China will remove its tariffs on Canadian agriculture — including on canola products — if Canada scraps its levies on Chinese electric vehicles, that country’s ambassador says.
If Chinese manufactures can exceed Canadian standards, provide spare parts for a minimum of 10 years from the date of manufacture, provide a minimum of 10 years of software support/updates, AND allow all software to be audited for both safe function and security. Then sure. Bring on the cheap EVs.
(But not even our current domestically produced vehicles meet those requirements)
It’s a serious security hole cause the software can be updated through network, the version gets audit and all the follow up update can be good, but the moment it needs to go rogue you just need 1 malicious update to have serious and wide spread harm/attack on a button.
IMO for any vehicles to allow over the network update is beyond stupid. (yes, that includes Tesla.)
There are a few good defcon talks where it has been shown that the engine control and body control can be accessed and modified via the “infotainment” system (the one I saw specifically was Jeeps).
Once you’re inside a car that’s on, there really isn’t any security*. The OBD2 port that every remotely modern car has is perfectly capable of accessing all the diagnostics and data streams the car has, and can also control/reconfigure the various computers.
IMO that doesn’t really matter, since the system isn’t powered until the key is in the ignition and the car turned on. You can’t do anything with the key off, and if your passenger wanted to sabotage the car, they’d just yank the wheel as you drive down the highway.
That said, yes OTA updates are a travesty. Specifically because cars have so little security, having any access to their computers from the outside is a massive risk… And if there’s a potential that the country the manufacturer is in turns hostile, that risk certainly isn’t reduced.
* A handful of manufacturers have “added” security to their systems by… (drumroll pls) restricting access to the systems and requiring a subscription for full access. That’s fucking evil and doesn’t even do anything (at least for a mechanic or tinkerer like me) since you can just google “FCA bypass cable” and skip right past the firewall.
Modern cars expose the engine/body control CAN bus through the fucking headlights. You don’t need to be in the car and it doesn’t need to be on for you to have the same or more access than the OBDII port.
It doesn’t matter what the country of origin is, someone is gonna find a way to break OTA updates, gain access via exposed wireless networks or just pop off a CAN bus controlled light and plug in. How long before someone pushes a malicious update that causes the ABS to disable or degrade braking to near 0%, or just throw the electronic power steering full left whenever the speed exceeds 101km/h?
It’s in dodge vehicles now, the other manufactures will follow soon. It saves a fuck ton of wising when you only need to run a single power wire and data bus to each light cluster instead of power for high beams, low beams, fog lights, indicators and vanity wank lights.
Yes, but it is a different CAN bus than anything critical to the operation of the powertrain. A typical BMW will have five or six different, and completely separate, CAN bus.
But that would be silly, because the easiest way to kill someone without consequence is to get behind the wheel and run them over. People could also be putting bombs in product boxes and poison in medicine. A coherent society doesn’t have these problems.
The issues is they are artificially cheap, which undercuts Canada’s auto component industry from serving as an EV hub.
The Chinese government paid for production and have lots (as in sites) of cars that are unsold. They offered huge discounts to unload last years production. Since there were laws about discounting new cars, they moved them (paperwork wise) through shell type arrangements to make them appear as used cars (with less than 5km on the odometer etc).
That stuff undercuts any means of US and Canada EVs being viable.
Get a grip. So, assuming you realize that you just admitted Canada has a double standard for banning subsidized electric vehicles, why not force the US to offer you a better deal? Tesla has no issue operating in China. Where is your spine?
If Chinese manufactures can exceed Canadian standards, provide spare parts for a minimum of 10 years from the date of manufacture, provide a minimum of 10 years of software support/updates, AND allow all software to be audited for both safe function and security. Then sure. Bring on the cheap EVs.
(But not even our current domestically produced vehicles meet those requirements)
It’s a serious security hole cause the software can be updated through network, the version gets audit and all the follow up update can be good, but the moment it needs to go rogue you just need 1 malicious update to have serious and wide spread harm/attack on a button.
IMO for any vehicles to allow over the network update is beyond stupid. (yes, that includes Tesla.)
Hey kinda like the F-35
It’s fine though when the Americans do it do is.
Carney is still buying those lemons the US Navy rejected. I guess elbows out means buying overpriced junk while cutting all services.
“how do I hold all these” meme but instead of his arms it’s just elbows
There are a few good defcon talks where it has been shown that the engine control and body control can be accessed and modified via the “infotainment” system (the one I saw specifically was Jeeps).
This happened for real at the weekend:
https://arstechnica.com/cars/2025/10/software-update-bricks-some-jeep-4xe-hybrids-over-the-weekend/
shocked_kirk.gif
Once you’re inside a car that’s on, there really isn’t any security*. The OBD2 port that every remotely modern car has is perfectly capable of accessing all the diagnostics and data streams the car has, and can also control/reconfigure the various computers.
IMO that doesn’t really matter, since the system isn’t powered until the key is in the ignition and the car turned on. You can’t do anything with the key off, and if your passenger wanted to sabotage the car, they’d just yank the wheel as you drive down the highway.
That said, yes OTA updates are a travesty. Specifically because cars have so little security, having any access to their computers from the outside is a massive risk… And if there’s a potential that the country the manufacturer is in turns hostile, that risk certainly isn’t reduced.
* A handful of manufacturers have “added” security to their systems by… (drumroll pls) restricting access to the systems and requiring a subscription for full access. That’s fucking evil and doesn’t even do anything (at least for a mechanic or tinkerer like me) since you can just google “FCA bypass cable” and skip right past the firewall.
Modern cars expose the engine/body control CAN bus through the fucking headlights. You don’t need to be in the car and it doesn’t need to be on for you to have the same or more access than the OBDII port.
It doesn’t matter what the country of origin is, someone is gonna find a way to break OTA updates, gain access via exposed wireless networks or just pop off a CAN bus controlled light and plug in. How long before someone pushes a malicious update that causes the ABS to disable or degrade braking to near 0%, or just throw the electronic power steering full left whenever the speed exceeds 101km/h?
Only Toyota was dumb enough to have a CAN bus run to the headlights. Edit: and use the same bus the keyless system runs on.
It’s in dodge vehicles now, the other manufactures will follow soon. It saves a fuck ton of wising when you only need to run a single power wire and data bus to each light cluster instead of power for high beams, low beams, fog lights, indicators and vanity wank lights.
Yes, but it is a different CAN bus than anything critical to the operation of the powertrain. A typical BMW will have five or six different, and completely separate, CAN bus.
And bmw makes up 3% of the north american market. The big players will continue to cut corners and crank out cars with minimal or non-existant security. Not that it matters, manufactures are bricking their own products: https://www.thestack.technology/jeep-software-update-bricks-vehicles-leaves-owners-stranded/
But that would be silly, because the easiest way to kill someone without consequence is to get behind the wheel and run them over. People could also be putting bombs in product boxes and poison in medicine. A coherent society doesn’t have these problems.
Forgot about wanacrypt, stuxnet or the Ashley Madison breach? indiscriminate harm is the norm not the exception.
The issues is they are artificially cheap, which undercuts Canada’s auto component industry from serving as an EV hub.
The Chinese government paid for production and have lots (as in sites) of cars that are unsold. They offered huge discounts to unload last years production. Since there were laws about discounting new cars, they moved them (paperwork wise) through shell type arrangements to make them appear as used cars (with less than 5km on the odometer etc).
That stuff undercuts any means of US and Canada EVs being viable.
Question, would you say that Teslas are artificially cheap?
Tesla has government assistance programs in US and Canada, but $35000 Tesla does not compete with $14000 Chinese car
Is that a yes or no?
Bye troll
Get a grip. So, assuming you realize that you just admitted Canada has a double standard for banning subsidized electric vehicles, why not force the US to offer you a better deal? Tesla has no issue operating in China. Where is your spine?