Slashdot Mirror
Automakers Move Toward OTA Software Upgrades
Lucas123 writes: While some carmakers today offer over-the-air software upgrades to navigation maps and infotainment head units, Tesla became the first last week to perform a powertrain upgrade overnight. But as the industry begins adopting internal vehicle bus standards with greater bandwidth and more robust security, experts believe vehicle owners will no longer be required to visit dealerships or perform downloads to USB sticks. IHS predicts that in the next three to five years, most, if not all automakers, will offer fully fledged OTA software-enabled platforms that encompass upgrades to every vehicle system — from infotainment, safety, comfort, and powertrain. First, however, carmakers must deploy more open OS platforms, remove hardened firewalls between vehicle ECUs, and deploy networking topologies such as Ethernet, with proven security.
What could possibly go wrong?
Will they be cut off after 6mo-1year
and they want the new update BUY A NEW CAR.
I hope auto drive systems have at least 5 years of updates at no added cost.
Worst case? The only ship to survive will be the one without wifi! (Battlestar Galactica)
https://www.youtube.com/watch?...
Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!
So the vendor can/will push an update OTA to *my* vehicle w/o my specific consent?
Also... Imagine (a) needing to use your vehicle - for an emergency, perhaps, in the middle of the night only to be met the dashboard message: "Update in progress; Please wait ..." or (b) waking up to a bricked vehicle from a bad update.
It must have been something you assimilated. . . .
Automatically upgrading non critical systems makes sense. Upgrading the working of a car through a insecure interface is nuts, automatically more so. You leave work to go home, the upgrade failed, you are stranded. Someone hacks the interface, upgrades you car to their car, you no longer have a car.
I am sure people are going to attack dealers over this as well. But when I needed the firmware of my car upgraded to allow the new commutation standard, I drove the car to my friendly ane highly reputable dealer, they upgrade the software for free, made sure everything still worked, and I did not have to risk the upgrade would brick my car.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
This is mostly for updates that remove or reduce features.
EXAMPLE. I own a Mitsubishi Lancer Evolution X, big time performance car. It comes with HID lights that have a switch inside the cabin for adjusting the leveling.
Apparently enough fools are setting it to the max height setting that the feature was deemed illegal and a TSB was sent to Mitsubishi dealers informing them to disable the switch and fix the lights at a certain height.
I personally love being able to aim my headlights down lower towards the ground when driving through my neighborhood at 1am and adjust my headlights higher for country gravel roads.
For that very reason I haven't let the dealer touch my car. I don't want to visit them to LOSE features. So I won't let them have it. They also want to change a torque reduction value in the ECU to save their ass on warranty by reducing my cars performance. I won't let them change that either.
OTA is to fix the problem of unwanted updates. Things where you no longer desire the "upgrade" because it removes control from you. You should really fight this because it will eventually be used to control you like a slave.
I'm waiting for a big plane to crash or bomb to go off in the future where suddenly all cars get an OTA upgrade that enforces a "no-drive-zone" around certain important geo-coordinates. Everyone would freak out and then question how they let something like that take over their cars....
If BG was a bit more realistic, all other ships would have been parked in orbit and used to send out spam.
People like you is why I don't buy used cars. It is unsafe to ignore check engine light, if you don't trust the dealer, then get cheap OBDII reader and scan error codes yourself.
I am with you, the other day I was patching mission-critical server when I noticed SMART errors. I ignored it, as I know from past experiences that this server had no major problems.
At some point, at above 90% load the server started random kernel panics. Any lower load than that would be without any problems. I decided to have sysadmin check it out. He wanted $480 for a new hard disk. Without fixing, this "server would permanently lose data one day" he said.
Well, stubborn as I am, I ignored his advice. I added couple months on it without any problems at all. When it kernel panics, I would just reboot it...At one time, I thought my reset button may be dirty - it wasn't.
Why bother with that when he can shift into neutral at 10 mph over the speed limit and redline it. He knows better than anyone else.
Do not look at laser with remaining good eye.
I am not against the ability to perform an OTA update in principle, but considering how abysmal record with firmware (and software in general) these companies have, this is a major disaster waiting to happen.
When Microsoft, Apple or Google botch an update, there will be a few dead computers or phones at worst. If someone like e.g. Toyota or BMW (both with a "proven" record of poor quality firmware - think "stuck" accelerators or the famous BMW video of stalling car spitting out its key at the driver) push an automatic OTA update and something unexpected fails, there will be *dead people* in addition to dead computers. And something *will* fail sooner or later - we are far far from the ability to write provably correct code as a matter of course. And embedded code is often one of the worst examples of both software engineering (non-)methods and quality, mainly because it costs money and time to do things properly instead of outsourcing the firmware to the lowest bidder somewhere in a sweatshop. Nobody will ever see that code anyway, right?
The only way this can work safely is with previous user's authorization - i.e. *never* automatically and unattended. In that way I can make sure that I am safely stopped and not going 130 kph on a motorway when my engine or brakes decide to go bust on me. That is, AFAIK, what Tesla is doing (a message pops up and the driver needs to accept the update). However, unless this mode of operation is made mandatory, some dickhead will for sure push an automatic update at some point. It is just too tempting to not to and I would be surprised if Tesla didn't have an option to push a "silent" update too already ...
The other point that nobody reacted on so far - do you really want an always-on, always phoning home wireless connection in your car? That's a wet dream come true for anyone who wants to track your car for whatever reason. Tesla is doing it for (ostensibly) performance tracking (and, conveniently, busting lying journalists), your insurance may start to require access to that data if you want to keep your premiums low and finally police and spooks will rejoice, because they don't even have to bug your car or bother with license plate cameras anymore ...
>> What could possibly go wrong?
Nothing. There are hardly any firewalls between ECUs. Firewalls do not exist on CAN.
The article is written by someone with no insight in car architecture :
>> First, however, carmakers must deploy more open OS platforms
Nothing to do with the reflashing
>> remove hardened firewalls between vehicle ECUs
There aren't any firewalls
>> and deploy networking topologies such as Ethernet, with proven security. .....)
Ethernet is already widely deployed in cars for data hungry applications ( infotainment) For other uses, ethernet is absolutely not suitable ( price, power, wiring constraints, EMC, safety,
aaaaaaa