What would a battery swap cost?

whitex · Jan 11, 2023

OTPSkipper said:
I’m going to check this out with our security expert. This sounds like an older approach , but let me check it out.

It's an older approach than PUFs, but definitely newer, more robust than the technique you described (at least as I understood it). The problem with storing a secret hash or a symmetric key in the OTP is, as you described, that an attacker has physical access to the device which has the secret, meaning they can find a way to read it, and once they read it, they hacked the device and create their own malicious payloads. If the secret is the same across many devices, then it's a "break one, break all" scenario. With a public key approach, no secrets to break. The only way you can break it is if you manage to compromise the private key, which is very mathematically intense, and for a physical attack you'll need to break into a vault somewhere and steal the HSM. Also, latest elliptic curve crypto can be used to future-proof it.

WasserGKuehlt · Jan 11, 2023

whitex said:
It's older approach than PUFs, but definitely newer, more robust than the technique you described (at least as I understood it).

++ to what he said.
(wrote a bunch more of my own speculation, but deleted it. I'd be happy to continue this in a private conversation, if there is interest.)

andix · Jan 12, 2023

YOu don't replace the whole battery, just modules.

WasserGKuehlt · Jan 12, 2023

maximumpanda said:
I can’t help but feel like most of you are overthinking it (at least in relation to the battery).

the easier workaround is that at some point there is an analog, physical connection. as long as the new battery outputs the same current and charges from the same current (can controlled / managed by a secondary BMU) the taycan has no way of knowing that it’s no longer using The original battery.

You are assuming that "code" (in the most generic sense) runs on only one side of that physical connection. That may be the case with a pouch/inside a module, but is absolutely not above that level. Exhibit A: the published cell balancing procedure, which proves code runs inside the module.

maximumpanda said:
You might need something that sits between the two to do some translation (for instance reporting battery health from the new batteries relative to parameters of the old ones, or if new batteries have better charging characteristics, tricking the BMU into allowing more juice to flow).

Most of the speculation we indulged in earlier in this thread dealt exactly with how a man-in-the-middle attack would be prevented/defended against. That translation layer is a MITM.

maximumpanda said:
absolutely worst case, there are umpteen bypasses which could be devised once you have physical access to the system. Most of these security measures are related to avoiding a software hack remotely, all of that goes out the window once you have prolonged physical access to the device.

I'm inclined to agree, but ultimately it depends on, indeed, what the manufacturer wants to defend against. Remote hacks are easily defended; unauthorized servicing could be, too - it just carries the burden of making the right tradeoffs (do you brick the car?); trade secrets/solutions, or defending Porsche's own services against a hostile car - that's an absolute must.

whitex · Jan 12, 2023

maximumpanda said:
absolutely worst case, there are umpteen bypasses which could be devised once you have physical access to the system.

Almost anything can be hacked with physical access, no argument there. The question is always how many resources does it take. Moderately advanced solutions are purposefully designed so that the design is never "break one, break all", meaning after spending a ton of resources to hack one car, you got nothing which helps you hack the next one. To give you a simple example, each update sent to Tesla cars is uniquely signed. So even if you were to somehow break the private key on one car, it doesn't help you with the rest.

maximumpanda said:
Most of these security measures are related to avoiding a software hack remotely

I work with car manufacturers and can tell you that physical access attacks are ever increasingly making it "in scope" for security analysis, defense/mitigations. Automotive standards such as ISO21434 are also emerging and including physical access attacks in their scope.

OTPSkipper · Jan 13, 2023

@WasserGKuehlt @whitex

So it turns out we secure the firmware like @whitex said. So the hash of the public key is what is stored in Otp. It is checked against the public key that comes in the FW image. The public key is used to authenticate the FW image.

What is secure info is the chip identity. This is used to identify individual chips. But as @WasserGKuehlt said, that secret is different for each chip delivered. It is programmed during device test that is performed on each chip.

OTPSkipper · Jan 16, 2023

Here is an interesting article on 3rd party maintaince rights.
https://apple.news/AQlQsY9nbRiu_IJAk4C4hDg

Archimedes · Jan 16, 2023

Meh, battery has an eight year warranty. Who cares about replacement cost. If my car goes eight years, based on the price paid, taxes, cost of money at treasury rates, and maintenance, it’ll have cost me a little over $2k per month, which is what I’ve always said owning a Porsche costs, give or take a bit based on model variant. I’m not expecting any residual value after eight years. Anything left will be gravy.

What would a battery swap cost?

whitex

Well-Known Member

WasserGKuehlt

Well-Known Member

andix

Well-Known Member

WasserGKuehlt

Well-Known Member

whitex

Well-Known Member

OTPSkipper

Well-Known Member

OTPSkipper

Well-Known Member

Archimedes

Well-Known Member

Similar threads