Slashdot Mirror
Ford Tests DIY Firmware Updates
wiredmikey writes "This month, Ford is borrowing something from the software industry: updates. With a fleet of new cars using the sophisticated infotainment system they developed with Microsoft called SYNC, Ford has the need to update those vehicles — for both features and security reasons. But how do you update the software in thousands of cars? Traditionally, the automotive industry has resorted to automotive recalls. But now, Ford will be releasing thirty thousand USB sticks to Ford owners with the new SYNC infotainment system, although the update will also be available for online download. In preparing to update your car, Ford encourages users to have a unique USB for each Ford they own, and to have the USB drive empty and not password protected. In the future, updating our gadgets, large and small, will become routine. But for now, it's going to be really cumbersome and a little weird. Play this forward a bit. Image taking Patch Tuesday to a logical extreme, where you walk around your house or office to apply patches to many of the offline gadgets you own."
Just leave at least one wireless interface active and I'll handle all the updates for you!
Sincerely, B. Hat,
Honest Gentleman
"Play this forward a bit. Image taking Patch Tuesday to a logical extreme, where you walk around your house or office to apply patches to many of the offline gadgets you own."
I'm assuming by the time we need to upgrade firmware or software on our refrigerators, toasters, coffee makers, and toilets that they'll all be sentient and just do it themselves.
Since when does an automobile entertainment system need security updates? Oh, the wonders of Microsoft...
Have you read my blog lately?
They should have put Wi-Fi onboard. Park the car in your garage or driveway, hope on your home network, voila.
Nothing is more dangerous than a programmer with a screwdriver.
Someone had to do it.
"Yeah, boss? I can't come into work today. My Ford Focus just BSOD'd in my driveway."
no, really. no, not like that. I was just running this firmware update and now there's a note on the dash telling me there was a problem and I need to restart my car? but when I turn the key it won't start anymore?
I work for the Department of Redundancy Department.
and the next version will let you boot your taurus from the tftp server off your fridge. . . Let just hope they get the progress bars right. . . http://xkcd.com/612/
Or, if they could be updated like the Kindle (3G or WiFi), Ford could handle them all without the owner getting involved. And they wouldn't need to mail out 30,000 USB sticks or CDs.
Plus, Ford could then get real feedback from how the car is performing.
Because no one ever took advantage of short-sighted manufacturers that aren't security-conscious to do anything malicious to a car. Oh, wait... Also, awesome insurance scam in the works if you can do a hostile takeover of a rich guy's car (the ones that will probably have cars with Wi-Fi) and make him get into a rear-end accident. BAM! Sweet-ass cash truck from his rich guy insurance agency. No cop will believe "My car got hacked."
Goodbye Magnuson-Moss, it was nice knowing you! A service pack for your car. Good luck with that. What if it bricks your car? How much does a replacement dashboard computer cost after warranty, due to a faulty update? Who is liable for that if it happens?
Has anyone seen the EULA for this thing? If it isn't significantly different from normal software EULAs, I'm avoiding this sort of technology like the plague.
...in the JD Power IQS Customer Satisfaction Rankings: ... Not surprisingly, MyFord Touch was the biggest contributor to Ford's fall from grace. "
"Ford went from a fifth place ranking in the 2011 J.D. Power Initial Quality Study to a mediocre 23rd place showing this year. Sister-brand Lincoln took a similar nosedive, falling from eighth place all the way down to 17th place this year.
And who designed the MyFord touch? Give you one guess.
USB? Really?
Hey, car marketing guys. Put down the YouFace for a second and listen. There is this thing called radio. Mandate that your dealers deploy drive through 'update servers' on their premises. $300 black box should do it. Be sure to charge the dealers $30,000 for it though. Why not, right? :) Anyhow, when your customers need updates they go to the dealerships and get updated using bluetooth or WiFi or something. Meanwhile, they get an up close look at all the new shiny on the lot and read adds for service specials and stuff.
Cha-ching!
Okay, now I'll just wait for the cyanogen mod to be available for Sync before buying a Ford. I wonder how binary those firmware updates are . . .
Most ignorance is vincible ignorance. We don't know because we don't want to know. --Aldous Huxley
is the next target for viruses.
But this time the machine to crash won't be your PC.
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Remember when stories used to be tagged "whatcouldpossiblygowrong"? If there ever was a story that could use it, it is this one.
From TFS: "Ford encourages users to have a...."
Just cant get my mind around that yet. So now car companies will be referring to their customers as users instead of drivers. fun times ahead.
There is no friggin way i would let Microsoft anywhere near my car. They have a much too bad track record for that. This is something that makes me take two large steps away from any Ford car. I was entertaining getting a Ford but after having read this, no way in hell.
HTTP/1.1 400
Or, if they could be updated like the Kindle (3G or WiFi), Ford could handle them all without the owner getting involved. And they wouldn't need to mail out 30,000 USB sticks or CDs.
Plus, Ford could then get real feedback from how the car is performing.
Because no one ever took advantage of short-sighted manufacturers that aren't security-conscious to do anything malicious to a car. Oh, wait...
Also, awesome insurance scam in the works if you can do a hostile takeover of a rich guy's car (the ones that will probably have cars with Wi-Fi) and make him get into a rear-end accident. BAM! Sweet-ass cash truck from his rich guy insurance agency. No cop will believe "My car got hacked."
A USB stick that arrives through the mail is hardly more secure than a Wifi update. It could even be less secure since an attacker could drop 10,000 of them in the mail anonymously without having to risk physical proximity to the car he's trying to hack.
Hopefully Ford uses digital signatures to validate the integrity of an update before the car will accept it, but signature validation works equally well (or poorly) whether its a USB Flash update or Wifi update.
Whoa guys! Ford has been allowing end user firmware upgrades since the SYNC system was rolled out. The salesman even told me how to do it when we bought my wife's car two years ago. I've even done it myself through the Ford website. Also note, that this upgrade does not change the ECU, only the SYNC system. Also note, that this mass USB stick mailing is for MyFordTouch, not SYNC (MyFordTouch is built on top of the SYNC system, but includes a touchscreen, and are commonly confused).
In summary:
User firmware upgrades !new
User firmware upgrades !experimental
Mass USB mailings !SYNC
The only thing experimental is the mass mailing of USB sticks.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
They didn't embed and data/antenna hookup to it. So while it has GPS... if you want data or cell you have to use your phone.
That all being said, I believe they set stuff up so it can connect to the internet if there's a wifi hotspot nearby (mobile or whatever). In which case they COULD make it so you: park in your garage, connect to the internet, click on something to patch it.
But trying to get Grandma to figure out how to connect to the WiFi with that touch screen... it might be easier to say: Plug this plastic thing in a hole that looks like this, click this button, take out the plastic thing and plug it into the same hole in your arm rest.
. . . can we update and patch them as well?
Mechanic: "I'm sorry, sir, but I need to replace the brick behind the wheel of your car to fix it . . . "
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
What could possibly go wrong with a capability to wirelessly update your car's firmware?
I guess they're afraid that you'll get a bootlegged Microsoft entertainment system and will want you to put the "Real Deal" or whatever they call it.
Then after several years of usage of your legitimate version without out a hitch, you'll get an update that then puts up a window that says that you appear to not a have legitimate version of the entertainment system.
Has happened to me with my MS Office XP.
If only Libre or Open Office supported VB macros.
Either one is highly vulnerable to bad drivers.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
When a vulnerability remains unpatched on your desktop or laptop OS, malware and viruses can cripple your computer and prevent you from using it to get online or do work.
When a firmware update remains unpatched on your wireless-enabled car OS, someone breaks into your WAP/router at home, runs an attack on your car's firmware, and the next time you turn the car over the fuel/air mixture is so rich that the vehicle bursts into flames.
Which is worse to you?
have you met Americans? we don't have the patience let alone the attention span for this daunting task :-P
One word: Montana
There will be lots of places you'll be offline...hell I *want* to be offline in many places...
People in cars cause accidents....accidents in cars cause people
Screw official updates. I installed Cyanogenmod on my 2012 Fiesta, and now it goes ONE MILLION MILES AN HOUR.
This gives new meaning to the phrase -- I sure hope this update doesn't crash my...er...car.
They might not have enough space for 3x the install (previous working copy, current copy, downloaded copy) and streaming a firmware update over wifi is just asking for trouble.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Circa the mid-nineties... the media was gushing over the latest trend, how great it was going to be, and how it was going to solve our update problems. One example would be this piece by Brian Livingston. In the wondrous world of the future, "the user does little or no work, other than clicking a menu button to start the upgrade process. Sometimes not even that is necessary. The software dials up[sic] the vendor's BBS or the World Wide Web site automatically installs any components that are newer than the than those on the currently installed version.... This level of automation, of course, assumes that the user's PC is equipped with a working modem." But once we get to that point, nirvana is at hand. No more software bugs, all our software constantly and updated to the latest version, effortlessly.
These days, it seems as if I a significant amount of time unproductively waiting while my computer downloads and installs some massive update--most recently over one gigabyte for a recent Mac OS X point update. Sometimes, even after the download, the installation process itself can take ten minutes, during which time everything else the machine is doing typically slows to a crawl. Or involves the machine rebooting itself once or twice. Or involves the update program politely requesting that I shut down every application I'm running.
Not to mention the time wasted checking the forums to find out whether the current update is likely to break my computer, and figuring out how to block my system from automatically installing it until they release the improved patch.
But I'm not worried, I'm sure a car manufacturer would never release buggy update. They have far better SQA departments than all the rest of the software industry... don't they?
"How to Do Nothing," kids activities, back in print!
They might not have enough space for 3x the install (previous working copy, current copy, downloaded copy) and streaming a firmware update over wifi is just asking for trouble.
That may well be true, but it would be stupid since even a USB transfer can be interrupted or corrupt. And it doesn't change my point that security is not a reason to send customers a USB stick in the mail rather than letting their car download the update via Wifi.
When is someone going to release a software package to handle a household's updates automatically? People aren't going to want to think about it.....
Never understimate the power of human stupidity -Lazarus Long
We bought a new Fusion last year, and we've done a couple of firmware updates to Sync since then. The process is simple and goes off without a hitch.
Do you know how to update the bluetooth drivers on a high end Kenwood head unit? The only way to do it is via Bluetooth. So if your BT isn't working correctly, you should have it connect to a bluetooth device and do an update. Update not work and your BT is no longer operational? Just update it by connecting to the...oh shit.
I haven't had it fail, but damn it just seems ripe for problems. Of course, it's Kenwood, so nothing really works well.
Is it just my observation, or are there way too many stupid people in the world?
I am very concerned about stability, as a matter of fact I dedicate myself to not crashing my vehicles. Installing Windows on my vehicle is an incredibly counter intuitive when it comes to achieving that goal. I would be like putting bricks and eggs in the same shipping container to protect the eggs from outside dangers.
The preceding post was not a Slashvertisement.
I leave my car parked, top-down. Someone walks by, installs a patch that disables my brakes. So who's at fault? Me for not protecting my car, mazda for not key-protecting the upgrade system, the mazda software team for not password-protecting the upgrade system, or the someone who walked by and just plugged something in? Didn't steal anything, didn't take anything, didn't directly damage anything, just plugged a usb into a slot -- maybe not even his own usb. maybe it was my usb with an experimental patch that I wasn't ready to install.
I'm perfectly happy with my dealer/mechanic running patch upgrades when I already bring my car in twice a year for wheels and oil and winter and such. and in those environments, an upgrade can be followed by what upgrades in software industries are followed by -- tests. you don't upgrade your computer and then just assume that it works again for anything serious.
Touche.
File under 'M' for 'Manic ranting'
I think I read a similar story about Ford doing this and it's old fucking news. I have a 2008 Dodge Charger I'be been updating the Mygig software on since I bought it. Comes in the mail as a DVD or I can download an ISO from a fan site.
Chewbacon
The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
This topic seems to be familiar. I've posted before about this type of topic, but this isn't anything groundbreaking. Cars with infotainment systems have had updates for quite some time. The only thing different between their update and updates for my car is they do USB, but for me it's a DVD. Slip the disc in, and let it update the system. This is really stretching the DIY term a bit I think. You're not manually patching any files in, you're just connecting a USB stick and let it go.
...will Brits have to retrunk them?
.sig withheld by request
I could see this, yes. But, if it was designed properly - they would only need to keep a stash of MMCs or something similar and just swap them out. It's only a pain to deal with bricked routers and such because they solder the flash to the board. Put the device's storage on removable media and that issue goes away. Put the very basic bootloader on the board if you must, but the whole thing doesn't need to be on there.
This wouldn't be so bad - just another part they have to grab from the parts store, like any other. Hell the car manufacturers could standardize it (or at least stay consistent within the brand. For example, all Nissans would use the same chip/card/cartridge. If the bootloader in the hardware is coded right the first time, then larger sizes/speeds won't matter (just like they don't for PCs)
The stern pinball sam system board is like that basic code is on a eeprom that is there to let it boot up and flash the game code into the flash roms from a USB key. So you just need a basic fall back code that can read from a disk or key and update the main flash.
add a dip switch to force it to boot from the eeprom like you have to do with the sam boards to update them.
They're gotten to be almost as bad as Toyota, Honda, VW and MB.
car OS connects to 3G/4G does not know you are roaming and at $20 a meg it costs you $400 for a small 20 meg update Or say $3000 for a 150 MEG update.
I want to be able to drive at the same time so I am not useing up gas on just a update.
With an 802.x wireless interface Ford could assume that people's home wireless network reaches their car or garage. Park within range and call up the in-car menu to start the update (and don't stall out!).
And if it doesn't reach or if you don't have access to a parking place near your coffee shop that has free wi-fi, drive over to your Ford dealer and use theirs (or they can patch you when you go for service).
I wish I had 802.x access to my car to update my music drive.
Less expensive than a recall; either a brilliant idea or a possibility to screw things up. Enabling users is generally a good thing in my opinion.