Mercedes locks faster acceleration behind a yearly $1,200 subscription - The Verge

[WasserGKuehlt]

The article is saying $1200 for a 20-24% increase in output (I assume power) and a reduction of 0.8-0.9 sec in 0-60.
(snip)

Smaller/newer companies will also have a harder time with this subscription model, at least from my view. What happens if they don’t make it? What happens to the option on the car then? Maybe less of an issue for established brands like BMW or Mercedes, but maybe a concern for ones like Rivian, Lucid, or Karma.

(Analogies are hard.) This may become moot, as EU clearly doesn't like MB's plan: https://www.motor1.com/news/623570/mercedes-subscription-more-power-legal-hurdles-europe/

Re smaller companies: indeed, you kinda have to be around to collect 'rent'. It is, for sure, not that user friendly, but the subscription model presents significant challenges for the producer as well, and I could see this becoming yet one more disadvantage/hurdle for a young company. Beyond the non-trivial aspect of exactly how the feature is locked, maintaining a subscription is a constant cost and an absolute pain for new development. It really is the same difference as between shrink-wrapped software and services. You can deprecate a shipped/frozen product (whether it's a car or an app), but can't really deprecate a service.

 

[whitex]

Locked batteries are probably one of the few “locked” features I would complain about because now you’re carrying extra weight with no benefit. I’d just prefer a smaller battery vs a bigger battery that’s locked.

There are extra benefits - you can charge to 100% with no degradation, lower degradation over time (since each charge-discharge cycle counts only as less than a full cycle on a bigger battery, 100% power draw is not actually 100% power draw therefore less damaging to the battery - like de-rated engines in aviation), ability to unlock the range cheaper than trading in a car to get a new one, and in case of Tesla, they would unlock them for free in case of emergencies like the hurricanes.

I suspect given the choice of regular battery or software locked performance battery for the same price, you'd be in the minority choosing the standard battery. Notice that people actually pay thousands for bigger batteries on EV's, even though they never use the additional range (they pay up front for the option to use it, vs. pay only if you need it - either way you carry extra weight), so they'd probably gladly take it for free.

 

[Jhenson29]

I suspect given the choice of regular battery or software locked performance battery for the same price, you'd be in the minority choosing the standard battery.

I maintain my position. ?

 

[whitex]

Doesn’t seem like an apples to apples comparison to me.

The article is saying $1200 for a 20-24% increase in output (I assume power) and a reduction of 0.8-0.9 sec in 0-60.

This is about the difference between a CT4 and CT4S which carries an MSRP difference If around $15k. That may include other additional or different standard options also (I don’t know as I have no interest in the CT and don’t feel like comparing them item by item).

Additionally, buying the option comes with value that can be sold later.

Smaller/newer companies will also have a harder time with this subscription model, at least from my view. What happens if they don’t make it? What happens to the option on the car then? Maybe less of an issue for established brands like BMW or Mercedes, but maybe a concern for ones like Rivian, Lucid, or Karma.

I think companies just need to find a way to market it right considering human psychology. Perhaps sell an "upgrade ready trim" for $100 which will get you a car with locked options, vs. $100 lower priced car with none of them. If such option was offered on a Taycan, I bet most people would buy it (I know, you are not most people in this case ). I also suspect such upgradable cars would much have higher resale value offset than $100. Porsche could even regulate with allocations, giving more upgrade ready allocations for example than not. Maybe the price would needs to be a little higher so people value it enough so they are happy they own "upgradable" car vs. the "non-upgradable".

 

[whitex]

I maintain my position. ?

Hence you wouldn't drive a GTS, extra weight of the Turbo motors with only a fraction of performance unlocked.

 

[Jhenson29]

I think companies just need to find a way to market it right considering human psychology.

I think you’re focusing too much on whether or not there’s an issue with it and existing. I don’t generally mind features existing and being locked behind a price. I don’t mind a subscription model being an option of someone for someone to choose. What if I don’t like is a subscription being the only option when there no other on-going services provided.

The exception being, as previously stated, features that have a non-negligible negative impact on the car, like larger battery that’s locked away.

Hence you wouldn't drive a GTS, extra weight of the Turbo motors with only a fraction of performance unlocked.

I’m expressing preferences, not stating outright what I would or wouldn’t do.

But TBH, I would just get a Turbo. I’ve never even considered the GTS. Seems too in between in the Taycan range for me. No offense to anyone who has one.

The GTS in the 911 range makes more sense to me.

 

[bluegrassvroom]

I hope tuners and hackers can hack the hell out of these features - and turn them on for people for a one time $250 fee, or something like that

if you have heated seats - that are disabled - there's a few ways to enable them
1) pay the silly monthly fee (can you pick what months you want them? i'll take them Nov-Feb, please)

2) have a hacked system where they are enabled through the console manager

3) have a hard-wired 'hacked' system where maybe there's a physical toggle switch that turns them on and off. That way you're not hacking the control center. But perhaps one control/signal wire is disconnected (the one heading to the seats to turn it on when you hit the button in the console after you've paid) - the power wire is separate, no way they're sending that kind of power through the console, and your installer/hacker runs a new wire with a toggle switch into where the old smarter on/off wire was originally located. that way, your seat heater (which is always 'plugged in") gets it's ON signal, and the console/system manager doesn't realize that the seat heaters are in fact on

who would do this? I wouldn't think twice about it (I wouldn't think twice about NOT doing it [???]). ESPECIALLY after the warranty was over. i'm not a fan of owning something and not having full access to it's features. I also don't subscribe to the "ok, you can beam satellite/internet/etc signals through by house, through my body, but it's illegal for me to descramble/decrypt them?"

yes, the extra five degrees of rear axle steering is obviously more software than this, but wherever there are limits, there will be people out there trying to break them and get around them

i also think it's sad. i think people should vote with their wallets. But if Porsche, BMW, and Mercedes all do it - are you really going to drive a Honda to prove a point?

on the other hand, if you're on a budget, and can get into your Mercedes/BMw/Porsche at a lower price, then free up money later, why not spend a few extra bucks a year/month with features on your car you haven't been using

i do agree with what someone else earlier said - as long as i can buy these features (say $3000 upfront versus $1200/yr) then i don't have a problem. I just don't want to buy a $100k car and then have 5 options i'm paying an extra $8,000 a year for on top of the car's initial price

 

[WasserGKuehlt]

I hope tuners and hackers can hack the hell out of these features - and turn them on for people for a one time $250 fee, or something like that

I get the sentiment, and yes, this would be an amusing development to follow.

if you have heated seats - that are disabled - there's a few ways to enable them

3) have a hard-wired 'hacked' system where maybe there's a physical toggle switch that turns them on and off. That way you're not hacking the control center. But perhaps one control/signal wire is disconnected (the one heading to the seats to turn it on when you hit the button in the console after you've paid) - the power wire is separate, no way they're sending that kind of power through the console, and your installer/hacker runs a new wire with a toggle switch into where the old smarter on/off wire was originally located. that way, your seat heater (which is always 'plugged in") gets it's ON signal, and the console/system manager doesn't realize that the seat heaters are in fact on

I didn't fully get all of that, but it would be extremely disappointing (and even gross) if it were that simple. I mean, yes, there is a physical connection somewhere, and you can run your own/new circuit directly from the battery (the 12v one, not the other, high voltage one, as um.. that may lead to.. nvm, bad visual) to the heating element, through a dumb/manual/physical rocker switch.

But if I were employed in the industry, tasked with this feature, and have a modicum of competence, I think task #1 would be ensuring system integrity (including detection of breaches). Naively, to draw from the battery you'd need to go through a handshake, where each consuming system is known to and (vouched for by) the trust authority of the car. Note the 12v battery comes with its own chipset, and it'd be pretty easy to detect 'unauthenticated' (as in unexplained) draw - anything that's not mediated (and so which can be measured) is effectively bypassing the protocol, and something like a seat hear would draw quite a bit of power. It wouldn't be inconceivable to say that's grounds for bricking the car. (Safely, of course.)

I should also add that the example we've beaten here to several deaths - that of heated seats - is a BMW thing, and maybe Bavarian hubris runs deeper/stronger than the Swabian kind. Maybe they do think their solution is infallible, but I'd be _really_ cross with Porsche if I found out a 'h4x0r' with a $600 tool can unlock 200hp without a factory authorization code. In fact, you know what, I'd be really cross if the configuration is _not_ immutable, and one can turn a GTS into a turbo with just a bit of firmware work.

i'm not a fan of owning something and not having full access to it's features. I also don't subscribe to the "ok, you can beam satellite/internet/etc signals through by house, through my body, but it's illegal for me to descramble/decrypt them?"

Are you saying you'd be ok with me decrypting your texts/messages or otherwise rummaging through your wifi from the street?

on the other hand, if you're on a budget, and can get into your Mercedes/BMw/Porsche at a lower price, then free up money later, why not spend a few extra bucks a year/month with features on your car you haven't been using

i do agree with what someone else earlier said - as long as i can buy these features (say $3000 upfront versus $1200/yr) then i don't have a problem. I just don't want to buy a $100k car and then have 5 options i'm paying an extra $8,000 a year for on top of the car's initial price

What bugs me is that most people (here and elsewhere) don't have a problem spending heaps of money on paint, wheels, purely-cosmetic options and so on, but bristle at being charged "per use" - and an amount trivially small compared to the cost of aforementioned options. (I do realize they may not be the same people, but work with me here.) The industry clearly needs to find a different way to present "subscription"-based features, but I wished people would have a bit more self-awareness regarding the concepts of "value" or "fair".

 

[whitex]

What bugs me is that most people (here and elsewhere) don't have a problem spending heaps of money on paint, wheels, purely-cosmetic options and so on, but bristle at being charged "per use" - and an amount trivially small compared to the cost of aforementioned options. (I do realize they may not be the same people, but work with me here.) The industry clearly needs to find a different way to present "subscription"-based features, but I wished people would have a bit more self-awareness regarding the concepts of "value" or "fair".

Porsche charges $19,200 more for Turbo vs. GTS, which gets you 21% more power, so similar to Mercedes. I also find it interesting that some people here have no problem with it, but would have a big problem if Porsche allowed you to unlock 21% more power for $1,200 a year. Quick math, even at 0% interest, that's 16 years break even. With today's 7% interest it's over 20 years break even. Most cars don't live that long and even if they do, the lose engine power after two decade so probably not worth paying for it anyways (or the manufacturer may just unlock if for free if you paid for it for two decades).

I'd be really cross if the configuration is _not_ immutable, and one can turn a GTS into a turbo with just a bit of firmware work.

While I fully understand your sentiment, I would not be at all surprised if the only difference between a GTS an Turbo was software. While traditional automakers have a lot of experience making cars, their software skills are very much behind the rest of the software industry. Tesla is probably a leader at this, and even their software can be hacked (I've personally done it), though over time getting increasingly harder as they lock more things down. The rest of the industry is way behind Tesla on this, and their engineers actually fight security because it makes things much harder on them (to code, understand, and then test and certify). Medical industry has been going through similar adventures, for example there are still people out there walking around with heart pacer/defibrillators which can be hacked from 100 feet away with any laptop and $30 worth hardware. Hacking in this case can mean downloading patient's data (yes, it's stored in there, including social security number!), or killing the patient by disabling the defib function and enabling a test mode designed to stop the heart to test the defib (typically used while the patient is on the operating table but with defib function enabled - in at least one make of those can be enabled any time via wireless serial port connection, no authentication, and with defib function disabled). People don't realize that security holes are real threats, as cars become more and more capable, including ability to drive on their own or at least overwrite the driver, they really should be very locked down to avoid bad actors doing bad things. Imagine someone hacks a brand of a car, runs a script one night, causes all cars of a particular brand to floor the accelerator at the same time, or maybe send code which turns pedestrian avoidance systems into pedestrian targeting systems, maybe even one particular pedestrian using face recognition. I invite folks to check out the now infamous Jeep hack:

Note that back then (2015) the cars were less capable than now. Today such a hack could do even more damage (think any self driving features, even self parking), for example steering control/actuation can no longer be hardware locked to low speeds (like it was in that Jeep) because computers steer on highways now.

 

[WasserGKuehlt]

While I fully understand your sentiment, I would not be at all surprised if the only difference between a GTS an Turbo was software. While traditional automakers have a lot of experience making cars, their software skills are very much behind the rest of the software industry. Tesla is probably a leader at this, and even their software can be hacked (I've personally done it), though over time getting increasingly harder as they lock more things down. The rest of the industry is way behind Tesla on this, and their engineers actually fight security because it makes things much harder on them (to code, understand, and then test and certify).

(for context, I work in security, for one of the top 2 cloud providers) Security is in general a brake/friction, irrespective of industry. I mostly agree with you on the "skill level" (whatever that is) between pure-software companies and auto manufacturers - though to be sure it's really just a matter of specialization. I would not, for instance, discount the robustness of software operating a car's key systems. Where I would disagree with you, though, is - paradoxically - on security . The mantra of traditional software on computing devices is that you can't defend against physical access to the device; some notable exceptions are anti-piracy measures and the like, and in those cases you have the safety net of a backend service/assumption of connectivity. (That is, you can simply say "feature x is not usable unless we can verify your rights".) Not so with cars - you really can't assume that a user with possession is automatically an "admin" not worth defending against. I don't mean that (necessarily) in the sense of considering the user as a hostile entity, but more in the sense of defending the user from their own actions - which may brick the car, cause an accident or other hazards. You can't take the stance that a car's various critical systems can only function if that backend connectivity works, or the last sync was less than x days ago. The car must continue to operate - safely - in far harsher conditions than you'd put a normal device through (I'm thinking more x-ray radiation or lightning bolt strike, and less rain/dust).

So I would very much expect that these "locked" features have a really tight defense, and rely heavily on hardcoding of behavior to one-off, burnt-in keys or other hardware measurements. Having said that, as you pointed out, security is a pain for development & testing, and as a consequence it's often undone by compromises made (knowingly or not) in the name of "shipping the feature".

 

[whitex]

(for context, I work in security, for one of the top 2 cloud providers) Security is in general a brake/friction, irrespective of industry. I mostly agree with you on the "skill level" (whatever that is) between pure-software companies and auto manufacturers - though to be sure it's really just a matter of specialization. I would not, for instance, discount the robustness of software operating a car's key systems. Where I would disagree with you, though, is - paradoxically - on security . The mantra of traditional software on computing devices is that you can't defend against physical access to the device; some notable exceptions are anti-piracy measures and the like, and in those cases you have the safety net of a backend service/assumption of connectivity. (That is, you can simply say "feature x is not usable unless we can verify your rights".) Not so with cars - you really can't assume that a user with possession is automatically an "admin" not worth defending against. I don't mean that (necessarily) in the sense of considering the user as a hostile entity, but more in the sense of defending the user from their own actions - which may brick the car, cause an accident or other hazards. You can't take the stance that a car's various critical systems can only function if that backend connectivity works, or the last sync was less than x days ago. The car must continue to operate - safely - in far harsher conditions than you'd put a normal device through (I'm thinking more x-ray radiation or lightning bolt strike, and less rain/dust).

So I would very much expect that these "locked" features have a really tight defense, and rely heavily on hardcoding of behavior to one-off, burnt-in keys or other hardware measurements. Having said that, as you pointed out, security is a pain for development & testing, and as a consequence it's often undone by compromises made (knowingly or not) in the name of "shipping the feature".

I also work in security but on the embedded side, including automotive. You'd be surprised how often physical access attacks get pushed out of scope because of difficulties securing against it, especially for non-safety-critical things like feature enablement (e.g. ability to enable a paid feature by simply pulling out a circuit board, getting access to the onboard flash, and changing a few bits). That was actually one way to root a Tesla until recently, simply by modifying an onboard filesystem via direct emmc access (different ways of obtaining it, brute force was to just desolder the chip and put it in an off the shelf reader connected to a linux PC) - the filesystem was not crypto-protected against offline updates (again, until fairly recently). You want to know about a company that really knows what they are doing in terms of security and protecting features? Check out Nintendo. Not unhackable (nothing is), but orders of magnitude harder core security than any car (checkout what it took to hack the original Switch for example - the details are public today).

Furthermore, auto manufacturers have legacy issues to deal with, like the fact that garages need to be able to reflash firmwares using CAN/UDS based programmers and diagnostics tools which often require direct access to firmware storage. Sure, you can try add layers to protect each firmware with crypto at boot (not always supported on all ECU's either) but almost no way to prevent a mix and match situation (flashing different firmwares on different ECU's resulting in a combination which was never meant to be flashed together, e.g. hald ECU's flashed with last year's update another half with today's update). I've seen a few users here report having the uPdate on their Taycans which unintentionally left their cars partially updated - the fact that this is even possible is a security hole in itself! I used to have a cell phone which would give me free unlimited tethering data access, if I simply mismatched the baseband firmware and modem firmware in a specific way - it screwed up the reporting of data usage to the carrier so it always showed 0 data used.

Another legacy issue auto-manufacturers have to deal with is old, insecure buses, such as CAN. If for example power to the motors is sent via CAN, you can build a man-in-the-middle device which changes the power levels to allow you to get more power than the ECU controlling it sends out (e.g. check out the Model 3 performance enablement without hacking the actual software: https://www.vehiclesuggest.com/secr...performance-of-tesla-explore-locked-features/).

Then there is implementation, legacy automotive engineers are often not hardened security experts. I've seen some implementations which raise by eyebrows. Here is one you'll enjoy:
https://www.schneier.com/blog/archives/2022/08/hyundai-uses-example-keys-for-encryption-system.html

 

[f1eng]

I suspect given the choice of regular battery or software locked performance battery for the same price, you'd be in the minority choosing the standard battery.

I would be in that minority too.
Anything to reduce weight is attractive to me.

I keep reading car enthusiasts convincing themselves more weight on an already heavy car is of little consequence, so I am sure you are correct for most customers, but whilst more power can compensate for extra weight in acceleration more weight is bad for cornering, braking, tyre wear and range.

Being in the majority doesn’t necessarily mean being right

 

[whitex]

I would be in that minority too.
Anything to reduce weight is attractive to me.

I keep reading car enthusiasts convincing themselves more weight on an already heavy car is of little consequence, so I am sure you are correct for most customers, but whilst more power can compensate for extra weight in acceleration more weight is bad for cornering, braking, tyre wear and range.

Being in the majority doesn’t necessarily mean being right

Absolutely true, but if you are in marketing, you want to target the majority.

 

[WasserGKuehlt]

Furthermore, auto manufacturers have legacy issues to deal with, like the fact that garages need to be able to reflash firmwares using CAN based programmers and diagnostics tools which often require direct access to firmware storage. Sure, you can try add layers to protect each firmware with crypto at boot (not always supported on all ECU's either) but almost no way to prevent a mix and match situation

Tesla is definitely a different kind of "special", but based on my (anecdotal) experience the established manufacturers are a bit more rigorous than this. Anything that isn't standard OBDII API/protocol requires one-time authentication/authorization - per session. A couple of years ago it was so bad that a single US company serviced all authorization requests for service departments across the nation: you plug in a diag tool, the car issues an authentication challenge, which then must be authorized by a well-known authority. It's not hard, it's pretty robust and very disruptive to the actual servicing aspect. I'd say definitely beyond the capabilities of a DIYer with a soldering gun trying to unlock seat heating (or moar powerr). I've no doubt there are bad examples out there or abuses (e.g.: the odo rollback on Ferraris - fun reading).

 

[whitex]

Tesla is definitely a different kind of "special", but based on my (anecdotal) experience the established manufacturers are a bit more rigorous than this.

Rigorous in terms of process yes. That doesn't always translate into a more secure design, as sometimes it becomes all about checkmarks, for example: "encryption -> check, we have it, but the process says nothing about key management, revocations, etc, so the implementation can leave a lot of holes, such as the Hyundai example I linked above.

A couple of years ago it was so bad that a single US company serviced all authorization requests for service departments across the nation: you plug in a diag tool, the car issues an authentication challenge, which then must be authorized by a well-known authority.

Which car manufacturer(s) required this centralized authentication of diagnostics tools for each use (to satisfy the challenge from a car)?