They aren't actually. Which is why theives just smash your windows. In either case the alarm is going to go off so there's no advantage to them learning a complex attack on your lock cylinder when a piece of concrete will do.
Further there often were additional ignition interlock mechanisms that required the correct key code or a key with the correct additional hardware to be present for the starter cylinder to actually engage your starter.
> didn't know Hyundai owners were so entitled.
It's called a defect. It should be a recall. We have laws that cover this. They're pretty explicit. I didn't know Hyundai CORPORATION was so entitled as to think they were not subject to them.
I agree Hyundai should fix this for free (would make up a small portion of the bad PR for having this issue in the first place), but don't forced recalls usually only apply to defects that cause safety issues?
I'm not sure this would fit the definition of a product safety defect.
It's not ease, it's efficiency: opening a locked car door is 1-2 minutes for an experienced person. Smashing the window is 2 seconds (though you also need some experience, as modern car side windows are also laminated).
The lockpicking lawyer’s skillset is not what’s required for that task. 30 seconds would be an eternity for a typical thief to just be able to open a car door. Most of these thieves take maybe 15 seconds from approach to escape. Stealing a whole car is a little bit different but nobody is going to sit there with their adrenaline pumping, wearing gloves, in the middle of the night trying to pick a car door lock that won’t even disable the alarm.
As far as I'm concerned, security issues (outside of very niche situations) in a product mean that the product was defective. If you sell a defective product, you should be on the hook to correct the defect.
There’s no bright line that defines “defect” and makes this determination. What Hyundai should be considering here is whether consumers will decide that buying a car from a company that doesn’t fully own their security mistakes isn’t worth it.
I agree it's hard to draw a bright line, but I'm personally comfortable erring heavily on the side of defect for security issues.
I'd be willing to agree that certain security issues might not constitute a manufacturing or design defect. If a thought-to-be-secure encryption was cracked tomorrow, that doesn't make products using it defective at the time of manufacture.
The point is, it doesn’t matter. The only thing that matters is how consumers feel about whether the company’s reaction makes them feel like they want to trust that company with their next purchase.
This isn't about normal wear-and-tear but a fundamental security design flaw that allows thieves to steal these cars with a $25 device exploiting the CAN bus - more akin to GM shipping cars with a master key hidden under the floor mat than a pickable lock.
Claiming it is a "security design flaw" is absurd paranoia, the same paranoia that causes manufacturers to destroy the aftermarket and fight right-to-repair in their quest for "security".
Except even more egregious, because if your GM car had a master key under the floor mat, you could just remove it yourself and throw it down a handy storm sewer.
I think your take makes more sense in a world where you actually own the car fully and have the freedom to do what you want with it. Even if someone was able to write this patch themselves without the source code, distributing it would require owners to root their devices, which isn't legal in all jurisdictions.
You don't expect Microsoft or Adobe to issue fixes any time someone finds a remote exploit that let's attackers gain control of you system though security issue in their software? I 100% expect this of my software vendors even for this purchase in the past. The expectations for software and hardware are certainly very different, but even for hardware we have laws that force companies to fix their hardware in some situations.
In the automotive industry, pretty much the whole point of standards like cybersecurity (ISO21434) and functional safety (ISO26262) is to let the manufacturer claim in court that they followed “modern best practices” and therefore are not liable when something goes wrong.
If security flaw is so egregious as to warrant a patch, then the patch should be considered to be a fix of a defective product and free.
If the situation doesn't rise to that level of severity, then it follows that a patch isn't necessary.
If GM were to offer lock cylinder replacements because their original cylinders were so flawed as to warrant them, then yes the cylinder replacements should be free. The sold product was not as described.
If the original cylinders aren't so flawed as to warrant a replacement, then no cylinder replacement would be offered.
Are GM cylinder replacements being offered? If not, then your analogy isn't analogous.
>Other manufacturers treat defects in their products by doing a recall and wearing the costs of their mistake.
No.
Other manufacturers treat defects with recalls after analyzing the fiscal prospect of doing so, and determining whether or not state/regional laws require them to do it.
Here's one of the "not that wrong" scenes from Fight Club to better explain[0].
Well if your car had a seat belt defect and people were dying you know they absolutely would recall the car and pay for the defect.
The defect that allows the car to be stolen in seconds is absolutely a serious problem. I hope Hyundai changes course and decides to provide it for free. We have already seen reports of the trend where people were stealing Hyundai/Kia vehicles and going on joy rides driving extremely dangerously. This has lead to deaths in several instances. So they have a flaw that has lead to people dying. IANAL but I would say leaving this flaw unpatched may even leave them liable if anyone else were to be hurt. As a recent example of something similar is the Sig Sauer P320. They are in the middle of fighting some lawsuits over their faulty product. So it would not be a far stretch if Hyundai/Kia were held responsible for a know flaw in their product.
Anyways it is just my opinion that they should just eat the cost to provide this for free as a show of standing behind their product. Just seems like such bad PR to now make people pay.
It seems like you don't like Hyundai. What's childish is your resort to ad hominem because you disagree.
It's not free labor anymore than the car was free. It's a fix of product that was defective off of the line. The necessity of the fix being evidence of the defect.
Car buyers are not automotive cybersecurity engineers, and they can never be expected to be. Caveat Emptor is a hilarious remark for this situation.
Is it a defect if it required the development of an adversarial tool / exploit which previously did not exist? If the roof leaked when it's raining it's a defect because rain existed before. But this exploit didn't exist before.
Sure, that could be a decent legal regime. The first step to enabling it would be releasing the source code and system documentation for the product they've sold, so that it's even possible for anyone else besides themselves to fix it. Until then it's a black box the company has chosen to retain responsibility for. And frankly regulators should be making sure they support the 20-40 years of useful life we generally expect from automobiles.
I'm not talking about individuals' expectations for how long they personally will use a given vehicle, but rather societal expectations for how long a given vehicle will live across all tiers of the market. The cell phone made-to-be-ewaste model shouldn't be allowed to infect capital assets costing 100x as much.
No. Humans age in a way that cars don't, so "that logic" would not attempt to apply the same curve to humans.
If you're done nitpicking, you're welcome to explain your number better. You forgot to say how to apply "4.5%". I'm sure an exponential fit has issues, but a linear fit would be much worse, and anything fancy needs more data points.
That's why I gave a range. That average stat actually seems to line up with the low end of that range, and since every car isn't scrapped at the same age it's going to be a distribution. There are not many cars from 1985 on the road today, but there sure are some. And since we're talking software which doesn't actually degrade, it shouldn't be the thing limiting the overall lifetime.
