Mechanic's Viral TikTok Highlights Right To Repair Issues With Newer Car Models

Parks Kugle reports via the Daily Dot: A mechanic went viral when he posted a TikTok about technicians being locked out of computer systems in a new Dodge Ram. TikTok user Shorty of Shorty's Speed Shop (@shortysspeedshop) garnered over 301,000 views when he showed viewers what mechanics had to do to be able to repair newer car models. "It has officially happened. 2024 Ram 3500, authorization denied," Shorty said as he showed viewers the computer screen. "Cannot get into anything on this except generic OBD2 Software."

Shorty went on to explain that this update made his "manufacturer software 100 percent irrelevant." Then, Shorty showed viewers the Vehicle Security Professional (VSP) Registry on the National Automaker Service Task Force (NASTF) website. According to NASTF, automakers require mechanics to become credentialed VSPs if they want to purchase key and immobilizer codes, PIN numbers, and special tool access from Automaker websites. A VSP is required to "verify proof of ownership/authority prior to performing any security operation." "It's all part of the NASTF Security Professional Registery," Shorty explained.

Shorty believes that this rule allows manufacturers to lock mechanics out of anything they "deem security sensitive." Shorty then broke down the "requirements to gain VSP access." According to him, these include a $325 fee "every two years" and a $100 fee for every subsequent two-year license renewal. He says mechanics also need "commercial liability insurance of $1 million" and a "fidelity or employee dishonesty bond of $100,000." The VSP application page on NASTF's website confirms that there is a $100 Application Fee that covers a "Two Year Renewal" and a $325 Primary Account fee that covers a "Two Year License." It also confirms his claims about the required commercial liability insurance and fidelity or employee dishonesty bond. "There's a lot of people that don't know that this is going on, and it's going to affect everybody getting their cars fixed," Shorty remarked.

Damned if they do, damned if they don't

[taustin]

Automakers have been catching hell for years about how easy their computerized cars can be hacked. Now they're catching hell for making them harder to hack.

Either mechanics have to jump through hoops to work on a car, or hacker's don't. There really isn't an in between.

Re:Damned if they do, damned if they don't

[sjames]

They could do something sensible like giving the OWNER of the vehicle the master key and let them decide who should be granted access. Presumably that would be a short list that includes their mechanic. There really *IS* an in-between.

The certified out the wazoo people would only be needed if the owner managed to lose their master key (or died and nobody knew where it was). That well certified person could then use the sooper sekret OEM access to generate a new master key.

BTW, that master key would also be a suitable introducer for replacing parts including adding a new key or fob.

Re: Damned if they do, damned if they don't

[wgoodman]

Dear old person, I'm emailing from your car's manufacturer. There is a severe defect in your car and we need your master key or you might DIE....

What could possibly go wrong?

Re: Damned if they do, damned if they don't

[sjames]

Dear young person, the key is a physical key. You'll have to tell me where to take the car to have the recall serviced. I'll bring the key...

Re:

[Calydor]

This is the problem with young people never actually getting to own anything. They have no concept of actually holding a physical item in their hands and that item being the only item of its kind.

Re:

[thegarbz]

the key is a physical key

It is also worth pointing out that this applies also to fancy wireless doobyhickies. I can unlock my car with my phone. I can drive my car with my phone. But *I can't pair a new key* with my phone. For that the software still requires the original physical keys.

Re:

[sjames]

Yes. I would even consider making the master key unable to actually start the car just so people won't use it daily. Ideally, people have a fire safe for important papers and will put the master key to their car there.

As for diagnostics, either the master or a valid ignition key present should enable diagnostics but only the master should enable pairing. That will clearly prevent tapping into the CAN bus or wireless being used to steal the car.

If they ACTUALLY want to put a serious crimp in criminal activit

Re:

[smbell]

The master key doesn't even need to be a key. It would probably be better as an OBD2 plug.

Make the master key an OBD2 plug. You plug it in, authorize on the touchscreen/radio, then you have X amount of time before the auth times out. You could even implement 2FA with that. Need the plug, plus a pin.

Re:Damned if they do, damned if they don't

[rsilvergun]

If you want that you're going to have to pass laws and you're going to have to vote for politicians who staff the courts with appointees they aren't just going to strike down the laws those politicians pass. You're also going to have to pay attention during primary elections.

And finally in most importantly you're going to have to stop getting distracted by moral panics like violent video games, dungeons and dragons, heavy metal music and yes DEI (previously known as woke, previously known as political correctness) and trans kids.

If you want positive economic change in your life that has a material impact You've got to do all those things and you've got to get your friends, family and neighbors to do all those things.

That's going to be tough because just by mentioning them in this comment I have triggered half a slashdot.

Re:

[spitzak]

Before "woke" there was "SJW". "Politically correct" was before that.

Re:

[mjwx]

Before "woke" there was "SJW". "Politically correct" was before that.

The reason why no-one uses "SJW" and "political correctness gone mad" any more is that these terms were so overused and incorrectly used that they lost their original meanings and just became a term for "something I don't like, but can't argue against without being the arsehole". The incorrect and overuse became so much that when people used these terms people just rolled their eyes and ignored you.

And now that "woke" has followd the same fate, there will be a new term that sounds scary but really just m

Re:Damned if they do, damned if they don't

[sjames]

Funny how you identified the DNC as not morally panicked, not anti LGBTQ, not afraid of metal and D&D, etc without rsilvergun mentioning a party at all.

Re:

[pixelpusher220]

"half a slashdot"

I wasn't aware this website came in such denominations ;-)

Re:

[SlydogSZ]

Have they not taught you in your companies re-education camp that the word master is no longer acceptable to be used as it is triggering for some? -50DKP for you

Re:

[Gievers]

Sorry. That is bullshit. The question is whether reading out the error messages should already be blocked. A layman therefore has no chance of determining whether there is a serious problem.

I am not aware of anything like this in Europe. As far as I understand, the workshop only has to provide proof when replacing the engine control unit.

Re:

[ceoyoyo]

The summary mentions the credentials are required for work on the immobilizer and keys. It seems like a pretty bad idea to let Joe whoever order replacement keys for any vehicle they feel like, or to swap immobilizers.

Re: Damned if they do, damned if they don't

[Fons_de_spons]

Hear hear, in this case it may make sense to put up all the boundaries and be overprotective. The fees seem reasonable. They could have done a lot worse.

Re:

[YetAnotherDrew]

Automaker apologetics. I'm afraid nobody's interested in that.

Everything car companies do it profit-driven. So far, profits haven't taken a real hit from badly designed security boundaries. That means that aspect of cars sucks.

Security Theater for greed

[Anonymous Coward]

The problem here is security theater is being used as a competitive moat.

Not a single thing here can be proven as a real security issue. versus the company simply not wanting people to have the right to repair.

don't the dealer ships also need to pay the same f

[Joe_Dragon]

don't the dealer ships also need to pay the same fees?

Re: don't the dealer ships also need to pay the sa

[GruntboyX]

On paper yes⦠but there are other incentive kick backs that I am sure wash it all out

Re:don't the dealer ships also need to pay the sam

[rsilvergun]

Dealerships are basically a license to print money. The fees are good for them because it deters small shops they would otherwise have to compete with.

Re:

[Darinbob]

Part of the existence of dealships comes from manufacturers not being allowed to sell directly in most US states. They're supposed to be independent from each other, by law. If they've got a cosy relationship behind the curtain that sounds like they're cheating a bit. Of course, these days they try to get around some of this, especially newcomers like Tesla who don't have dealerships but instead "showrooms". But regardless, in theory the dealships should not be allowed any extra favors for repair than a

Re:

[VertosCay]

Dealerships are basically a license to print money. The fees are good for them because it deters small shops they would otherwise have to compete with.

Man I hate it when I agree with you, makes me feel all dirty inside.

So, we’re talking

[hdyoung]

A license fee of about 200 bucks a year and around a million dollars in insurance?

That doesn’t seem unreasonable to me. A modern mechanic can access all the systems in the car and has god-like powers over the security and safety features.

Re:

[Anonymous Coward]

You missed the part where they have to pony up a $100,000 bond before they can even dip their toes in the pool.

Re:

[hdyoung]

Generally, there are plenty of banks that will lend the bond money to a trained tradesman looking to put out his shingle. Usually at a fairly reasonable rate. The mechanic doesn’t need 100k of hard cash to start. Banks are nearly always on the lookout for solid places to invest their capital. They’re gonna look way more favorably on someone like a qualified mechanic over some random tech bro trying to startup the most recent version of a crypto-rugpull.

Re:

[tlhIngan]

A license fee of about 200 bucks a year and around a million dollars in insurance?

That doesnâ(TM)t seem unreasonable to me. A modern mechanic can access all the systems in the car and has god-like powers over the security and safety features./blockquote

Yeah, it makes sense because you're getting tools that can hack into basically any of that make. I mean, things like make new keys and such should be plainly obvious - if you can figure out the key code and get yourself a new key, a rogue employee can tu

Re: So, we’re talking

[GruntboyX]

The 100,000 bond is where I draw the line. The bigger issue is that this was supposed to be for security items like door locks.. not the entire ECU. I suspect Ram just has pretty terrible ecu firmware and they could t isolate the not critical parts from critical. So they just said itâ(TM)s all critical and loook at that dealership engagement increased . Winâ¦win

Re: So, we’re talking

[rayzat]

A $100k fidelity bond is like $200/year.

It basically kills small mechanics

[rsilvergun]

The kind of guys who work out of their trucks until they can afford a place. Every independent mechanic I know got their start that way. Meaning that all anyone has to do is wait a few years for the existing shop owners to retire and that's the end of that. Remember it's not just one fee it's one fee per car manufacturer. If you're trying to get a small business off the ground that can quickly crush you, which is the point

But it's not a car

[Tablizer]

...it's an OS with wheels.

Re: But it's not a car

[GruntboyX]

Itâ(TM)s a tablet with wheels and climate controlâ¦

Re: But it's not a car

[Fons_de_spons]

And an arduino to control the blinkers, windshield wipers,...

Why Buy a New Car?

[organgtool]

I have absolutely zero interest in getting a new car. There hasn't been a single feature in a new car that I care about but there have been a TON of anti-features. I don't care about your fancy infotainment center or your half-baked self-driving solution. I DO care about the fact that cars are being built in ways that make them almost impossible to repair body damage (unibody designs), almost impossible to repair mechanically (parts that require digital pairing before they will work), and parts that are impossible to get outside of the manufacturer (batteries of electric cars) which allows them to charge whatever they want for those parts. On top of that, the car will lose a huge chunk of its value as soon as I sign the paperwork, it will likely gather data about me and sell it to numerous data brokers, it will probably update its software without my knowledge or permission, it may require subscriptions for desired features, and its always-connected network is probably not secure and could leave me vulnerable to hacks. I guess enough people don't care about these things, so the car manufacturers can get away with it, but from my perspective they can keep their new cars.

Re:Why Buy a New Car?

[Khyber]

"safety with every car generation improves"

Yes and no. Sure, newer cars might be safer in accidents with other newer cars, but those older heavier vehicles will usually demonstrate that physics wins every single time.

Re:Why Buy a New Car?

[Darinbob]

Safe? If they kill someone in the car they hit, they are NOT safe. Except in America where it's assumed that your own safety is of paramount concern and therefore you must have a vehicle that can mow down a parade without causing the driver to have a scratch on the knee. The small cars are not deathtraps, instead the massive trucks and SUVs are deathmakers. The highway should not be where an arms race takes place.

And to be fair, the big massive vehicles are not necessarily safe just because they're big. They can hit the concrete device just as easily as a small car, and if it's a 40 year old truck it's not going to have a lot of safety features.

Re:

[thegarbz]

but those older heavier vehicles will usually demonstrate that physics wins every single time.

They do not. Old heavy cars are notoriously unsafe. Also you're begging the question saying older cars are heavier than newer cars. That's some quite strong mental gymnastics in a world where Fox and Friends are complaining that these fangled new cars will cause our bridges to collapse because of how heavy they are getting.

Your post is not only wrong, it's not even relevant.

Re:

[pixelpusher220]

Older cars *are* demonstrably less safe. A car without ABS, a car without airbags, a car without seatbelts are all very much less safe than modern cars.

the weight issue is just that physics does win in spite of safety systems. It's why they don't crash test cars at 100mph (highway closing speed). At that point, safety is beyond economic and usability.

Same with a Hummer hitting a Corolla. Physics is going to win.

Newer cars are generally heavier, mostly because newer 'cars' are now SUVs so the average is

Re:

[thegarbz]

Same with a Hummer hitting a Corolla. Physics is going to win.

And if a Hummer hits a 1966 Corolla E10 every single person in that car is dead. If a Hummer hits a 2018 E210 Corolla Hatch there's a very good chance everyone in that Corolla lives.

Physics goes beyond weight. Safety goes beyond physics.

Re:

[pixelpusher220]

A better chance yes, no question.

That doesn't change the physics of the encounter which heavily say they won't

Re:

[smbell]

If you are in a collision with a large heavy old vehicle such that the forces involved would overwhelm the safety features of a modern car, it doesn't matter what you're driving, everybody is dead.

The person in the large heavy old vehicle is just as fucked, if not more.

Re:

[Khyber]

"Your post is not only wrong, it's not even relevant."

Yea, tell that to the 2015 Altima that ran a stop sign and got bounced off my 1979 LTD, which just kept on going until I hit the breaks.

Are you even old enough to drive?

Re:

[sdinfoserv]

Don't be so shortsighted. Cars wear out and fail, needing replace. So, unless you're "that guy" who's still driving his 1972 Vega, you're going to be buying a vehicle with this eventually.

Re:

[blue trane]

But why doesn't capitalism give us the option to customize our cars so we don't have all the safety beeps and silly features like warning you there's something in the back seat when you chose not to have children because you never wanted to have to worry about them but now this car is making you worry even though there's no kid back there?

Re:

[sdinfoserv]

Because "capitalism" is just an economic system. It makes no guarantees you own anything or have any rights. When you buy a car, you agree to manufacturer's ELU, nothing more. Your question stems from the typical republican erroneous argument that capitalism = freedom. The choice of 45 flavors of yogurt is not the freedom to read, write, or publish what you want.

Re:

[smbell]

Because you are doing what many people do, and what the politically right leaning have purposefully done. Confuse capitalism with well regulated free markets.

Well regulated free markets provide incentive for new products, fulfilling customer demand, efficiently allocating resources.

Capitalism is an economic system the funnels money towards the rich.

Re:

[sodul]

I'm driving a 2009 model, so I might have 37 more years with my current car? I would expect that in the next 20y gas stations will start to shut down due to the lack of ICE cars, and because of the lower demand the gas prices will go up much faster than other sources of energy: no more economies of scale. Maybe pure ethanol will be a true viable alternative to gas, but not many cars can run on pure ethanol today. Bio diesel is an other story.

But TBH, I'm the first owner of that 2009 car and it has 88k mile

Re:

[peragrin]

Congrats on owning a car and not driving anywhere or going to do fun things in life.

I have had several cars in that time frame and but a combine 400k miles on them.

88k is a big difference from 400k isnt it

Re:

[Fly Swatter]

Why do you live so far away from the fun? Location. Location. Location.

Re:

[Kerry Boehm]

You quite possibly are the short sighted one. Even in Pennsylvania, with all the road salt, I've managed to keep cars going 35+ years. With all the parts I've amassed I could probably keep them going to the end of my usefulness. I can weld, change drivetrains, and I am well versed at rewiring ECUs. One of my trees falling on it or some idiot on the road are the biggest perceived risk to immortality.

The worlds smallest violin

[philmarcracken]

"There's a lot of people that don't know that this is going on, and it's going to affect everybody getting their cars fixed," Shorty remarked.

Oh noes, maybe we might have to redesign our urban planning for something besides just cars.

Man, if you think that's bad....

[ceoyoyo]

Somebody should tell this mechanic the hoops you have to jump through to work on airplanes! If I want to open up AAA Best Larry's 737 Repair Shop I should be able to do that without any communist fees or insurance or whatnot dammit!

Re:

[blue trane]

What could go wrong with leaving it all up to Boeing, eh?

Re:

[jonwil]

Last I checked, Boeing doesn't tell airlines that they have to bring their Boeing planes back to a Boeing dealer to get certain things fixed. Yes you need a license to work on an airplane or run an aircraft maintanence shop but those licenses are issued by governments, not by manufacturers.

Re: Man, if you think that's bad....

[Fons_de_spons]

I assume Boeing also has specific instructions that certain parts cannot be serviced by non Boeing mechanics. I guess the warranty is void then.

Re:

[ceoyoyo]

This story is talking about a government requirement that repair shops have particular certifications.

The manufacturers pay

[VeryFluffyBunny]

How about the car manufacturers, who come up with these systems, pay the costs of running them? You know, instead of putting it onto people who are trying to help customers out & make their products work.

Re: The manufacturers pay

[Fons_de_spons]

Who pays the manufacturers?

Re:

[VeryFluffyBunny]

It's part of their manufacturing costs. If they want to make their stuff difficult to repair, they pay.

Re:

[caseih]

Which car buyers will pay for. If you were making and selling some widget, and the cost of production went up because of government regulation, you would have no choice but to raise the selling price if you wanted to stay in business.

Sure there are profits and then there are obscene profits. But the system we operate under does not differentiate between the two.

Re: The manufacturers pay

[samwichse]

That's fine. People compare prices up front just fine. They're less good at factoring in hidden bullshit costs later down the line.

Want to jack up your prices because you made things an unwieldy service nightmare? People cross-shopping will easily see that.

Re:

[VeryFluffyBunny]

If the increased cost of production does actually increase the retail price, which is a questionable assumption in a competitive market, then why include the features that make the cars so difficult to repair in the first place? Wouldn't the cars be cheaper without that too?

You could chase yourself dizzy going round in circles with those kinds of arguments if you're not careful!

Re: The manufacturers pay

[Fons_de_spons]

Getting dizzy was the point I was trying to make. The effects of supply and demand in a competitive environment including government influence is how a course in economics typically starts. There are a lot of interactions there, but they are well studied and established. Based on what I learned (I only got an introduction) , I'd expect the prices to go up by a similar amount as the margins in car the sector are not high and competition is though. There will be a down pressure on the extra cost though.

So in short..

[Fly Swatter]

Shorty's business model is fucked.

Good and bad

[dlarge6510]

Good = They merely have to buy a key. To be authorised, which stops random people on the street jacking your car via the ODB port! Cars have had no concept of security for decades. I know people who dilled holes around their ODB port to allow them to use padlocks to lock the cover on!

Bad = If you want to work on your own car, forget it...