All the ECUs are independent pretty much when it comes to diag and software loading. To flash the ECM you need the ECM programming PIN, which is not insurmountable to get (capture a total upgrade with ECM update, or an ECM reload from VIDA, then crack the PIN with OrBit)
That part is not so bad...then you have the signed code process to get around, I really have not gotten into exactly how it works, but basically you would only get to be able to flash a "Volvo signed" file at best case, so you could maybe reload the same calibration to the ECM. But you don't have the ability to sign the code with Volvo signature, so you can't ever make your own "tune". That's where the hardware compromise is needed, to get around that signing process.
For the encryption geeks around, I don't know if it's a private key per car, which would have to be individualized to each ECM, or it's Volvo wide private key, where any signed Volvo file, like an ECM calibration destined one particualr car, could be loaded on another as long as it is signed by Volvo.
BTW in the Volvos we are dealing with, only a few security critical ECUs are using a signed code process. Others, like the CEM are not, just need the PIN and flash what you like ;-) You can be sure, this will be expanded to all possible ECUs in future generations, this is how automakers will probably "win" not because it's impossible to hack, but simply because the effort is too high for the reward!
That part is not so bad...then you have the signed code process to get around, I really have not gotten into exactly how it works, but basically you would only get to be able to flash a "Volvo signed" file at best case, so you could maybe reload the same calibration to the ECM. But you don't have the ability to sign the code with Volvo signature, so you can't ever make your own "tune". That's where the hardware compromise is needed, to get around that signing process.
For the encryption geeks around, I don't know if it's a private key per car, which would have to be individualized to each ECM, or it's Volvo wide private key, where any signed Volvo file, like an ECM calibration destined one particualr car, could be loaded on another as long as it is signed by Volvo.
BTW in the Volvos we are dealing with, only a few security critical ECUs are using a signed code process. Others, like the CEM are not, just need the PIN and flash what you like ;-) You can be sure, this will be expanded to all possible ECUs in future generations, this is how automakers will probably "win" not because it's impossible to hack, but simply because the effort is too high for the reward!