The cyber-secure vehicle is here. Fiat Chrysler Automobiles (FCA) introduced the Secure Gateway Module into roughly half of their 2018 product line and nearly 90 percent of their 2019 vehicles. The Secure Gateway Module, which FCA refers to as the SGW, is essentially a firewall providing moderated access to the in-vehicle network diagnostic services. The gateway will ensure that the tool and user are authenticated (known) and authorized to perform certain levels of communication with the vehicle.
Prior to 2018, access to FCA diagnostic services was unregulated and open to anyone who obtained the knowledge to do so.
With current concerns about vehicle cyber security highlighted by a very public 2015 hacking of a Jeep, and a subsequent expose on 60 Minutes by DARPA, NHTSA has emphasized that the industry must find ways to prevent unauthorized access to the in-vehicle network that could potentially provide the ability to remotely control certain vehicle functions (acceleration, braking, steering, etc.) FCA’s answer to this concern is to introduce this SGW firewall to control access to certain functions, either through the diagnostic connector or the infotainment system in the vehicle.
So what does this mean to you as a technician? As of today, if you are trying to perform any routine diagnostics on vehicles with the SGW, you will need to have the FCA dealer tool, wiTECH2 and a license with FCA, along with a live internet connection to the FCA server.
In the near future, FCA is planning to initiate a process that will allow certain aftermarket scan tools to be able to unlock the SGW as well. This process will introduce a bridge server that will manage the connections from aftermarket scan tools and their respective manufacturer’s server and the FCA server that will provide the unlock keys.
But what will this entail?
- The scan tool manufacturer must be a licensee of FCA’s scan tool data.
- The scan tool must be capable of connecting to the tool’s manufacturer server to be able to request and receive the unlock key from FCA.
- A live internet connection must be maintained to the tool as it is connected to the vehicle in order to complete the unlock process of the SGW for that particular diagnostic session.
- If the diagnostic session is terminated or dropped, the full process must be repeated.
- The user of the tool and shop owner/administrator must register and provide a credit card to the FCA facilitator and pay a yearly fee.
- Every tool that needs access to unlock keys will have to be registered with FCA.
There are many concerns about this process.
- How can I diagnose a vehicle where I cannot get a solid internet connection?
- Are the scan tools I have capable of this online procedure?
- Who is in control of my information, including credit card info?
- Can I be turned down by FCA and not allowed to work on their vehicles?
But the larger underlying issue is that FCA will not be the only car company introducing security methods for in-vehicle networks. It is assumed that all vehicle manufacturers will soon introduce enhanced security measures and, unfortunately, that they are all unilaterally developing unique non-standardized solutions that will wreak havoc for aftermarket scan tool manufacturers and their customers in repair facilities.
With no coordination or standardization, it will become nearly impossible for aftermarket repair facilities to use traditional all-makes scan tool solutions.
The Auto Care Association, The Equipment and Tool Institute and other aftermarket stakeholders have been encouraging auto manufacturers to develop a standardized process for repairers to safely and securely access vehicles for repair and maintenance.