Slashdot Mirror
Automakers Move Toward OTA Software Upgrades
Lucas123 writes: While some carmakers today offer over-the-air software upgrades to navigation maps and infotainment head units, Tesla became the first last week to perform a powertrain upgrade overnight. But as the industry begins adopting internal vehicle bus standards with greater bandwidth and more robust security, experts believe vehicle owners will no longer be required to visit dealerships or perform downloads to USB sticks. IHS predicts that in the next three to five years, most, if not all automakers, will offer fully fledged OTA software-enabled platforms that encompass upgrades to every vehicle system — from infotainment, safety, comfort, and powertrain. First, however, carmakers must deploy more open OS platforms, remove hardened firewalls between vehicle ECUs, and deploy networking topologies such as Ethernet, with proven security.
Couple thousand dollars for a SD card with maps on it, anyone?
What could possibly go wrong?
Will they be cut off after 6mo-1year
and they want the new update BUY A NEW CAR.
I hope auto drive systems have at least 5 years of updates at no added cost.
Hooray! Hopefully my car doesn't explode today!
Worst case? The only ship to survive will be the one without wifi! (Battlestar Galactica)
https://www.youtube.com/watch?...
Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!
So the vendor can/will push an update OTA to *my* vehicle w/o my specific consent?
Also... Imagine (a) needing to use your vehicle - for an emergency, perhaps, in the middle of the night only to be met the dashboard message: "Update in progress; Please wait ..." or (b) waking up to a bricked vehicle from a bad update.
It must have been something you assimilated. . . .
Automatically upgrading non critical systems makes sense. Upgrading the working of a car through a insecure interface is nuts, automatically more so. You leave work to go home, the upgrade failed, you are stranded. Someone hacks the interface, upgrades you car to their car, you no longer have a car.
I am sure people are going to attack dealers over this as well. But when I needed the firmware of my car upgraded to allow the new commutation standard, I drove the car to my friendly ane highly reputable dealer, they upgrade the software for free, made sure everything still worked, and I did not have to risk the upgrade would brick my car.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
What about some openCarOS
What could go wrong? Only the same things that go wrong with anything else that connects to the internet. The possibility that your car could be bricked. Could put repo men out of business, though.
How will this work if my vehicle is in motion at the time of a power train update? Will there be a nag prompt asking me to please reboot my ECU to complete the update?
I had a car that at about 18,000 miles, had its "check engine" light come on. I ignored it as I knew from past experience, that this car had no major problems. This light remained on till 29,000 miles when the car started shaking while at about 80 mph.
Any speed lower than that would be without problems. I decided to have it checked out. The dealership wanted $480 to for a new sensor. Without fixing, this car "will stall on you one day" he said.
Well, stubborn as I am, I ignored his advice. I added another 120K miles on it without any problems at all. When it used to jerk at the 80 mph point, I would just push the gear lever into N and rev it hard...At one time, I thought my tank may be dirty - it wasn't.
Later on at the same dealership, the fella (who was now out of the business), told me that cars are better built these days and that manufacturers had to find a way to get you back into the dealership to spend.
Look folks, we need a radical direction otherwise car companies will hold us at ransom as Microsoft has done with its MS Office software.
This is mostly for updates that remove or reduce features.
EXAMPLE. I own a Mitsubishi Lancer Evolution X, big time performance car. It comes with HID lights that have a switch inside the cabin for adjusting the leveling.
Apparently enough fools are setting it to the max height setting that the feature was deemed illegal and a TSB was sent to Mitsubishi dealers informing them to disable the switch and fix the lights at a certain height.
I personally love being able to aim my headlights down lower towards the ground when driving through my neighborhood at 1am and adjust my headlights higher for country gravel roads.
For that very reason I haven't let the dealer touch my car. I don't want to visit them to LOSE features. So I won't let them have it. They also want to change a torque reduction value in the ECU to save their ass on warranty by reducing my cars performance. I won't let them change that either.
OTA is to fix the problem of unwanted updates. Things where you no longer desire the "upgrade" because it removes control from you. You should really fight this because it will eventually be used to control you like a slave.
I'm waiting for a big plane to crash or bomb to go off in the future where suddenly all cars get an OTA upgrade that enforces a "no-drive-zone" around certain important geo-coordinates. Everyone would freak out and then question how they let something like that take over their cars....
Or rather, do not want unless there it is "off" by default and it's only turned on when I want to turn it on.
While I am okay with a non-signed binary for an in-peson/over-USB-disk upgrade so I can hack my car, when it comes to OTA upgrades that by definition might happen when I'm not controlling the process, the software better be signed by someone I trust.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
You'll be taking the bus to work Wednesday morning should something go wrong.
Have gnu, will travel.
If BG was a bit more realistic, all other ships would have been parked in orbit and used to send out spam.
What "hardened firewalls" are they referring to? CAN is the least secure thing out there, and always has been.
related captcha: nastiest
So some fucking OTA update is going to fail while you're in the middle of driving because it just happened without asking you?
This sounds like some epic stupidity there.
I would NOT accept a car company arbitrarily making changes to my car without my knowledge or consent.
This is not a toy, this is not an app ... this is a freaking car, and if it is MY car, you will only modify it when you have MY express permission. Not just because you think it's a good idea or want to hide your previous mistakes.
If these morons are going to claim their EULA gives them permission, they can screw off.
This is so incredibly stupid as to defy belief.
Lost at C:>. Found at C.
Sorry but my BMW has had an ethernet backbone inside it for years. My ODB-II connector has pins used for ethernet connection for programming and coding.
It seems the article writer has zero education about modern cars. Oh and "proven security" called isolated networks are just fine.
The Telecommunications module can easily be a 2 part box that has a second processor specific for system updates. Telcom side downloads the file, update side looks at the file in the flash storage and checks not only it's checksum but also decrypt it using the vehicle's VIN number. Then does a handshake to verify with the manufacturers server that the file is good by asking for a hash of the contents encrypted with the vehicles vin number. If it get's the answer back that it is OK. we are golden. That way anything downloaded must be specific for that vehicle and will stop 99% of all hackers as well as ensure that an update that is not for that vehicle will not get applied. Then it copies the decrypted files into the updater system and does the update to Secondary flash. That way if things go sideways it can simply revert to the last running good and send back a "fail" to the manufacturer.
This crap is not hard and you do NOT need firewalls and other shit cluttering up the vehicles systems.
Do not look at laser with remaining good eye.
If you don't allow updates, then a drive-by-wire car with a bunch of wireless systems (keyless entry, keyless starter, bluetooth, cellular, 802.11p (DSRC), ... ?) connected to its bus is a timebomb. If updates are allowed, at least there is a way to fix problems on a larger scale. If that update mechanism is the open Internet, then it presents an attractive large-scale, low-risk target. An OTA update mechanism that is privately networked (eg, dedicated cellular APN) might at least make mass attacks by relatively unsophisticated attackers unlikely. If that means building in two cellular radios, one that's for dedicated use by the car and another that's completely isolated that's for "apps", it's a small cost delta.
The open Internet isn't necessarily the one that is most suited to things.
Greeaaat. I can't wait until my care can be remotely hacked over the Internet and subjected to constant automated scanning for vulnerabilities.
Do. Not. Want.
If you have something to offer in terms of genuine improvement to my vehicle's performance or its systems, then you can offer it to me in a safe and secure way that I can retain control over whether or not it is applied, and when. I do not want any part of my vehicle's systems - be they critical or seemingly trivial - to be remotely accessible and able to be changed or updated by other people or the manufacturer.
Not only do I not want people to be able to use any sort of wireless technology to hack into my vehicle, I don't want the manufacturer having the ability to apply updates either. We all know just how often software is released that turns out to be broken, and the last thing I want is to get up in the morning and find my car bricked because someone pushed a shoddy update, or my stereo or climate controls stuck on full blast, all to "fix" something when the vehicle wasn't actually broken.
There's a damn good reason I don't allow any updates to be automatically pushed to my computers: because I have long, personal experience as a 20-year IT professional with what happens when you do. Why would my car be any different?
Auto manufacturers: stick with USB upgrades. Mail them to me. Allow me to register my VIN on a website and download them myself. Whatever. I can promise you this much, though: as soon as I have no other choice but to buy a car that can be tampered with wirelessly, I will be removing the antenna from it straight-away, or wrapping it in copper wire.
"Inveniemus Viam Aut Faciemus" 'We will find a way... Or we will make one!' --Hannibal of Carthage
Right when I'm overtaking, my car decides to do an OTA update of it's software. The controls block for about ten seconds, during which time I careen into a truck coming from the opposite side. Will my insurance cover for that?
no, I don't have a sig
I am not against the ability to perform an OTA update in principle, but considering how abysmal record with firmware (and software in general) these companies have, this is a major disaster waiting to happen.
When Microsoft, Apple or Google botch an update, there will be a few dead computers or phones at worst. If someone like e.g. Toyota or BMW (both with a "proven" record of poor quality firmware - think "stuck" accelerators or the famous BMW video of stalling car spitting out its key at the driver) push an automatic OTA update and something unexpected fails, there will be *dead people* in addition to dead computers. And something *will* fail sooner or later - we are far far from the ability to write provably correct code as a matter of course. And embedded code is often one of the worst examples of both software engineering (non-)methods and quality, mainly because it costs money and time to do things properly instead of outsourcing the firmware to the lowest bidder somewhere in a sweatshop. Nobody will ever see that code anyway, right?
The only way this can work safely is with previous user's authorization - i.e. *never* automatically and unattended. In that way I can make sure that I am safely stopped and not going 130 kph on a motorway when my engine or brakes decide to go bust on me. That is, AFAIK, what Tesla is doing (a message pops up and the driver needs to accept the update). However, unless this mode of operation is made mandatory, some dickhead will for sure push an automatic update at some point. It is just too tempting to not to and I would be surprised if Tesla didn't have an option to push a "silent" update too already ...
The other point that nobody reacted on so far - do you really want an always-on, always phoning home wireless connection in your car? That's a wet dream come true for anyone who wants to track your car for whatever reason. Tesla is doing it for (ostensibly) performance tracking (and, conveniently, busting lying journalists), your insurance may start to require access to that data if you want to keep your premiums low and finally police and spooks will rejoice, because they don't even have to bug your car or bother with license plate cameras anymore ...
Why should we need to do this in the first place? Answer: We shouldn't need to do it.
Excuse me, I'm making a local hacker site to "upload" "fixes" to your car's OS.
Ooh, another one bit! Now to do Car Wars (SJG) IRL!
-- Tigger warning: This post may contain tiggers! --
Wonderful, now when they fail to properly test the next upgrade, we can look forward to incorrect fuel/air mixture changes while passing a semi! The main problem with this is the possible failure to thoroughly test update. Remember fall 2013 when Samsung bricked thousands of Galaxy S4s? What about when your car is bricked?
>> What could possibly go wrong?
Nothing. There are hardly any firewalls between ECUs. Firewalls do not exist on CAN.
The article is written by someone with no insight in car architecture :
>> First, however, carmakers must deploy more open OS platforms
Nothing to do with the reflashing
>> remove hardened firewalls between vehicle ECUs
There aren't any firewalls
>> and deploy networking topologies such as Ethernet, with proven security. .....)
Ethernet is already widely deployed in cars for data hungry applications ( infotainment) For other uses, ethernet is absolutely not suitable ( price, power, wiring constraints, EMC, safety,
aaaaaaa
And GM *could* have used a slightly stronger spring in the ignition key switches so that heavy key rings wouldn't shut off the engine mid-drive and kill people.
But they didn't, because pennies for extra metal. Pay the vastly larger cost for a second processor? ... that's less likely than RedHat stripping systemd back out of their distro.
I will never let a dealer touch my ECU. I explicitly forbid them for "flashing" or "updating" it. I have had two examples of where my ECU were updated (without my permission) and they have ruined a car. One was a EPA change which made my car run 5 MPG less after that oil change (at a dealer, who updated the ECU). The other added some self tests to the car which made me lemon law it (but every single person that got these changes, had this issue).
If there is nothing wrong, I don't want any changes done to my car.
Like a flying brick
For Real
Harrison's Postulate - "For every action there is an equal and opposite criticism"
I foresee a whole new form of planned obsolescence, if sales are looking flat for the upcoming year the auto maker "updates" their vehicles so that the radiator fan and runs a little less often to "improve fuel economy" resulting in some fried engines and more car buyers.
How fucking idiotic could you be?
Why would we create a world where a terrorist organization or other deeply flawed institution could take physical control of vehicles over the air?
There's no use speculating on whether it would happen -- if it can, it will and you won't be told when it does, because that would hurt sales or national security or whatever.
Keep the hardened firewalls. Keep it IMPOSSIBLE to do. Keep the fuck out of MY STUFF except with my permission.
Remote access to update software on your car.
You mean remote access for someone trying to screw with your car.
I guess they're going to have to add some new entries under 'wardriving'.
Like everything else that can be abused, if it can, it will be, and this one is so much easier than actually having to get physical access to the car first...
While some carmakers today offer over-the-air software upgrades to navigation maps and infotainment head units,
Others, such as Toyota, want to charge you $250 US for a one time update to the maps. Then they wonder why I still have a Garmin stuck to my windshield. Thanks for nothing Toyota.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Cars are, today, often reflashed with new firmware as part of dealer servicing, usually without the owner being aware (or caring, for that matter).
Nobody dies. Brakes keep working.
Runaway Toyotas didn't have a software problem. They had a mechanical problem wherein the pedal would get physically get stuck, and they fixed that in a mechanical way by adding a plastic widget to the bottom of the accelerator pedal.
Mind you, a software update was also applied, presumably to make such keyless cars easier to shut down in such situations, but that's an improvement...not a cure for a mechanical issue.
Automotive software for key components (safety, drivetrain) is very simple software. And it will be tested just like it is today before it is installed on a customer's vehicle: With real cars, on a closed test track.
Kid-proof tablet..
Just cut the antenna and it won't update shit, though at some point they are going to catch on and make a timer, that if it does not phone home, it'll limit the cars speed or not allow starting.
Then stop buying low end Garbage cars.
GM is 100% garbage. The Corvette is a very low end piece of shit. Buy real cars and you dont have the problems.
Note: Ford and Chrysler is also garbage... Toyota, Honda, BMW, and Tesla are the only ones worth buying as they are not ran by dipshits chasing pennies and max profits.
But then I also firmly believe we dont need every single part to be overly complex computer controlled with an OS. A standard processor running machine code to do ONE JOB WELL. is all that is really needed.
Let's ignore (for now) how (US) laws make the major automobile manufacturers dependent on their dealer networks to sell cars (etc.) - and the dealers are dependent on their service bays to stay in business. Consider only the operational aspects of how software updates are applied to cars - which is a VERY manual process with technicians and experts trained in ways to communicate with each other, and with (typically) a several day window in which the update(s) can be applied while the owner finds alternate transportation.
The existing process is (relatively) forgiving, since a technician has documentation, experience, and additional technical support to call for help. The customer is already inconvenienced, so adding a few hours (or even days) to the update process while problems are worked out is (barely) tolerable. Moreover, two cars of the same model (and trim) but manufactured a few weeks or months apart may have different controllers - something that the technician could verify, but the owner might not.
I suspect that software updates for most major automobile manufacturers is more like the state of firmware, driver, and OS updates was for Windows back in the 1990s.
Changing this will take time.
Just wait! by 2025, our cars will all have cameras and AIs whom will choose to communicate via flashing head lights in Morse Code. Not because they HAVE to (it'll be way less efficient for them!) but because of *our* annoyance factor! It will be the first sign we have amalgamated sentient AIs among us ;-)
Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!
Don't forget that a few cars will get "special" updates courtesy of the police, or (in the case of espionage) whoever can bribe whoever else to do it.
Nothing good can come of this because in order for good to come of this there must be trust. I have no trust in any large corporation to do the right thing or to do things correctly.
No, just bricking your car [in the computer sense] is just inconvenient.
Having your car be remotely driven into a brick wall, or accelerate into a crowd or through a red light, that gets interesting.
It'll be the new 'SWATting'.
Sleep your way to a whiter smile...date a dentist!
I worry about this stuff making cars less reliable. I have a car that is pretty much 100 percent mechanical. I don't think there is any computerized anything in it that is relevant to it. I'd just assume keep it that way.
I like my tech as bolt ons to the car. Give me the GPS and the stereo and whatever. But I'd like the portion of the car that is a car to be a "car" and not a computer.
I don't trust this nonsense when I'm going down the road at 80 miles an hour. Some of these systems are getting control of the braking for example which is completely unacceptable from my perspective. I saw that super bowl ad that showed off the ability of the system to slam on the breaks if something is in front of you. Absolutely not. I am driving the car or I am not.
Of course, I don't even have an automatic transmission. Stick or nothing.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Infected by Cylons? ;)
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Change your default password!
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Having cars reflashed at a dealership is something different - the mechanic will usually do at least some basic sanity tests that everything works before handing it over to the client.
Anyway, my point wasn't that reflashing firmware is bad - it may be even required and I am fine with that. It needs to be done safely and securely, though!
And yes, Toyota had a big software problem too, even though it wasn't why they have lost that accelerator pedal lawsuit:
http://www.edn.com/design/auto...
It's like he bought a copy of the book 1984 from Amazon that Amazon wasn't licensed to sell so they remotely deleted it from his Kindle device.
Remember which side the hive mind came down on for that true-life analogy? http://classic.slashdot.org/story/09/07/17/2138213
Yeah. Once the product has been sold, if the government deems the owner to be in violation of a law the government damn well better take it up with nobody other than the fucking owner!
First, however, carmakers must deploy more open OS platforms, remove hardened firewalls between vehicle ECUs, and deploy networking topologies such as Ethernet, with proven security.
No, they need to get computers out of vehicles altogether. Suddenly you'll find you won't be able to repair the vehicle *you* own because to do so would violate some provision of the DMCA and turn you into a criminal. This is the same problem farmers are having with high-tech equipment such as "modern" tractors from John Deere.