Here’s How People Hacked Their Way Around The Paywall The Last Time BMW Made A Basic Feature A Subscription Service

Bmw Hack Topshot

Presumably in an effort to make the 4-Series’ front end styling not the worst part of the car, BMW recently attempted to slowly and quietly roll out subscriptions for use of pre-installed hardware on Korean-market models. Come on, did corporate really think nobody would notice? Look, I’m not entirely against subscription programs for some automotive features. In-car LTE requires a data connection, as do certain advanced driver assist systems like GM’s Super Cruise. However, pre-installed hardware like heated seats and basic features like Apple CarPlay prep really shouldn’t require a data connection.

While it’s definitely possible to pony up a flat fee and have a lifetime heated seat subscription in your Korean-market BMW, the phrase “lifetime heated seat subscription” simply shouldn’t exist. Not only is paying to use an offline feature you already own completely insane, it’s also not the first time BMW has pulled something similar. Here’s what happened the last time BMW tried nickel and diming customers with subscription services.

P90458831 Highres The New Bmw M760e Xd
Photo credit: BMW

Let’s flash back to 2018, a year when we could freely blast saliva particles at each other in crowded hole-in-the-wall bars, unaware of any future sickness in store for humanity. Four whole years ago, BMW decided that it could justify making Apple CarPlay available on subscription for $80 per year. I mean come on, really? You can get CarPlay included on a $14,000 Chevrolet Spark, but apparently CarPlay was too posh for a 540i luxury sedan. Sure, a sales guy could push the narrative of updates, but basic infotainment updates were free and CarPlay-specific updates generally happen on the phone side. After all, CarPlay sucks phone batteries dry because it uses an iPhone to power an infotainment UX. Not quite as dramatic as running Doom on a Raspberry Pi, but still.

P90258097 Highres The New Bmw 2 Series
Photo credit: BMW

Of course, the $80 yearly subscription fee was short-lived. A 240-month subscription eventually became available for $300, and BMW eventually dropped extra cost CarPlay charges because of how royally pissed-off everyone was. Look, corporations are in the business of making money, and if gratuitous cyberbullying over shitty practices forces a corporation to do better, then the ends justify the means. However, by the time BMW realized its hubris couldn’t justify extra charges for CarPlay, keen owners who like CarPlay but didn’t want to pay a subscription charge could pay much less than $300 to essentially jailbreak their BMW.

Jailbreak? Like an iPhone? Well, kind of. See, BMW locked certain features by using encrypted codes known as FSC codes. The principle of an FSC code is nothing new, having been around since at least the third-generation CIC iDrive system that first debuted in 2008 on the F01 7-Series executive sedan. It’s a randomly-generated code used to activate certain features like navigation map updates and Apple CarPlay that works in tandem with options coded to a BMW’s vehicle order. However, just because something’s meant to be proprietary doesn’t mean it can’t be cracked. Ask anyone who used Redsn0w and Cydia to jailbreak their iPhone 3G.

Bmw Carplay Hack
Photo credit: eBay

Now, an FSC code might not be the only thing needed to add CarPlay to an iDrive 6-equipped BMW. See, BMW was one of the first automakers to launch wireless Apple CarPlay. It wasn’t the most reliable connection in the world, but wireless CarPlay was properly nice when it worked. To support wireless CarPlay, cars with iDrive 6 required an additional Wi-Fi antenna. If an iDrive 6-equipped BMW has option codes 6CP, 6NW, or 6WD, it won’t need the antenna, but if an antenna is necessary to retrofit CarPlay, part number 61119278133 should do the trick. It plugs into the back of an iDrive 6 unit and is a remarkably easy install.

From there, a curious owner could call up a local specialist and have them generate an FSC code, or even have a generated FSC code sent via email. If the plan is to flash the FSC code yourself, you’ll need a Windows laptop, an OBDII to ethernet cable, and possibly a USB drive depending on coding method. Now, I’d highly recommend a remote or in-person coding session, for it shouldn’t take much longer than half an hour once you have a generated FSC code and isn’t particularly expensive. Figure around $100 to $150 for lifetime activation by a professional who won’t brick your modules.

Honestly, why stop at coding in CarPlay while you’re jailbreaking your late-model BMW? There’s a whole wide world of coding options available. Do you want warning chimes from a Rolls-Royce? No legal disclaimers on start-up? A native navigation system with a British accent? Go nuts! Hell, I have a digital speedometer with proper speed correction coded into my 325i because it never gets obscured by the steering wheel no matter how wheel-in-lap my driving position is. Now I know what you’re wondering, “Thomas, will this void my warranty?” The answer is a solid perhaps. Some coding like retrofitting CarPlay shouldn’t affect a powertrain warranty but could affect other warranties. Still, most BMWs eligible for an aftermarket CarPlay retrofit are definitely out of bumper-to-bumper warranty, so this seems like a useful hack.

Will the time-honored routine of tweaking BMW software end with the new iDrive 8 infotainment system? Hopefully not. While I definitely wouldn’t be surprised if iDrive 8 uses more intense encryption than its predecessors, when a will exists, a way can often be found. I can’t wait to see how the aftermarket taps into iDrive 8, even if just to give BMW the finger for putting some features on subscription programs. In the immortal words of Harold Reginald from Spongebob Squarepants, “How many times do we have to teach you this lesson, old man?

Lead photo credit: BMW

Share on facebook
Share on whatsapp
Share on twitter
Share on linkedin
Share on reddit

59 Responses

  1. Can you get arrested for theft if you hack your subscription-based heated seats? Would the cops make your get out and then sit in your seat to heck the level of butt warmness?

    As for adding new sounds and voices to your car, I’d love it if my Mazda’s navigation system had a Red Foreman mode. “Left here, dumbass!” “I’m about to recalculate putting my foot up your ass”.

      1. Modifying things doesn’t usually void warranty unless the modification was the thing that broke it. Like those “warranty void if removed” stickers don’t actually mean anything according to the supreme court.

      1. I had a SatNav with a “mean” setting. I bought it used, and the previous owner had obviously tampered with the sound files. My previous one would say “Recalculating” when I missed a turn. This one would say “Just do what I told ya”. And “Turn fuckin right”. The first was neat, the latter got annoying the second time I heard it. But I think it got stolen. So if your used one does that, shame on you!

  2. The heck with the idea of subscribing to hardwired features like heated seats or CarPlay. It’s installed already and the user presumably paid for that hardware in the transaction with the dealer.

    Thomas, you hit the nail on the head stating why subscription services can have value. Those updates aren’t done for free and need to be supported somehow. But making everything a subscription just because it’s possible is rent-seeking pure and simple.

  3. I find the move to subscriptionize everything particularly frustrating because it misses the point.

    As recently as a few decades ago, music and movies were most frequently purchased. You’d buy a DVD or a CD — and later you’d buy a digital download of the media. Then services like Netflix and Spotify shook that up by offering an all-you-can-watch/listen subscription model, and people jumped on it.

    Many companies came to the over-simplified conclusion: “Millennials like subscription services” without bothering to understand the reason why. We don’t like subscription services simply because it’s a subscription — we like those particular subscription services because they provide added value over their purchase-based competitors. Your Netflix or Spotify subscription entitles you to new media as it’s added to the services — you’re not limited to the DVD or CD that you purchased a while back and already watched / listened to. Even software-as-a-service like what’s offered by Adobe and Microsoft rolls out new features and improvements over time. A subscription service to your car’s bun warmers offers no such possibility for new content or improvements. It’s just a heating element. There’s no appeal to paying for it as a service.

    I’m hopeful that these attempts to turn everything into a subscription fail quickly and completely, forcing companies to put more thought into their subscription offerings. That will require consumers to weigh the cost of the subscription against the other features, though. If the rest of the car is good enough, consumers will be willing to deal with the subscription fee even if they don’t like it. But if the rest of the car is comparable to other models, the inconvenience of the nickle-and-diming could push some car buyers over to competitors.

    Thinking about it further, BMW is probably in a better position than other manufacturers to sneak in subscription fees because so much of their new car “sales” are leases. The charge could easily be snuck in to the monthly lease payment, and the second owner who buys the car CPO would be the first to really feel the pain (and from the manufacturer’s perspective: who cares about them anyway?).

    1. Nailed it. This Millenial fucking hates subscription services—how many little financial leeches do I really have time to keep up with? Am I going to just forget that I’m subscribed to something, after it’s no longer useful to me? When I do go to cancel it, will it be a straightforward process or is it going to start with a password reset and snowball from there? Am I going to have to sit on hold? When I change banks or credit/debit cards, how many things are going to break because I didn’t bother updating my payment method? It’s a fucking hassle, and it’s annoying to be bled every month, or even once a year, in who knows how many places.

      I will *tolerate* a subscription if your service is worth putting up with that bullshit, and if it means I’m going to get continuous new content or substantial service improvements. That doesn’t mean I *like* them. Netflix? Spotify? The New York Times? Worth it. Heated seats, that should just be a button I press on the console? Go fuck yourself.

      1. I’m a Gen-Xer and I’ve seen the “old” and the “new”, and the worst part seems that nothing has really changed, it just takes on ever more annoying forms. With the annoyance getting faster.

        When I was a kid, interactions with companies of most sorts were fairly frustrating. The sale was super fast, but then they did their best to avoid talking to you, used bureaucracy/paperwork, and the general slowness of communication (“fill this out and mail it to us…”) to try to make you lose interest in reclaiming any money you’d given them.

        Now that communication systems are lightning fast, companies have just adapted their recalcitrance accordingly. Confusing sales models, structures designed to make you forget things, or purposefully idiotic chatbots.

        To me, the basic lesson continues to holds true – companies are not your friends (no matter how much they say they are, on media of any sort) so the proper mindset is always one of skeptical antagonism until proven otherwise.

        Not in a rude way of course (this is how the market operates, after all, and it’s better than all the known alternatives), but just with the understanding that those in positions of power can’t be counted on to have your best interests at heart. And always be extra suspicious when they claim to.

        1. I was looking at child seats yesterday and saw that Diono, which has some clever fits-3-across seats, has started flogging a $10 monthly (or $100/year) support club. With the expectation that your child is in the seat for ten years, that’s at least a grand in revenue for an extended warranty and a discount on accessories. Outrageous, but I guess I can’t blame them for trying

          1. In the motorcycle community, there’s been an uproar over the rollout of a new safety tech, airbag jackets.

            They can detect the beginnings of a crash, and poof, you become a mini stay-puft marshmallow man before you hit the ground. Cool, and a big advance in passive safety (which has heretofore been mostly non-existent on bikes).

            BUT at least one company has the airbag tech as a subscription. Yep, you buy the very pricey jacket but then have to subscribe to keep your airbag functional.

            Like you, I can understand the why, but it raises a lot of questions to put it mildly.

              1. I get the pov of the firm – it’s providing an amazing, gamechanger safety device for motorcycling, so why not? And I’m sure it’s pitched as a way to constantly update and ensure the latest/greatest functionality.

                But yeah, imagine some terrible accident where a lapsed subscriber is seriously injured b/c say he canceled his credit card and hadn’t adjusted things yet.

                I’m sure there’s a way for the firm to do the right thing (say to keep it active for a grace period with increasing reminders – maybe even visual, like blinking lights on the jacket) without losing money to people who don’t actually want to pay anymore, but it’s tricky I’m sure.

            1. I could see insurance for an item like that because if you ever have to use it replacing all those inflators could be really pricey but not a subscription service just to keep it functional. Even as insurance I might prefer to get that through the same company that insured the bike rather than the manufacturer of the jacket.

              I imagine they’re selling the jacket near cost, maybe even at or below, and counting on the subscription to make them money. I can kind of see how a subscription model could help subsidize a lower initial price but we already have loans for that sort of thing and you can shop around for the best terms on a loan. It’d be like a never ending loan with no alternative lender or refinancing.

        2. Every so often you need to take a look at who you give your money to and ask “what am I paying you for?” and “am I getting my money’s worth?” It’s why I’ve changed cell phone providers, streaming services and so forth relatively frequently. I’m also Gen-X but was among the first to cut the cord for cable in my circle of friends. Which is a long way of saying I agree with you.

          With cars, I have a hard time conceptually with subscription features if you’ve purchased the car. I mean, the heated seats are there, the hardware for all the stuff is there, but paying an ongoing fee to access it when you own the car is just outside my comfort zone. I would feel different in a lease situation, but if I bought the car…

    2. The reason Netflix and Spotify became so popular is that they offer(ed?) incredible value. For less than the price of a single DVD or CD per month you got access to _everything_.

      I don’t subscribe to streaming music so I’m not sure what the situation is there, but with the proliferation of video streaming services this is becoming less and less true. It used to be that you could get access to just about every movie or tv show being made for $20 or $30 a month. Now it’s probably over $100, and people are starting to get fed up with the subscription streaming services just like they did cable. OG Netflix was the teaser offer to get people into streaming and now the entertainment industry has collectively jacked up the price. You can still game the system by jumping between services, but most people aren’t going to bother which is exactly what these companies are counting on.

  4. I’m not sure why BMW is suddenly getting all of this shit from people. Tesla has been doing this for years with battery capacity/range. Did we expect it from Tesla and not BMW for some reason?

    1. My take has been that this kinda stuff seems particularly in conflict with BMW’s stated ethos of cars for individuals who value the vehicle experience above all. “The ultimate driving machine.”

      Tesla on the other hand basically pitches up front you’ll be a member of a utopian/borg collective that others will find admirable (or else). These after all are the vehicles where ability to drive themselves is often highlighted as one the coolest features.

      BMW’s forcing buyers to conform to it by subscribing maybe seems inauthentic with the supposed character of the BMW experience?

      1. BMW hasn’t had a whole lot of interest in being the ultimate driving machine in some time now, their new focus is selling ugly, overstyled crossover vehicles to the Red Chinese nouveau riche and leasing them to the wanna be nouveau riche in America

      1. At least Tesla, you were getting a much better product, even if you didn’t ever pay for the additional range.

        Having excess battery capacity keeps your battery in the least damaging charge state, never overly discharged and never overly charged.

        I would have gladly paid a little extra for a shorter range car that was actually a longer range model with a software lock. Especially given that you had the option to unlock the extra range at any time, permanently, by paying the difference. In this case, it really was a solution that was not just good but GREAT for the end user.

  5. Hi.
    Actual expert here.

    Aside from Apple CarPlay (which is part of the infotainment/HVACM suite – HVAC vs HVACM is a separate discussion) and adaptive high beams, you don’t need an FSC code and no amount of bogus encryption can ‘disable’ heated seats. The FSC and faux-encryption is literally nothing more than BMW using CFAA and DMCA to take away your car.
    See, technically, if you ‘jailbreak’ your BMW in the US? “OH THAT’S HACKING AND COPYRIGHT INFRINGEMENT!!!” and if they sue, you’ll end up owing them $150k (statutory amount) and potentially going to prison. The people selling FSC codes are staring down not only civil suit, but actual criminal prosecution under CFAA if BMW asks. It’s not hard for them to find a friendly prosecutor.

    But guess what? Aside from the infotainment, they can’t do shit unless they’re burning a whole shitload of chips just to be assholes. And I do mean a shitload. Automatic/Adaptive high beams, those depend on sensors and algorithms in the BCM.
    But heated fucking seats? It’s a CANbus signal. To the seat module. You literally can build a sniffer AND repeater using a $5 Raspberry Pi Pico. Well guess what? Same deal with the FSC shit, same deal with ‘rotating codes’ (good job, Honda dipshits,) same deal with so many faux-cryptographic things. It does not require anywhere near my level of knowledge or expertise to crack them.

    But again, see above re: DMCA and CFAA. Welcome to late stage capitalism, kiddos, where you don’t even remotely own the M3 you just paid $80,000 for and you absolutely never will. Pay straight cash, doesn’t matter. In the eyes of the law, the only thing you actually own is a pile of metal, foam, and stuffing which is 100% illegal for you to operate without BMW’s approval. Because every single computer module and sensor is copyrighted, trademarked, patented, and has ‘encryption.’
    The only reason things like ECU reflashes and the like are tolerated is because the manufacturers choose to and enforcement is more costly. They could go full ‘YouTube’ and afford to file injunctions, but it’s a lot of work that won’t make them money. They don’t want to sell old PCMs.

    BMW on the other hand, is showing the way things are going forward more brazenly than other manufacturers. What, you think BMW’s the only one doing that shit? Oh fuck no. Tesla’s been doing it since the Model 3 was introduced. GM went all-in on that shit when they started deploying the Bosch HMIs almost 10 years ago now – that’s why you literally cannot install an aftermarket stereo in any GM equipped with the HMI. And of course, GM very deliberately refused to update the software on the HMI’s to support CarPlay/AA. Ford has done it for a while for delivery, and is increasingly pushing cryptographic protection into modules.

    And if I was a car manufacturer who really wanted to fuck you over on this front, you know how hard it would be for me to not only make it a crime but also truly unbreakable? I literally have the parts to do it on my desk. Right now. And I even figured out how to do it without creating warranty/serviceability migraines where modules have to be re-flashed external using the VIN-specific cryptographic assets. (Lucky for you that car people do not think in the correct way to implement things like this, or nix them because of a dollar or two of additional cost. Because it really is quite trivial.) And when I say unbreakable, I very much do mean unbreakable – don’t have to be a cryptographer to implement it either.

    But – and this is very much the key point here – I don’t have to. I just have to log your car as being altered when you come in for the oil change, and that’s that. You’re in breach of the EULA you agreed to when you bought the car, which says that I can now disable your engine permanently and you have absolutely no recourse.
    Quote BMW’s own EULA:
    “In particular, licensees are prohibited from altering or copying the software (except for the purpose of
    installation in the vehicle), creating products derived from the software, transferring the software or any copy thereof to a third party or exploiting it commercially.”
    “The licensee’s right to use the software expires automatically on violation of any provisions within this Agreement. If the right of use expires, the licensee is obliged to deinstall the software from his/her vehicle.”
    Translation being: you installed a ‘tune’ on the engine control unit. The OBD-II scanner can instantly flag the ECU as modified – and no, you CANNOT hide it, no matter how much idiots insist you can. At that point, you are in breach of the license agreement and obligated to deinstall the software from the engine control unit. Which means bricking it. It does not mean ‘putting it back to stock.’ It means you are no longer legally permitted to use any of the software, period.
    If you want to sue BMW about it? See provision 7 – you’ll need to haul yourself and all your evidence to Munich and file suit there. Good luck with that.
    And you’ll find pretty much the exact same clauses excepting where you have to sue them (Ford, use ‘mandatory arbitration’ at your expense with an arbitrator they pick.) So legally if BMW wants to have the lube tech hook up a scantool that automatically bricks your car? Too bad for you. And if it bricks it on a false positive, the burden of proof is on you, and you can’t prove it without admitting to a crime. Oh, and it also voids the entire warranty because you have no legal right to any of the control software that makes the car work.

    And believe me, I know this shit. Quote myself:
    “3A: the modification of any provided software by any persons other than those designated as Authorized Persons for any purpose or reason invalidates your Right To Use the Software”
    “6B: Right To Use the covered Software shall be treated as having a perpetual term which automatically terminates upon any violation of the provisions within the Agreement.”
    “6D: upon termination of licensee’s Right To Use the software, licensee is obligated to immediately destroy all copies of the covered Software in all forms including but not limited to electronic, physical, and backups.”
    And you know what it takes for me to escalate any modification to a criminal violation of DMCA and CFAA? Literally setting a write protect PIN of ’00’ is sufficient. That’s it. Password of ‘password’? Yep, that’s ‘encrypted’ and ‘protected’ and you circumvented it.

    Know why there are no third party memory cards for the Xbox 360? Because Microsoft pushed an update to brick a third party manufacturer’s cards, then when they got sued over that, they counterclaimed DMCA violations (circumvention of protection.) Sony killed Bleem with it. Because DMCA trumps fair use. The DOJ sent people selling mod chips to prison for years even though they had no hand in developing any of the tools or software (trafficking.) Oh, you’re going to block the iDrive from calling home? That’s prison for you too – circumventing a technological measure to control access for personal gain.

    And if you think anything you or anyone else can do can stop or even slow this shit? Yeah, no. It’s already years too late. Should have been camping outside of elected officials homes back in 1997. Not that it made any difference at all. Hell, millions of dollars of lobbying didn’t stop it. So boycott all you like; there are still more than enough people who will pay for this shit, and short of a complete rewrite all copyright legislation internationally, it will still be illegal in 10, 20, 50 years time.

    So get used to this shit now. Because it’s only going to get even more pervasive from here on out. Toyota already is doing it with a fee to use remote start – not the ‘from your phone’ either, because they disable the local keyfob too if you don’t pay. BMW’s just figuring how many items and how much they can soak people for. Soon as that’s settled, everyone else will be right behind with a $5/year fee to enable your RF keyfob, $10/yr for the heated seats, and so on.

    1. I bought my car used. I didn’t “agree” to no stinkin’ EULA. It doesn’t mean I’m not subject to CFAA and DMCA (spit on the graves of the pols who passed those), but it does make it a bit better. My car doesn’t do OTA updates, but if it did and the manufacturer screwed it up thusly, I’d probably have a legal case for vandalism or some such. (May not be valid in Munich, though.)

      1. You raise an interesting point, and a legal question that is still being determined.

        Certain parts of the EULA you absolutely agreed to period, like it or not. Whether or not you’re owner 1, 2, or 23. When you press that ‘OK’ or ‘ACCEPT’ or ‘CONTINUE’ button on the infotainment? There’s some tiny fine print line or comment about ‘agreement’ before you press it, and that’s it. You have agreed to be bound by the current EULA, whatever that is.
        Fuckery abounds in droves, yes.
        The actual legal term for it is a ‘shrinkwrap contract’ or ‘clickwrap contract.’ You agreed as soon as you clicked continue.
        However, there also isn’t a solid body of litigation around these. Some have said these contracts are unenforceable, some have said that subjective consent is good enough. Netscape got deemed unenforceable because it didn’t say ‘I agree’ and didn’t even present the user with an option to read the contract. Bowers v. Baystate Technologies however, held that a “no use without agreement” contract is valid and enforceable. So long as you are made reasonably aware it exists and it requires affirmative consent, it’s a valid agreement. Period. And don’t think the Supreme Beef Gordita “justices” will not say they’re all 100% enforceable and valid if given the chance.
        But for now, it’s a ‘maybe but definitely don’t fuck around unless you wanna find out with a whole shitload of lawyers.’

        What is absolutely 100% black and white is that any reverse engineering, modification, or tampering with the software is unequivocally illegal, without exception. But to understand what this ACTUALLY means, we need to explain the difference between ‘software’ and ‘data,’ and what constitutes modifying each.
        Software executes against data. Data can be inputs from static storage, dynamic sources, or decaying radioactive isotopes if you like. (Mmm, RNG.) Data is… data. The word data is data.
        If I take a remanufactured ECU with unmodified ‘software’ and I flash a VIN onto the PROM, then I am not modifying software. I am modifying data. Same for the odometer data. Very clear and easy to understand, isn’t it? So somebody who puts new capacitors on an unmodified ECU and writes a different VIN to PROM is not breaking any laws.
        However, this is where things get complicated. In order to do this legally I need two things. One, I need unmodified software already on the ROM – I cannot legally burn my own ROM, even using an unmodified image, unless I have permission from the manufacturer. (This is also an emissions modification violation without that, by the way.) And secondly, I need clearly enunciated permission from the manufacturer to utilize both their protocol AND to un-protect the PROM. This most commonly comes in the form of subscribing to the manufacturer’s ECU technician services. If you have authorization to reprogram or install unmodified code updates, or to update or reprogram security modules, then you have clear and obvious permission to update other relevant PROMs.
        So if I subscribe to wiTECH for 3 days, for those 3 days, I am permitted to flash stock images and update VINs to my heart’s content without violating any copyright laws. I have an explicit license enumerated in the actual wiTECH agreement saying I can do exactly that and FCAtlantis can’t (not won’t, can’t) sue me for doing that. If I commit other crimes like odometer fraud, VIN fraud, reverse engineering software, selling the binary files on the Internetz, etc., then absolutely they can sue me for that. But not accessing the PCMs and flashing the PROMs.
        This seemingly minor distinction is about to matter a HELL of a lot in one sentence.
        Any modification or alteration of these software images constitutes willful copyright infringement at the minimum and if copy-protection is bypassed at any point, is willful DMCA violation. This is EXTREMELY well litigated and EXTREMELY established case law that wouldn’t even get past the most junior judge on the bench. It is literally no different from pirating a video game or an operating system. If you do not have an explicit license from the manufacturer permitting it, you also CANNOT COPY OR FLASH UNMODIFIED IMAGES. “Don’t copy that floppy” also applies to PROMs, ROMs, NVRAM, and every other storage medium.

        Now here’s where things get very complicated: those images aren’t licensed to you, the ‘owner,’ either. There is no license and there is no EULA. The software on the PCM is permanently installed, the copyright and patent licenses remain exclusively with the manufacturer, and you have no rights to copy, modify, or even read that proprietary software. Period. Doesn’t matter that you have physical possession; it’s still copyrighted and the manufacturer has not granted you any rights to the software itself. You are legally allowed to use the software as it sits on the PCM, and you are legally allowed to sell the complete PCM inclusive the software as a whole unit because of the first-use doctrine among other things.
        But selling another PCM flashed with a copy of your PCM? That’s illegal. The ‘not a car’ analog would be if you bought a copy of Armageddon on DVD, made a copy to a DVD-R or VHS, and sold that copy. We all know that’s illegal as hell. But if you had a book, and you sold that book to a stranger on the Internet, it’s legal even though you don’t own the copyright to that book. Well, same deal with the code inside the car. Regardless of where that code lives. PCM, ACM, BCM, ABS, infotainment, it’s all under the same rules. (Except open source components, but that’s a whole other licensing shitshow I am not getting into here. Seriously. It gives everyone migraines.)

        If at any point the manufacturer were to determine – at their sole discretion – that your 2003 Dodge Viper is running a counterfeit or infringing PCM? One, the burden is on you to prove that it isn’t. Ain’t that fun? Two, their remedies are pretty limited in that case. They absolutely can sue you for it, but it’s not like YouTube where any asshole can file 1,000,000 baseless claims an hour. They’d have to actually have an attorney draft a suit, file it, serve you, go to court, and so on. And you’d almost certainly lose. And be unable to pay any of the judgment.
        Well that’s not useful. So we actually had a playbook (which I’m sure has changed) for when we found counterfeit/pirated/questionable PCMs and odometer rollbacks. Which consisted of finger-wagging at the customer, warning them that the fake would do extreme damage to their car and make them infertile, and to do whatever we could to get the name and address of where they bought it from.
        Joe Customer doesn’t have $150k and $2.5M for the attorneys fees. But INTERWEBZ ODOMETER ROLLBACK EMPORIUM selling 5,000 units a week at $1k a pop? THAT’S who the manufacturers want to go after, because they have a much higher chance of having money to pay out, and they’re the ones actually committing the crimes.

        What you’re seeing with shitheads like Tesla, BMW, Toyota, etcetera is that they are seizing far, far greater control thanks to remote access and implementing much, much more expansive and even more one-sided shrinkwrap contracts. Because first-sale doctrine is what allows you to sell your car at all.
        There’s no question their intent is to erode away at that, and to keep chewing at it until they either get slapped down, or you can’t legally sell things you “own.” (Like that movie you ‘bought’ from Amazon. You can’t legally sell that.) Tesla is already heavily in on that, very aggressively retroactively deleting features from cars when they become aware of a change in ownership. Sold it used with Autopilot, they’ll go turn it off because the impossible to find software license agreement (literally impossible to get and only ever displayed one time on the car’s infotainment) says you can’t resell it even under first-sale doctrine.

        1. “When you press that ‘OK’ or ‘ACCEPT’ or ‘CONTINUE’ button on the infotainment? There’s some tiny fine print line or comment about ‘agreement’ before you press it, and that’s it. You have agreed to be bound by the current EULA, whatever that is.”

          There isn’t one of those. Seriously, go drive a BMW. There is no click-through. You don’t sign a EULA when you buy the car. There _is_ one, of course. But they don’t even bother with the charade of the click through.

          “What is absolutely 100% black and white is that any reverse engineering, modification, or tampering with the software is unequivocally illegal, without exception. ”

          This is completely wrong. It’s actually what I’ve done for a living the large portion of my career. You come into a thread like this claiming to be an expert and the spew drivel. Reverse engineering, modifying and “tampering” is generally legal except under specific circumstances regarding anti-circumvention.

          You’ve made a whole bunch of assertions about what is allowed and what isn’t that are either factually wrong, or based on assumptions that aren’t necessarily true. You don’t necessarily have to bypass ANY anti-circumvention technology in order to modify software – like ECU software. And even if you do, you definitely have NOT committed copyright infringement, and there is very little case law about whether you’ve broken anti-circumvention law. What little there is indicates that you HAVE NOT.

          “There’s no question their intent is to erode away at that, and to keep chewing at it until they either get slapped down, or you can’t legally sell things you “own.” ”

          You’re absolutely right about this part. It’s one of the few things you’ve gotten right.

    2. Correct me if I’m wrong: “I just have to log your car as being altered when you come in for the oil change, and that’s that.” but do they even have to wait? Wouldn’t these cars be able to regularly communicate to the mothership and narc on upgrades? Wasn’t that what the Subaru lawsuit in Mass. about?

      I’m on the fence about this for a few reasons; 1. is that while the subscription model is ridiculous (to us anyway) it does offer the first real a la carte optioning I have seen, options except on very high end cars are generally bundled into packages. I kinda doubt these days heated seats are separate from heated steering wheels for example. With this model the car could feasibly be optioned with only what you really want using the “lifetime” subscription. 2. this shouldn’t be surprising to anyone, DLC in video games was the first warning, DRM the second, and the two combined in a car the final one. I don’t think we do ourselves any favors as consumers. “We” drool over these features and that drives a lot of the implementation. Not to say chip and CAN bus systems wouldn’t have been in the future of cars either way, (anyone in automation knows the benefits and flexibility over discrete wiring) but driving features to touchscreens and decoupling the hardware from physical manipulation pushed it this direction. 3. I really don’t care, I’m way too cynical about all the other items added to cars in the last 20 years, to upgrade my early 2000’s cars. At the risk of sounding like a curmudgeon, I prefer to repair my cars and be free from the oversight inherent in modern cars, dagnabbit. all these computers and gizmos, I can’t tell the radio from the heater.

      1. You raise a very good question, Black_Peter. (ivan256’s shit is literally so deeply stupid I can’t even reply to nonsensical, idiotic, bullshit with zero basis in reality or fact.)

        “but do they even have to wait? Wouldn’t these cars be able to regularly communicate to the mothership and narc on upgrades? Wasn’t that what the Subaru lawsuit in Mass. about?”

        You’re half right, half wrong. The poster child for THAT shit is Tesla, who has been proven to on multiple occasions, brick cars that they detected modifications on.
        Subaru’s bullshit with Massachusetts was over their right to repair laws requiring them to also make telematics data – sensor readings, GPS, and the like – available.

        “I’m on the fence about this for a few reasons; 1. is that while the subscription model is ridiculous (to us anyway) it does offer the first real a la carte optioning I have seen, options except on very high end cars are generally bundled into packages. I kinda doubt these days heated seats are separate from heated steering wheels for example.”

        Which is what they’re hoping to mislead you on. They’re hoping you’re too blinded by the sheer volume of options, or the dearth of individual options, that you don’t realize the bullshit till it’s too late. And it doesn’t do anything like that AT ALL. You are not ‘optioning’ a car in the least. You are paying for shit that is permanently installed into the car, can and will break, and can and will require service and repair whether or not you subscribe to the feature.
        If the heated seat quits working, you may not notice it. But if the adaptive headlight sensor quits working? That’s part of the safety suite, will throw a hard MIL, and you will have no choice but to have it diagnosed and likely repaired. Even though you didn’t subscribe to it. Same for the navigation and everything else.
        This absolutely is not ‘a la carte’ options; this is ‘your car is getting saddled with a lot of low reliability, high problem rate parts which will require repair for the car to function even if you don’t use them.’
        Sure, you can go without a navigation update – until BMW decides that subscribers who didn’t buy the navigation update after 3 years have maps that are ‘too out of date’ and disable navigation completely. Sure, you can go without the adaptive headlights – till you have a headlight problem. Their fever dream is that every car will be built the exact same, you will have no choice but to pay what they demand monthly, will be impossible to sell privately due to the subscriptions and licenses, and will break frequently and catastrophically just out of warranty so you have to buy another. The only “choice” you’ll get is what color exterior and how many hundreds of dollars per month to actually use equipment physically in your possession.

        1. “(ivan256’s shit is literally so deeply stupid I can’t even reply to nonsensical, idiotic, bullshit with zero basis in reality or fact.)”

          I mean you’re the one posting as if you’re on GameFAQs circa 2005, so.

        2. Even though I immediately doubt someone who starts by saying “actual expert here” I can see how some useless dumb shit unnecessarily added to cars would cause reliability issues.

          I own a BMW E39 and in order to cut costs, all facelifted headlights had self-leveling adjusters. The problem is that halogen equipped E39s didn’t need them and BMW had the great idea of making the adjusters out of brittle, heat sensitive plastic. So you end up with projectors pointing straight down because the adjusters turned to dust in a car that didn’t need them in the first place (there isn’t even a motor in the headlight housing).

          I cannot even imagine in new cars that are orders of magnitude more complex how this things will cause headaches for owners 10-15-20 years down the line.

    3. “See, technically, if you ‘jailbreak’ your BMW in the US? “OH THAT’S HACKING AND COPYRIGHT INFRINGEMENT!!!” and if they sue, you’ll end up owing them $150k (statutory amount) and potentially going to prison.”

      This is probably not true. We may never find out because every case that doesn’t end in a settlement will be dropped the moment it looks like the company is about to lose. However any reasonable interpretation of the anti-circumvention clauses of the DMCA would not consider enabling your heated seat hardware to be a circumvention of copyrighted work. Furthermore, preventing you from enabling the seat heater is not a protection against copying. Some lawyers claim the DMCA protects works _and services_, and they’re full of shit. Services aren’t copyrightable.

      “But – and this is very much the key point here – I don’t have to. I just have to log your car as being altered when you come in for the oil change, and that’s that. You’re in breach of the EULA you agreed to when you bought the car, which says that I can now disable your engine permanently and you have absolutely no recourse.
      Quote BMW’s own EULA:
      “In particular, licensees are prohibited from altering or copying the software (except for the purpose of
      installation in the vehicle), creating products derived from the software, transferring the software or any copy thereof to a third party or exploiting it commercially.””

      AHA! “Hacking” the seat heater enabled does NOT violate that clause. Read it more carefully! The software hasn’t been altered, copied, transferred, exploited commercially, or used to create a derived product.

      The also can’t disable your engine, since that is controlled by separate software in a separate computer. I mean, _technically_ they can. But legally they cannot.

      The only way companies get away with this stuff is by ensuring it’s too expensive to exercise due process. But when you fuck over _enough_ people, it starts becoming affordable to fight that battle.

  6. Folks have already had some very productive discussion in the comments, and I don’t have much to add aside from my personal opinion on any-tangible-good-as-a-service, which is “over my dead body”.

    On a more lighthearted note, though: As a proud 2019 Chevy Spark LS owner, it makes me smile to see my favorite car mentioned on my favorite car website 🙂 I love that little thing and there’s no BMW I’d ever trade it for. (I don’t think Sparky would be too opposed to something like an E32 Alpina B12 as a garage mate, though…)

  7. This is absurd a subscription for an inductive heater that cooks your ass. I got a hack for it. You supply 12 volts to it via another means using a switch to control it, or do you need a hack code to pull extra current from the 12v power bus

  8. “lifetime heated seat subscription”

    This statement seems so unnecessary combative and anti-consumer. I don’t understand why they can’t just charge $500-1000 at purchase time. It’s the same concept.

  9. The point behind getting something like a BMW is that you get features and an experience that you can’t get in a regular/cheaper car.

    It’s one thing to charge extra for driver assist features or other advanced stuff. But it’s pathetic for them to charge extra for stuff that is included for free on basic non-luxury vehicles.

    Or maybe the message is that BMW is NOT a premium vehicle anymore?

    Would it be smart for BMW to send that message to people through actions like this?

    I doubt it is…

  10. With all the sensors and cameras installed for driver assist systems, it would save me so much effort if I could have the car profanely call out the idiots in surrounding traffic for their road stupidity.

    “Look at this f*%#ing moron on the right!”

    “Full speed ahead, dumbass! We’re all going slow because there’s a state trooper three cars ahead. Congratulations, you found him!”

    This would make traffic relaxing. I could probably move back closer to city if this were available.

  11. To make it fairly simple: Subscriptions for software services are generally OK. Like, we can live with it OK. Don’t be Dicks about it is what I’m saying.
    Subscriptions for hardware, especially hardware that’s already installed and is Right Fucking There: Not OK.

    I don’t see this model as sustainable because the heated seats and accessories have to be paid for by the manufacturer and installed (labour costs) anyway. You can’t tell me that the costs of this hasn’t already been built into the cost of the car already.

  12. So many stupid people to take advantage of so little time. Overpriced subscription service is a manufacturers best friend. First create it and overcharge. Second create a dark site offering it for a fair price that needs renewed every time the manufacturers change something. Third inform owners purchasing unauthorized software voids the warranty. Fourth let everyone purchase the unauthorized update but for any crazy reason you can void warranty and blame the bad after market software. Five correct the issue and sell a subscription for correcting the aftermarket software issues and additional fee for reinstating the warranty.
    Cmon people read a book.
    Cmon auto manufacturers I got other ideas and I need a job or a consulting gig.
    This started as an LOL but now I’m not so sure.

  13. Bloody hell, this OTA-automatic-updates thing is the worst ever. I buy a car, it works fine, two months later it updates and starts working differently- perhaps worse.

  14. 1. Technically, Cydia was an alternative App Store, not a jailbreak method/utility. While we’re at it, notice how jailbreak slowly faded away over the years as Apple opened the system up.
    2. You can’t have a subscription service if you don’t have any upkeep costs. Without them it’s more of a rip-off scheme. I totally understand charging for software updates, new maps or cellular connectivity as these cost real money to run.

    1. “I totally understand charging for software updates, new maps or cellular connectivity”
      Cellular, sure, so long as it’s not (now broken) 3G, and isn’t required to drive the car. Updates, maybe, it depends (the old software shouldn’t stop working). New maps? My Garmin gets “LM” (“Lifetime Maps”) updates without charge, at least until the updates are no longer compatible with the hardware (I did have to add an SD card recently because the update wouldn’t fit into internal memory, but that shouldn’t be a problem again since the SD card provides 8X the original memory).

  15. The seats will get hacked this way like other BMW features. However in this there will also be an additional lower tech hack called a “switch”. People will install these “switches” in the wiring harness to the seat heater to get their illicit butt warmth unbeknownst to the software.

    Enterprising “hackers” will charge many dozens of dollars for this “switch”

Leave a Reply