[ad_1]
According to ADAC, the mileage of many newly registered vehicles can still be easily manipulated. The automotive industry is not interested in a safety certification, but a legal regulation since 2017 has required the “systematic protection” of the speedometer.
An IT security function has been part of the vehicle registration process for the first time since September 2017. In practice, it has so far not played a role, as a current study by the ADAC shows. Within a few minutes, the technicians at the automobile club were able to work on the mileage with a manipulation device that was freely available. In the sample, this was achieved with a Ford Kuga from 2019, an Opel Grandland X from 2020 and a Peugeot 208 from 2019.
The Federal Ministry of Transport, together with the Federal Motor Transport Authority (KBA), wants to examine whether the EU Commission should propose an amendment to Regulation (EU) 2017/1151. The regulation does not contain any specific measures and the resulting standardized test requirements, a spokeswoman told heise online and pointed out that the vehicle network differs depending on the manufacturer in terms of structure, composition and scope of functions.
Only to the socket
With the models from Ford and Peugeot, the manipulation device, which the ADAC was allowed to use for its tests with the approval of the public prosecutor, only had to be plugged into the onboard diagnostic socket. In the case of the Opel, it was also attached to the speedometer. On the freely accessible websites of the manufacturers of the legally available tuning and manipulation devices, the ADAC found references to over 170 other models from 2019.
For the ADAC, one thing is certain: The one that has been in force since 2017 European regulation (2017/1151) Still does not work in practice. The regulation requires automobile manufacturers to “apply systematic techniques to protect against unauthorized use as well as write-protection devices that ensure the integrity of the odometer reading.”
Certification neither required nor requested
There are no certifications even four years later, although after a transition period of one year since September 2018, all new registrations of cars, mobile homes, off-road vehicles and transport vehicles up to a total mass of 3.5 tons have been recorded. Until September 2018 there was a transitional regulation that only covered a few vehicle classes. But now all cars, mobile homes as well as off-road vehicles and transport vehicles up to a total mass of 3.5 tons are recorded.
The Federal Motor Vehicle Office (KBA) made it clear at an early stage that in order to prove tamper-proof security, the manufacturers had to show how they “cryptographic tampering protection, tampering detection, the separate comparison of different control units with regard to the distance stored in different control units and the existing hardware manipulation protection, e.g. of the microcontroller ”. But the security-related design is still left to the manufacturers themselves, as the KBA does not make any specifications.
The current procedure provides that the measures specified by the respective manufacturer are checked by a named technical service and documented by means of an expert report. The KBA, as the competent approval authority in Germany, evaluates the manufacturer-specific measures when an approval is granted and, if the approval is positive, grants the approval.
ADAC: The victims are private used car buyers
Certification according to Common Criteria / ISO 15408, as required by the ADAC, is not in sight after four years. The Federal Office for Information Security (BSI) informed heise online that it was in regular contact with the ADAC and German automobile manufacturers. The possibilities of a CC certification have been shown, whereby a CC certification for the protection of the mileage is “not yet established”. The BSI also has no inspection order.
With regard to the inadequate implementation of the safety requirements, the ADAC believes that most of the victims are private used car buyers. Their damage often goes beyond the excessive purchase price, for example if an incorrect odometer reading suggests that the replacement of a vehicle part still has time. The automobile club warns that most workshops and motor vehicle experts cannot uncover a professionally carried out odometer manipulation. Repair invoices, AU and TÜV reports, but also oil change stickers or tags could, however, provide information on how plausible the displayed mileage is when buying a used car.
(anw)
.
[ad_2]
