Soup it up with a tweak or two (Image: Scott Eells/Bloomberg/Getty)

MIRROR, signal, manoeuvre – now set your engine to “supercar”. Car maker Ford has just released OpenXC – an open-source hardware and software toolkit that will let the hacker community play around with the computer systems that run modern cars. While the first apps may add nothing more exciting than internet radio, the open nature of the system should eventually lead to custom apps that give drivers far more control over their car’s performance.

Most cars are now run by computers that control everything from the engine to the incline of the seats but, until now, the driver has used only the data on speed, engine revs and fuel level. OpenXC will “demystify the details” of a car’s software, says K. Venkatesh Prasad of Ford Research and Innovation in Dearborn, Michigan. A driver will be able to download approved apps from a Ford store onto their smartphone that can then communicate with a car’s computer system.

Such apps may harness some underused parts of a car. For example, if a car with a weather app told the vehicles behind them when its wipers were on, drivers further down the road would have advance warning of rain. No weather satellite can give precise details about the specific road you’re on, says Prasad. “All of a sudden you’ve given new life to wiper blades.”


When a car with a weather app has wipers on, drivers further down the road would be warned of rain

If you want to know how your engine is running, apps could display fuel pressure or the boost pressure of a turbo injection. With access to such parameters, apps could let drivers tweak their car’s performance. While manufacturers tend to balance their cars between economy and performance, software could push it to one extreme or the other, giving the car owner a more efficient or faster vehicle than the one they bought.

It is unlikely that Ford would approve these kinds of apps – they might not be safe – and so car hackers might try to get around security measures. There are ways to do this that open up a car like a jailbroken iPhone. “Gone are the days when you have to connect wires together, you’re now just talking to a computer,” says Jay Abbott of Advanced Security Consulting in Peterborough, UK.

Abbott is a cybersecurity expert and car-modding enthusiast who enjoys tweaking a car’s performance by customising its software. Most microcontrollers in modern cars use a protocol known as a CAN bus to communicate. Since this protocol is well understood, encryption can be bypassed with off-the-shelf tools such as a CAN bus analyser, commonly used to check your car’s software for bugs.

In theory, OpenXC can work with any make of car that supports those standards – Toyota, Nissan and Honda have already expressed an interest. It will be up to individual manufacturers to provide access to the bespoke parts of their system. General Motors also announced a similar initiative at the Consumer Electronics Show in Las Vegas earlier this month, which will open up their cars to third-party app developers.

Sharing diagnostic data would also let manufacturers keep tabs on how their vehicles run once they are out of the showroom. “No question, we can learn from that,” says Prasad.

Hobbyists have been tinkering with car software for a number of years, says Abbott, but customised apps should take off with the release of these platforms. “Ford stepping in and opening up to a mass market is great,” he says. “It will promote a new generation of innovation.”

A carjacker’s dream come true? Ford’s decision to open up car software to third party developers with OpenXC will give drivers more information about their vehicle – but it also raises security issues. An app that controls a car’s locking system, for example, might give thieves a new way to break in. It might also be possible to hijack sensor readings and give drivers false information about their speed. Ultimately, it will come down to a trade-off, says security specialist Ben Laurie at Google. “There are things you can do to increase security of the platform, but it is fundamentally impossible to make it both safe and maximally useful,” he says. Ford agrees security issues exist, but says OpenXC doesn’t introduce a new threat.