Slashdot Mirror

← Back to Stories (view on slashdot.org)

Automakers Move Toward OTA Software Upgrades

Posted by Soulskill on from the granted-features-like-a-wizard dept.

Lucas123 writes: While some carmakers today offer over-the-air software upgrades to navigation maps and infotainment head units, Tesla became the first last week to perform a powertrain upgrade overnight. But as the industry begins adopting internal vehicle bus standards with greater bandwidth and more robust security, experts believe vehicle owners will no longer be required to visit dealerships or perform downloads to USB sticks. IHS predicts that in the next three to five years, most, if not all automakers, will offer fully fledged OTA software-enabled platforms that encompass upgrades to every vehicle system — from infotainment, safety, comfort, and powertrain. First, however, carmakers must deploy more open OS platforms, remove hardened firewalls between vehicle ECUs, and deploy networking topologies such as Ethernet, with proven security.

33 of 157 comments (clear)

  1. "remove hardened firewalls between vehicle ECUs" by SoCalChris · · Score: 5, Insightful

    What could possibly go wrong?

  2. Will they be cut off after 6mo-1year by Anonymous Coward · · Score: 5, Informative

    Will they be cut off after 6mo-1year
    and they want the new update BUY A NEW CAR.

    I hope auto drive systems have at least 5 years of updates at no added cost.

    1. Re:Will they be cut off after 6mo-1year by stooo · · Score: 4, Funny

      You will get new versions of a car :
      - Home basic car : will only start 10 times, until you get an upgrade. Can only take a single passenger
      - Home premium car : start always, but there are no brakes
      - Profesionnal car : has brakes, but they break often
      - Enterprise car : has reliable brakes, but lacks a radio
      - Ultimate car : you get the radio for 5000 Euro extra.

      I have to put the obligatory GM-Microsoft :
      http://mistupid.com/jokes/msvg...

      --
      aaaaaaa
  3. Re:"remove hardened firewalls between vehicle ECUs by zidium · · Score: 5, Funny

    Worst case? The only ship to survive will be the one without wifi! (Battlestar Galactica)

    https://www.youtube.com/watch?...

    --
    Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!
  4. Hmm... I thought it was *my* vehicle. by fahrbot-bot · · Score: 4, Insightful

    So the vendor can/will push an update OTA to *my* vehicle w/o my specific consent?

    Also... Imagine (a) needing to use your vehicle - for an emergency, perhaps, in the middle of the night only to be met the dashboard message: "Update in progress; Please wait ..." or (b) waking up to a bricked vehicle from a bad update.

    --
    It must have been something you assimilated. . . .
    1. Re:Hmm... I thought it was *my* vehicle. by dj245 · · Score: 2

      So the vendor can/will push an update OTA to *my* vehicle w/o my specific consent?

      Also... Imagine (a) needing to use your vehicle - for an emergency, perhaps, in the middle of the night only to be met the dashboard message: "Update in progress; Please wait ..." or (b) waking up to a bricked vehicle from a bad update.

      Let's see how it is implemented before we make that kind of complaint. Any piece of software actually critical to the function of the engine is probably very small in size and quickly installed. GPS maps and entertainment systems shouldn't exclude driving the car. I'm looking forward to possibly interacting with the car maker directly rather than having to deal with the dealerships.

      The last car I bought had an outdated GPS system, so I wrote in the contract that they must update it at their expense. Of course, this isn't a typical request, so they forgot about that clause in the contract. It took them a week to get the software into their dealership and 3 hours to actually install it. The dealership isn't anywhere near my house, so that was further inconvenience. If it could have been done over the air I would have saved hours of time and frustration.

      --
      Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
    2. Re:Hmm... I thought it was *my* vehicle. by PhrostyMcByte · · Score: 3, Insightful

      It does have some advantages. I got the Scion FR-S the day it came out. The original firmware had a number of small issues and one very serious one.

      At a specific load and intake volume, the car wouldn't push enough fuel. It ended up being dangerously lean and it was found that those who stayed at that point for too long would have a catastrophic failure from their direct injector seals melting, necessitating a full block replacement.

      An ECU update came out a while later that fixed it, but nobody was notified. Cars coming in for service don't get it automatically -- the techs aren't even told about it. 99% of those original cars remain unupdated. Anyone who chooses some "spirited" driving on a hot day is at risk.

      An OTA update would solve issues like this really smoothly for a lot of people. I'm all for it.

    3. Re:Hmm... I thought it was *my* vehicle. by AaronW · · Score: 3, Informative

      All of the OTA updates to my Tesla ask me if and when to install the updates. Usually it's a no brainer.

      --
      This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
    4. Re:Hmm... I thought it was *my* vehicle. by Anne+Thwacks · · Score: 2, Insightful
      Let's see how it is implemented before we make that kind of complaint.

      The problem is, some of us are over 21, and have seen the other things the auto industry has implemented. The omens are all bad here. (I can feel the force).

      If you want control over when and where your vehicle will go, you need a mechanically injected diesel. (No need for electricity at all). See today's post on tractors: "Farmers Struggling With High-Tech Farm Equipment". Hooray for hot-bulb engines!

      --
      Sent from my ASR33 using ASCII
    5. Re:Hmm... I thought it was *my* vehicle. by eth1 · · Score: 2

      It does have some advantages. I got the Scion FR-S the day it came out. The original firmware had a number of small issues and one very serious one.

      At a specific load and intake volume, the car wouldn't push enough fuel. It ended up being dangerously lean and it was found that those who stayed at that point for too long would have a catastrophic failure from their direct injector seals melting, necessitating a full block replacement.

      An ECU update came out a while later that fixed it, but nobody was notified. Cars coming in for service don't get it automatically -- the techs aren't even told about it. 99% of those original cars remain unupdated. Anyone who chooses some "spirited" driving on a hot day is at risk.

      An OTA update would solve issues like this really smoothly for a lot of people. I'm all for it.

      My fear is that the easier it is for manufacturers to update the software, the sloppier it will be on initial release. You already see this with computer software. It'll be terrible until six months after the cars go on sale (and maybe longer). Then they'll give up entirely a few years later when the new revision comes out.

      I appreciate my 14-year-old car with manual, physical switches and buttons for everything more every time I get in a new car these days.

  5. What could go wrong? by fermion · · Score: 4, Insightful
    MS probably tests upgrades more than any, but a few computers usually go nuts after an upgrade. You can blame the open hardware of MS computers, but then think of apple. They have very closed hardware in the iPhone, but still a few iPhones go nuts after upgrade.

    Automatically upgrading non critical systems makes sense. Upgrading the working of a car through a insecure interface is nuts, automatically more so. You leave work to go home, the upgrade failed, you are stranded. Someone hacks the interface, upgrades you car to their car, you no longer have a car.

    I am sure people are going to attack dealers over this as well. But when I needed the firmware of my car upgraded to allow the new commutation standard, I drove the car to my friendly ane highly reputable dealer, they upgrade the software for free, made sure everything still worked, and I did not have to risk the upgrade would brick my car.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
    1. Re:What could go wrong? by jmcwork · · Score: 3, Funny

      MS certainly does test their upgrades. I have been a beta tester for years: Every time I press that icon that says "You have updates available" ....

    2. Re:What could go wrong? by ZeroWaiteState · · Score: 2

      MIcrosoft isn't a closed system; they have to deal with unpredictable interactions with third-party software in addition to the number of possible states their own software could be in. Critical systems like a car are just designed differently. There isn't going to be third-party software running on the automatic transmission controller. That being said, OTA updates to vehicle firmware is second only to ATM's in terms of its attractiveness both to criminals and government agencies. I can only say beware.

  6. Important when updates ARENT wanted. by Anonymous Coward · · Score: 4, Insightful

    This is mostly for updates that remove or reduce features.

    EXAMPLE. I own a Mitsubishi Lancer Evolution X, big time performance car. It comes with HID lights that have a switch inside the cabin for adjusting the leveling.

    Apparently enough fools are setting it to the max height setting that the feature was deemed illegal and a TSB was sent to Mitsubishi dealers informing them to disable the switch and fix the lights at a certain height.

    I personally love being able to aim my headlights down lower towards the ground when driving through my neighborhood at 1am and adjust my headlights higher for country gravel roads.

    For that very reason I haven't let the dealer touch my car. I don't want to visit them to LOSE features. So I won't let them have it. They also want to change a torque reduction value in the ECU to save their ass on warranty by reducing my cars performance. I won't let them change that either.

    OTA is to fix the problem of unwanted updates. Things where you no longer desire the "upgrade" because it removes control from you. You should really fight this because it will eventually be used to control you like a slave.

    I'm waiting for a big plane to crash or bomb to go off in the future where suddenly all cars get an OTA upgrade that enforces a "no-drive-zone" around certain important geo-coordinates. Everyone would freak out and then question how they let something like that take over their cars....

  7. DO NOT WANT by davidwr · · Score: 2

    Or rather, do not want unless there it is "off" by default and it's only turned on when I want to turn it on.

    While I am okay with a non-signed binary for an in-peson/over-USB-disk upgrade so I can hack my car, when it comes to OTA upgrades that by definition might happen when I'm not controlling the process, the software better be signed by someone I trust.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  8. Patch Tuesday by PPH · · Score: 2

    You'll be taking the bus to work Wednesday morning should something go wrong.

    --
    Have gnu, will travel.
  9. Re:"remove hardened firewalls between vehicle ECUs by sinij · · Score: 4, Funny

    If BG was a bit more realistic, all other ships would have been parked in orbit and used to send out spam.

  10. Re:I think we need some serious open source effort by sinij · · Score: 4, Insightful

    People like you is why I don't buy used cars. It is unsafe to ignore check engine light, if you don't trust the dealer, then get cheap OBDII reader and scan error codes yourself.

  11. Re:I think we need some serious open source effort by sinij · · Score: 5, Insightful

    I ignored it as I knew from past experience, that this car had no major problems.

    I am with you, the other day I was patching mission-critical server when I noticed SMART errors. I ignored it, as I know from past experiences that this server had no major problems.

    At some point, at above 90% load the server started random kernel panics. Any lower load than that would be without any problems. I decided to have sysadmin check it out. He wanted $480 for a new hard disk. Without fixing, this "server would permanently lose data one day" he said.

    Well, stubborn as I am, I ignored his advice. I added couple months on it without any problems at all. When it kernel panics, I would just reboot it...At one time, I thought my reset button may be dirty - it wasn't.

  12. Re:I think we need some serious open source effort by Lumpy · · Score: 5, Funny

    Why bother with that when he can shift into neutral at 10 mph over the speed limit and redline it. He knows better than anyone else.

    --
    Do not look at laser with remaining good eye.
  13. Re:I think we need some serious open source effort by fustakrakich · · Score: 2

    Mine has a 'call your mother' light. Damn thing comes on twice a week but I don't dare ignore it!

    --
    “He’s not deformed, he’s just drunk!”
  14. Re:HUH? by gstoddart · · Score: 2

    It seems the article writer has zero education about modern cars

    I have come to the conclusion that most articles when they say "experts believe" you should substitute it for "some moron thinks this will happen".

    I think this is a terrible idea, and is more of the "oh, you don't own the car, we just license it to you". Sorry, if it isn't mine, and I'm not the one who makes decision about it ... WTF would I give you money for it then?

    It is my car, and I, and I alone will decide what happens to it and when it happens. Not some idiot who thinks it's time to roll out a change.

    If it isn't my car, I'm sure as hell not paying you for it.

    --
    Lost at C:>. Found at C.
  15. How can someone think that this is a good idea ... by janoc · · Score: 4, Insightful

    I am not against the ability to perform an OTA update in principle, but considering how abysmal record with firmware (and software in general) these companies have, this is a major disaster waiting to happen.

    When Microsoft, Apple or Google botch an update, there will be a few dead computers or phones at worst. If someone like e.g. Toyota or BMW (both with a "proven" record of poor quality firmware - think "stuck" accelerators or the famous BMW video of stalling car spitting out its key at the driver) push an automatic OTA update and something unexpected fails, there will be *dead people* in addition to dead computers. And something *will* fail sooner or later - we are far far from the ability to write provably correct code as a matter of course. And embedded code is often one of the worst examples of both software engineering (non-)methods and quality, mainly because it costs money and time to do things properly instead of outsourcing the firmware to the lowest bidder somewhere in a sweatshop. Nobody will ever see that code anyway, right?

    The only way this can work safely is with previous user's authorization - i.e. *never* automatically and unattended. In that way I can make sure that I am safely stopped and not going 130 kph on a motorway when my engine or brakes decide to go bust on me. That is, AFAIK, what Tesla is doing (a message pops up and the driver needs to accept the update). However, unless this mode of operation is made mandatory, some dickhead will for sure push an automatic update at some point. It is just too tempting to not to and I would be surprised if Tesla didn't have an option to push a "silent" update too already ...

    The other point that nobody reacted on so far - do you really want an always-on, always phoning home wireless connection in your car? That's a wet dream come true for anyone who wants to track your car for whatever reason. Tesla is doing it for (ostensibly) performance tracking (and, conveniently, busting lying journalists), your insurance may start to require access to that data if you want to keep your premiums low and finally police and spooks will rejoice, because they don't even have to bug your car or bother with license plate cameras anymore ...

  16. Re:I think we need some serious open source effort by sinij · · Score: 2

    Exactly. I don't know how you could complain that modern cars are not reliable after regularly doing this and still having it drive every day for well over 120,000 miles.

    For people not mechanically inclined - redlining engine in neutral is fundamentally bad idea. Engines designed to operate under load, when you do this unloaded you are causing all kinds of internal bearing damage. More so, automatic transmissions are not designed to be repeatedly shifted into Neutral-Drive at highway speeds. When you shift back into Drive, the resulting torques will damage clutch disks, eventually resulting is slipping gears. Additionally, cars equipped with automatic transmissions are not generally equipped with flex disks, so the resulting shock of a N-D shift at speed will also put wear and tear on your differential, drive shaft (if RWD), CV joints and wheel bearings. Not unlike dropping clutch while high-revving with a manual car. Only you don't have flex disks absorbing most of the impact.

  17. BS by stooo · · Score: 5, Informative

    >> What could possibly go wrong?
    Nothing. There are hardly any firewalls between ECUs. Firewalls do not exist on CAN.
    The article is written by someone with no insight in car architecture :

    >> First, however, carmakers must deploy more open OS platforms
    Nothing to do with the reflashing

    >> remove hardened firewalls between vehicle ECUs
    There aren't any firewalls

    >> and deploy networking topologies such as Ethernet, with proven security.
    Ethernet is already widely deployed in cars for data hungry applications ( infotainment) For other uses, ethernet is absolutely not suitable ( price, power, wiring constraints, EMC, safety, .....)

    --
    aaaaaaa
    1. Re:BS by Anonymous Coward · · Score: 2, Funny

      Yes, there is a firewall. It sits between your feet and the engine compartment. It is made of metal and designed to prevent fire from spreading. That said, i do not see why it would be necessary to remove it for OTA updates to succeed.

    2. Re:BS by UnderCoverPenguin · · Score: 3, Informative

      A friend of mine works for an automotive electronics supplier, so knows how in-service software updates are performed.

      One of the ECUs also functions as a "diagnostic gateway" (DG). The DG is connected to the vehicles "diagnostic link connector" (DLC). To update the software in an ECU, a service technician plugs a reprogramming tool into the DLC and talks to the DG. The DG forwards the commands and data from the tool to the ECU being reprogrammed. It also forwards the ECU's responses to the tool.

      Many new vehicles also have a remote assistance feature, like GM's OnStar, that uses a cellphone radio to communicate with a help center. An additional feature provided by these remote assist (RA) ECUs is reporting diagnostic messages from the other ECUs to the vehicle vendor.

      To enable OTA software updates of any ECU in a vehicles requires only to upgrade the RA to be able to receive and buffer an entire file and to incorporate the "tool side" of the ECU reprogramming protocol (in vehicles that support OTA updates to the infotainment system, this has already been done). Also, the DG would need to be enabled to forward commands and data from the RA to ECUs not on the same network bus as the RA.

      --
      Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
  18. Re:What security? by rHBa · · Score: 2

    CAN is the least secure thing out there, and always has been.

    Anecdotal evidence coming... A friend of mine managed to crash a Formula 1 car. It pulled out of the pits during practice and subsequently stalled. The whole pit was running around, panicking, scratching their heads and my friend rather sheepishly had to recommend they unplug the camera he'd just installed!

  19. Re:OMG by radl33t · · Score: 3, Informative

    yep, i'm sure they never thought of that. good thing clever guys like yourself are around to ask the really hard questions.

  20. Re:Oh HELL no ... by vux984 · · Score: 3, Informative

    So some fucking OTA update is going to fail while you're in the middle of driving because it just happened without asking you?

    Nice strawman you've constructed. The one car that does OTA updates right now (Tesla) downloads them and then prompts you when to do them, so you can wait until your home in your garage. You don't hear any Tesla owners complaining do you?

    Mobile phones are another device with OTA update support. Have you heard a lot of stories where the phone interrupted a 911 call to do an ota update and then failed? No? Because it never happens. The phone says theres an update ready, and waits for you initiate... most of them will even refuse to go if you are low battery, and most recommend you be plugged into a charger for the update... absolutely none ever have just spontaneously decided to update during a call.

    This is so incredibly stupid as to defy belief.

    Why manufacture imaginary problems to be outraged about; there are plenty of real problems in the world. But OTA updates isn't one of them.

  21. Re:I think we need some serious open source effort by AaronW · · Score: 2

    That reminds me of BMW. You have to take the car in to the dealership if you change the battery. The new BMW I8 makes it almost impossible to work on. You need two people to open the hood and you have to know exactly what you're doing so you don't damage it.

    --
    This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
  22. Re:OMG by mspohr · · Score: 2

    OMG! The geniuses at /. have again come up with something that I'm sure no automotive software engineer has ever considered.
    Quick! Call the auto companies and tell the they are about to make a big mistake. I'm sure they will thank you profusely.

    --
    I don't read your sig. Why are you reading mine?
  23. Re:How can someone think that this is a good idea by janoc · · Score: 2

    Having cars reflashed at a dealership is something different - the mechanic will usually do at least some basic sanity tests that everything works before handing it over to the client.

    Anyway, my point wasn't that reflashing firmware is bad - it may be even required and I am fine with that. It needs to be done safely and securely, though!

    And yes, Toyota had a big software problem too, even though it wasn't why they have lost that accelerator pedal lawsuit:

    http://www.edn.com/design/auto...