionality was removed. Why? Because some USB keyboards also come with USB ports of their own. And, since the Model S used a version of Linux, certain keyboard combinations that were not possible on the MCU screen could be used to 'escape' into a command line interface if someone were clever enough to figure out how to do it. Tesla may have found, and then eliminated a potential exploit, without making it public knowledge. Thus, something that was functional and convenient for Customers, was also a gateway to Hackers and had to be done away with. Tesla wisely does not allow the use of keyboards any longer, so that no one has a way to launch their own executable files to overwrite or modify data stored in the system.
There is the outside chance, however unlikely, that if someone were allowed innocent access to data through an OBD II port, they could gain two-way access to not only READ but also WRITE data to the system. Just because something were to identify itself as a GPS system, doesn't mean it couldn't be something else instead, or in addition to that. Tesla has to take such things into consideration. This is a fundamental concept of computer security -- never trust the Client. I know it seems harsh, but thems the breaks and stuff.
--------
A $60 Gadget That Makes Car Hacking Far Easier | WIRED
--------
Please understand that aftermarket tuners make no secret of the fact that they tap into both the engine management computer and OBD II port in order to make their software hacks work on modern ICE vehicles.
This has been going on for a very long time. Because of the way the CAN bus works, once you are able to monitor the signals from one internal system to another and decode what they are saying and why, you can then intercept them and have your own computing device act as a means to spoof those signals. So, if a sensor learns that too much NOx is being produced, and tries to inform another part of the system, you can intercept that warning and report that the nominal acceptable amount of NOx is being generated instead. This is what automotive hacking is all about -- you can tell the system any lie you want with a your hand on a stack of Bibles -- or Playboys for that matter -- and it will believe you.
Tesla cannot allow anyone direct access to such systems prior to electric vehicles being ubiquitous, above reproach, and perfectly acceptable by the populace at large, in a position that no one gives credence to FUD anymore. That will take time. I imagine another 15 or 20 years or so, at least.