Automakers Move Toward OTA Software Upgrades

Lucas123 writes: While some carmakers today offer over-the-air software upgrades to navigation maps and infotainment head units, Tesla became the first last week to perform a powertrain upgrade overnight. But as the industry begins adopting internal vehicle bus standards with greater bandwidth and more robust security, experts believe vehicle owners will no longer be required to visit dealerships or perform downloads to USB sticks. IHS predicts that in the next three to five years, most, if not all automakers, will offer fully fledged OTA software-enabled platforms that encompass upgrades to every vehicle system — from infotainment, safety, comfort, and powertrain. First, however, carmakers must deploy more open OS platforms, remove hardened firewalls between vehicle ECUs, and deploy networking topologies such as Ethernet, with proven security.

"remove hardened firewalls between vehicle ECUs"

[SoCalChris]

What could possibly go wrong?

Hmm... I thought it was *my* vehicle.

[fahrbot-bot]

So the vendor can/will push an update OTA to *my* vehicle w/o my specific consent?

Also... Imagine (a) needing to use your vehicle - for an emergency, perhaps, in the middle of the night only to be met the dashboard message: "Update in progress; Please wait ..." or (b) waking up to a bricked vehicle from a bad update.

Re:Hmm... I thought it was *my* vehicle.

[PhrostyMcByte]

It does have some advantages. I got the Scion FR-S the day it came out. The original firmware had a number of small issues and one very serious one.

At a specific load and intake volume, the car wouldn't push enough fuel. It ended up being dangerously lean and it was found that those who stayed at that point for too long would have a catastrophic failure from their direct injector seals melting, necessitating a full block replacement.

An ECU update came out a while later that fixed it, but nobody was notified. Cars coming in for service don't get it automatically -- the techs aren't even told about it. 99% of those original cars remain unupdated. Anyone who chooses some "spirited" driving on a hot day is at risk.

An OTA update would solve issues like this really smoothly for a lot of people. I'm all for it.

Re:Hmm... I thought it was *my* vehicle.

[Anne+Thwacks]

Let's see how it is implemented before we make that kind of complaint.

The problem is, some of us are over 21, and have seen the other things the auto industry has implemented. The omens are all bad here. (I can feel the force).

If you want control over when and where your vehicle will go, you need a mechanically injected diesel. (No need for electricity at all). See today's post on tractors: "Farmers Struggling With High-Tech Farm Equipment". Hooray for hot-bulb engines!

What could go wrong?

[fermion]

MS probably tests upgrades more than any, but a few computers usually go nuts after an upgrade. You can blame the open hardware of MS computers, but then think of apple. They have very closed hardware in the iPhone, but still a few iPhones go nuts after upgrade.

Automatically upgrading non critical systems makes sense. Upgrading the working of a car through a insecure interface is nuts, automatically more so. You leave work to go home, the upgrade failed, you are stranded. Someone hacks the interface, upgrades you car to their car, you no longer have a car.

I am sure people are going to attack dealers over this as well. But when I needed the firmware of my car upgraded to allow the new commutation standard, I drove the car to my friendly ane highly reputable dealer, they upgrade the software for free, made sure everything still worked, and I did not have to risk the upgrade would brick my car.

I think we need some serious open source effort

[bogaboga]

I had a car that at about 18,000 miles, had its "check engine" light come on. I ignored it as I knew from past experience, that this car had no major problems. This light remained on till 29,000 miles when the car started shaking while at about 80 mph.

Any speed lower than that would be without problems. I decided to have it checked out. The dealership wanted $480 to for a new sensor. Without fixing, this car "will stall on you one day" he said.

Well, stubborn as I am, I ignored his advice. I added another 120K miles on it without any problems at all. When it used to jerk at the 80 mph point, I would just push the gear lever into N and rev it hard...At one time, I thought my tank may be dirty - it wasn't.

Later on at the same dealership, the fella (who was now out of the business), told me that cars are better built these days and that manufacturers had to find a way to get you back into the dealership to spend.

Look folks, we need a radical direction otherwise car companies will hold us at ransom as Microsoft has done with its MS Office software.

Re:I think we need some serious open source effort

[sinij]

People like you is why I don't buy used cars. It is unsafe to ignore check engine light, if you don't trust the dealer, then get cheap OBDII reader and scan error codes yourself.

Re:I think we need some serious open source effort

[sinij]

I ignored it as I knew from past experience, that this car had no major problems.

I am with you, the other day I was patching mission-critical server when I noticed SMART errors. I ignored it, as I know from past experiences that this server had no major problems.

At some point, at above 90% load the server started random kernel panics. Any lower load than that would be without any problems. I decided to have sysadmin check it out. He wanted $480 for a new hard disk. Without fixing, this "server would permanently lose data one day" he said.

Well, stubborn as I am, I ignored his advice. I added couple months on it without any problems at all. When it kernel panics, I would just reboot it...At one time, I thought my reset button may be dirty - it wasn't.

Important when updates ARENT wanted.

This is mostly for updates that remove or reduce features.

EXAMPLE. I own a Mitsubishi Lancer Evolution X, big time performance car. It comes with HID lights that have a switch inside the cabin for adjusting the leveling.

Apparently enough fools are setting it to the max height setting that the feature was deemed illegal and a TSB was sent to Mitsubishi dealers informing them to disable the switch and fix the lights at a certain height.

I personally love being able to aim my headlights down lower towards the ground when driving through my neighborhood at 1am and adjust my headlights higher for country gravel roads.

For that very reason I haven't let the dealer touch my car. I don't want to visit them to LOSE features. So I won't let them have it. They also want to change a torque reduction value in the ECU to save their ass on warranty by reducing my cars performance. I won't let them change that either.

OTA is to fix the problem of unwanted updates. Things where you no longer desire the "upgrade" because it removes control from you. You should really fight this because it will eventually be used to control you like a slave.

I'm waiting for a big plane to crash or bomb to go off in the future where suddenly all cars get an OTA upgrade that enforces a "no-drive-zone" around certain important geo-coordinates. Everyone would freak out and then question how they let something like that take over their cars....

How can someone think that this is a good idea ...

[janoc]

I am not against the ability to perform an OTA update in principle, but considering how abysmal record with firmware (and software in general) these companies have, this is a major disaster waiting to happen.

When Microsoft, Apple or Google botch an update, there will be a few dead computers or phones at worst. If someone like e.g. Toyota or BMW (both with a "proven" record of poor quality firmware - think "stuck" accelerators or the famous BMW video of stalling car spitting out its key at the driver) push an automatic OTA update and something unexpected fails, there will be *dead people* in addition to dead computers. And something *will* fail sooner or later - we are far far from the ability to write provably correct code as a matter of course. And embedded code is often one of the worst examples of both software engineering (non-)methods and quality, mainly because it costs money and time to do things properly instead of outsourcing the firmware to the lowest bidder somewhere in a sweatshop. Nobody will ever see that code anyway, right?

The only way this can work safely is with previous user's authorization - i.e. *never* automatically and unattended. In that way I can make sure that I am safely stopped and not going 130 kph on a motorway when my engine or brakes decide to go bust on me. That is, AFAIK, what Tesla is doing (a message pops up and the driver needs to accept the update). However, unless this mode of operation is made mandatory, some dickhead will for sure push an automatic update at some point. It is just too tempting to not to and I would be surprised if Tesla didn't have an option to push a "silent" update too already ...

The other point that nobody reacted on so far - do you really want an always-on, always phoning home wireless connection in your car? That's a wet dream come true for anyone who wants to track your car for whatever reason. Tesla is doing it for (ostensibly) performance tracking (and, conveniently, busting lying journalists), your insurance may start to require access to that data if you want to keep your premiums low and finally police and spooks will rejoice, because they don't even have to bug your car or bother with license plate cameras anymore ...

Re:How can someone think that this is a good idea

[adolf]

Cars are, today, often reflashed with new firmware as part of dealer servicing, usually without the owner being aware (or caring, for that matter).

Nobody dies. Brakes keep working.

Runaway Toyotas didn't have a software problem. They had a mechanical problem wherein the pedal would get physically get stuck, and they fixed that in a mechanical way by adding a plastic widget to the bottom of the accelerator pedal.

Mind you, a software update was also applied, presumably to make such keyless cars easier to shut down in such situations, but that's an improvement...not a cure for a mechanical issue.

Automotive software for key components (safety, drivetrain) is very simple software. And it will be tested just like it is today before it is installed on a customer's vehicle: With real cars, on a closed test track.