Forgot your password?
typodupeerror
Software Transportation Upgrades Technology

Mercedes Can Now Update Car Software Remotely 228

Posted by timothy
from the new-context-for-blackmail dept.
MatthewVD writes "Our cars run millions of lines of code that need constant and, often, critical updates. Jim Motavalli writes that Mercedes-Benz's new mbrace2 'cloud infotainment system' has a secret capability: it can update software automatically and wirelessly. In a process called 'reflashing,' the Mercedes system turns on the car operating system (CU), downloads the new application, then cuts itself off. With companies like Fisker paying dearly for constant recalls for software problems, automakers will likely rush to embrace this technology. No more USBs in the dashboard!"
This discussion has been archived. No new comments can be posted.

Mercedes Can Now Update Car Software Remotely

Comments Filter:
  • Secret capability? (Score:5, Informative)

    by commlinx (1068272) on Monday April 09, 2012 @05:08AM (#39617067) Journal
    From the Mercedes site:

    Remote Vehicle Diagnostics Beyond allowing you to perform a check of your vehicle's main systems remotely, mbrace2 technology can automatically alert both you and your authorized Mercedes-Benz dealer to potential issues before they become full-fledged problems. In addition, it enables your vehicle to receive software updates wirelessly through the mbrace2 network.

    So while maybe undesirable, not sure it's 'secret'.

    • by geekmux (1040042)

      From the Mercedes site:

      Remote Vehicle Diagnostics Beyond allowing you to perform a check of your vehicle's main systems remotely, mbrace2 technology can automatically alert both you and your authorized Mercedes-Benz dealer to potential issues before they become full-fledged problems...

      Translation:

      Beyond allowing you to perform a check of your vehicle's main systems remotely, mbrace2 technology can automatically make shit up about your car that is bad or potentially going bad, and before you even have a chance to think about the cost of the repair, they've already scheduled you for "maintenance" and charged your bank account for the appropriate deposit to order many, many "bad parts"...

      Ah, such efficiency...and to think, I used to have to go through all that stress of having to decide abo

      • by erroneus (253617) on Monday April 09, 2012 @07:16AM (#39617439) Homepage

        If this were not the manufacturer of the car doing this, I might have thought the same thing you are thinking. But if people begin to get troubled with too much recommended maintenance, they will start to believe their cars are unreliable and will not buy another one... or at least not one that tells them things they don't want to know.

        • by geekmux (1040042) on Monday April 09, 2012 @07:39AM (#39617509)

          If this were not the manufacturer of the car doing this, I might have thought the same thing you are thinking. But if people begin to get troubled with too much recommended maintenance, they will start to believe their cars are unreliable and will not buy another one... or at least not one that tells them things they don't want to know.

          Are you paying for "reliability" or "Government-regulated mandatory safety upgrades"?

          "Repairs" can be spun many, many different ways...such as the difference between optional and mandatory types of insurance. People hate paying for either type of insurance, but don't see much of a choice when it's "mandatory". A "cost" turns into a "fee" if EVERY car owner is charged for it, so this is yet another vehicle to mandate mass fees, turning profits through "safety standards"(for both the auto industry and Government). But you somehow feel better about it, because your 37 air bags are all up to date with the latest software patch and ready to protect you (not that they didn't before).

          Oh and your insurance company feels better too, because they got a piece of the profits as well by mandating that no car will be insured without an "active maintenance subscription". Oh yeah, you'll need auto anti-virus protection too.

          (I mean seriously, what do you think auto and insurance lobbyists do all day?)

          • by pnewhook (788591) on Monday April 09, 2012 @08:29AM (#39617759)

            Given that most new cars have a period of maintenance factored in where the owner does not pay for warranty work (often 5 years), any warranty work performed like software updates simply come right off the companies bottom lin.e It only makes good business sense to make this as inexpensive as possible and if they can do updates remotely without actually going into the dealer then this is a huge cost savings for them and far more convenient to the owner.

            Also, given how much of the safety systems on these high end Mercedes are under software control, I wouldn't be surprised if the lawyers are warning the company that if they do not do due diligence in rolling out safety related upgrades, then they may be liable for crashes related to the failing of this software. In such a case making sure the software updates are rolled out to as many people as possible as easily as possible would be a mandate of theirs.

        • by iamwahoo2 (594922)

          I wish I had your faith in my fellow human beings, but most people do not seem to care about reliablity when they purchase their cars. Mercedes is one of the more unreliable brands on the market and they are still managing to sell plenty of cars. Even worse, look at Dodge/Chrysler, unlike Mercedes, they have always had a reputation for poor reliability and they are still managing to stay alive.

          • Re: (Score:2, Interesting)

            by jedidiah (1196)

            They don't have to worry. They will get bailed out by Washington any time they need it. They are "too big to fail". Have been for a rather long while now.

        • by Isaac-1 (233099)

          Repeat after me:
          Infrastructure items should not auto-update, the potential for something bad is too big. Imagine one Ooopsy bricking every Mercedes, not so bad right? Now picture every Toyota, or Ford.

      • by Joce640k (829181)

        Translation:

        Beyond allowing you to perform a check of your vehicle's main systems remotely, mbrace2 technology can automatically make shit up about your car that is bad or potentially going bad, and before you even have a chance to think about the cost of the repair, they've already scheduled you for "maintenance" and charged your bank account for the appropriate deposit to order many, many "bad parts"...

        Yep. No BMW mechanic would ever be able to figure out it was all lies and leak his findings to the press.

      • by alen (225700)

        in the USA we have these things called car warranties, so its the manufacturer paying for all these parts and services to the dealer.

        there are two types of MB drivers. those who can really afford the car, and those who can't and just lease. I had a neighbor one time like that. renter, nothing to his name and yet he had enough money to pay $600 a month of a CK500 or whatever it was. until he got his girlfriend preggers and got rid of the car

        • Haha what a douche! He totally had something he enjoyed but was a poor financial choice, and then when the time came to be responsible he got rid of it for a (presumably) more sensible ride! What a loser!

          Also, lease? Eeeeew! Can you believe somebody would choose to pay less on a monthly basis when they don't plan to keep the car past the lease duration instead of paying more and then going through the risk and hassle of selling it? Man! I'm so much smarter being upside-down and paying gap insurance on my ze

  • by Anonymous Coward on Monday April 09, 2012 @05:08AM (#39617069)

    Mercedes is now able to crash cars remotely.

  • Many possibilities (Score:5, Insightful)

    by Anonymous Coward on Monday April 09, 2012 @05:08AM (#39617071)

    This also means that hackers and government agencies can update the software automatically and wirelessly. Finally there is no more need for cutting the break cables.

    • by supersat (639745) on Monday April 09, 2012 @05:15AM (#39617107)
      I'm willing to bet it's far more likely that they'll need to patch security holes remotely than it is for the update mechanism itself to be exploited. That is, assuming they digitally sign the updates.
      • by arth1 (260657) on Monday April 09, 2012 @05:25AM (#39617149) Homepage Journal

        I'm willing to bet it's far more likely that they'll need to patch security holes remotely than it is for the update mechanism itself to be exploited. That is, assuming they digitally sign the updates.

        So? Even a 1000:1 ratio would be unacceptable.

        And if a lesson were to be learned from Playstation / XBox / DVD / Blu-Ray / iPhone, it's that as long as customers (and thus hackers) have access to the hardware, keeping things secret is a temporary reprieve at best.

      • by Hentes (2461350)

        Knowing how little most corporations know or care about security I wouldn't be so sure. Wireless car keys, for example, can already be hacked.

    • by mapkinase (958129) on Monday April 09, 2012 @08:13AM (#39617685) Homepage Journal

      I am tired of this standard banal instantly modded up response:

      - Something is made easier
      - Aha! Government all other evil guys will have easy access too!

      Duh!

  • by Anonymous Coward on Monday April 09, 2012 @05:09AM (#39617081)

    I was going to say something, but I can't think of anything clever, because I'm shaking my head in disbelief so fast that I'm getting dizzy. Please tell me that the wireless interface at least has its own fuse that can be pulled.

    • by c0lo (1497653) on Monday April 09, 2012 @05:46AM (#39617185)

      Please tell me that the wireless interface at least has its own fuse that can be pulled.

      On behalf of our R&D dept in East Europe and Russia, I can state that we don't know it ... yet. And, unless you aren't a Mercedes owner, we are not going to inform you.
      If, however, you own this model, just tell us where it is parked and we'll let you know (if a fuse can be pulled, it's likely we can replace it with absolutely no troubles for your, while you're asleep).

      Raising my black hat, I send you my best wishes and hopes of a successful ...(ummm... how to put it?... ah, yes...) collaboration,

      (non-readable signature in 133t-sp34k)

      • In East Europe or Russia, owning ... ok, having a Mercedes should not be an issue. Europe's full of them, just take one.

  • by Anonymous Coward on Monday April 09, 2012 @05:14AM (#39617105)

    Soon:
    - First maleware for cars spotted in the wild. Car manufacturers: "No problem. it only infects the multimedia system"
    - Maleware displays a huge kitty on the HUD. First malware caused traffic accident with casualties.
    - Anti-Virus Software mandatory for cars
    - Kaspersky/McAffee/.. : ~40% of all cars infected with one virus or another....

    • Just wait how interesting it can become once cars can also communicate with each other. Think of the possibilities... I could cause a car crash without even leaving the house!

    • by digitig (1056110) on Monday April 09, 2012 @05:54AM (#39617215)

      Soon: - First maleware for cars spotted in the wild. Car manufacturers: "No problem. it only infects the multimedia system" - Maleware displays a huge kitty on the HUD. First malware caused traffic accident with casualties.

      I think auto manufacturers are waking up to the fact that women buy cars too.

    • by million_monkeys (2480792) on Monday April 09, 2012 @06:26AM (#39617303)

      Soon: - First maleware for cars spotted in the wild. Car manufacturers: "No problem. it only infects the multimedia system" - Maleware displays a huge kitty on the HUD. First malware caused traffic accident with casualties. - Anti-Virus Software mandatory for cars - Kaspersky/McAffee/.. : ~40% of all cars infected with one virus or another....

      Great, so now my car's only gonna go 15 mph because McAffee is using 90% of my engine resources.

  • I can see this will be exploited somewhere along the way...
  • by Chrisq (894406) on Monday April 09, 2012 @05:21AM (#39617129)
    Well Mercedes are a favourate of bankers and corporate "fat cats". I couldn't think of a better challenge to Anonymous. Speed limiter to 20mph? Stuck in the driveway? I wait with eagerness.
    • by FunPika (1551249) on Monday April 09, 2012 @05:50AM (#39617199) Journal
      20 miles per hour speed limiter? How about limit it to just under the speed limit (since GPS's seem to be able to get that these days). It will effectively piss off people in a lot of areas such as Massachusetts (I have gotten passed on a double yellow there for going slightly over the limit...don't underestimate how much this would piss off Massholes). The 20mph limiter would just make the driver be like "FUCK THIS!", a GPS based limiter could troll the driver and everyone around them in the right areas, at least for a little while.
      • In many areas of massachusetts, speed limits are not set at the speeds the roads were designed for/are safe to operate at, but at revenue generating levels - speeds at which police officers on speed patrol can spend their whole day writing tickets.

        Enforcement is still lax, though, because if enforcement was efficient, people would drive at the lower levels to avoid it. Effectively, mass does not have speed limits. It has a "random road tax."

    • Re: (Score:2, Funny)

      by Opportunist (166417)

      Speed limiter to 20mph? Try cruise control stuck at 200mph, now here's funny for you!

    • Maybe in the US. Here, in the socialist hell that is Europe, they're really fairly common.
  • I'm assuming the car connects to some sort of 3g or other wireless network to download updates.

    Who pays for this?

    • Re:Who pays? (Score:5, Informative)

      by gl4ss (559668) on Monday April 09, 2012 @05:53AM (#39617211) Homepage Journal

      mercedes.
      or in other words - the guy who buys the car. if you could hack that data connection to contact whatever else sites though.. I'm assuming it would do it via 3g actually too. it wouldn't be too hard for mercedes to negotiate europe wide contracts for it for fairly cheap(the data amounts will be rather low). so it might be something like 200 bucks for 3 years of updates, which considering the total cost of the car isn't really that much. if it can prevent one recall for a model that would otherwise need the dealer to do "free" work billed to mb then from mb's viewpoint it's a good deal.

    • Re: (Score:3, Funny)

      by Opportunist (166417)

      If money is an issue, you obviously should not own a Mercedes.

  • ... the car decides to download and install new firmware at the exact same time as Mick Mechanic pulls the battery or the main fuse out? A very VERY expensive brick?

    • by will_die (586523)
      I would guess they have a information box informing the user there is a patch available that the user has to initiate and requires that the car be parked with the engine off.
    • You realize that "Mick Mechanic" isn't going to be working on that car, because it comes with an all-encompasing service plan, right?

      The only guys turning wrenches on that car are employed at the Benz dealership; and it likely doesn't start any update until after 10 minutes of ECU inactivity - plenty of time to raise the hood and disconnect the negative battery terminal.

      • by drinkypoo (153816)

        The only guys turning wrenches on that car are employed at the Benz dealership; and it likely doesn't start any update until after 10 minutes of ECU inactivity - plenty of time to raise the hood and disconnect the negative battery terminal.

        No, because people are most likely to not have signal where they stop the car. The download therefore likely goes on whenever, and the PCM will switch to the new firmware image when appropriate.

  • No automatic updates for me, unless Mercedes wants to install a computer to update in my '84 300TD.
    • by drinkypoo (153816)

      Maybe they will automatically send a guy in coveralls out to replace your TCM or EGR amplifier, via a scheduling system. That's automatic, right?

  • Turn on the CU? (Score:4, Interesting)

    by sirdude (578412) on Monday April 09, 2012 @06:24AM (#39617299)

    "In a process called ‘reflashing,’ the Mercedes system can turn on the car operating system (CU), download the new application, then cut itself off."

    So the car is regularly polling a server and can switch itself on? That sounds decidedly unsettling.

    Could somebody elaborate on the diagnostic capabilities of these cars? Do they alert you if your brakes are inefficient or if your tyres are wearing out? I'm too poor to afford one to know :(

    Cheers.

    • Re:Turn on the CU? (Score:4, Insightful)

      by MachineShedFred (621896) on Monday April 09, 2012 @07:45AM (#39617541) Journal

      If it works like the iDrive system in BMW, the ECU stays active for about 10 minutes after the car is turned off, in order to remember navigation position and the creature comfort stuff like heated seats being turned on. Mercedes is likely putting this update check in after such an interval.

      As for the brake and tire wear checking, that's done by a Mark-I eyeball installed in a service technician at the dealership, which is included in the service plan that comes with the car.

    • by arth1 (260657)

      Could somebody elaborate on the diagnostic capabilities of these cars? Do they alert you if your brakes are inefficient or if your tyres are wearing out? I'm too poor to afford one to know :(

      I predict that they will, indeed, monitor a lot of variables that, if not warrants, at least suggests maintenance. And that the data will be sold to marketers who can compete for the chance to market new synthetic oil to you starting a thousand miles before the suggested oil change, or new tires when the ones you have approach their life.

      The scariest thing is that a lot of consumers would like this, and will think that the discounted offers and presented "options" will save them money and is a useful servi

  • If Mercedes has cracked the trick of 100% successful upgrades over air, great! If not, I'd prefer to know that the systems controlling almost everything on the Mercedes hurtling towards me is not going to die at some arbitrary moment. Bricked iPhones are inconvenient. Bricked 2-ton vehicles moving at 70mph are very inconvenient!

    • by Swampash (1131503) on Monday April 09, 2012 @07:07AM (#39617423)

      Remember how you could always spot a Microsoft "Patch Tuesday" when you got to work and found all the desktop machines had rebooted overnight?

      Spotting Mercedes Patch Tuesday on the autobahn is going to be epic.

    • If Mercedes has cracked the trick of 100% successful upgrades over air, great! If not, I'd prefer to know that the systems controlling almost everything on the Mercedes hurtling towards me is not going to die at some arbitrary moment. Bricked iPhones are inconvenient. Bricked 2-ton vehicles moving at 70mph are very inconvenient!

      No, MB has figured out how to avoid paying dealers to reflash cars for critical updates by bypassing the dealer. The dealer also gets to spend time on out of warranty repairs that actually make them money instead of spending valuable mechanic time own low reimbursement warranty work.

    • by drinkypoo (153816)

      They have the advantage that every PCM is identical, probably not even multiple revisions. They contract for a certain number of them to be produced and their contractees contract for a number of identical parts to produce them with. So it's actually feasible for them to do some fairly comprehensive testing. Further, if they don't activate the new firmware until you shut off the vehicle, then there's no risk of it dying while rolling. And if the Mercedes doesn't start when you try, well, that will hardly ra

  • by DrogMan (708650) on Monday April 09, 2012 @06:57AM (#39617373) Homepage
    So you're the getaway driver sitting in the stolen Merc - your partners in crime are runing towards you. You hit the 'start' button... "Please wait while we install the latest software update. This process will take approximately 5 of your finest German minutes." Fantastic!
  • The system is also able to collect any kind of data from the connected sensors and send them automatically and wirelessly to the manufacturer. It's called "automatic updates" these days, but it's just another name for eavesdropping.
  • by Leafwiz (1704388) on Monday April 09, 2012 @07:27AM (#39617475)

    Hacking cars has already been done, and is shown here in this ted.com video. 4:42 is where he explains about it.

    http://www.ted.com/talks/avi_rubin_all_your_devices_can_be_hacked.html [ted.com]

    Many of the internal systems was hacked, including the system for breaking.

    From ted.com:
    "Could someone hack your pacemaker? At TEDxMidAtlantic, Avi Rubin explains how hackers are compromising cars, smartphones and medical devices, and warns us about the dangers of an increasingly hack-able world.

      Avi Rubin is a professor of computer science and director of Health and Medical Security Lab at Johns Hopkins University. His current research is focused on the security of electronic medical records"

  • I'll take the dumb car that doesn't spy on my every move and report that information to the highest bidder.
  • There are a lot of people out there looking to do something malicious to others, so here's the perfect way to open the door to secretly messing with Mercedes owners. Just get a small transmitter used to emulate the official server, get it close to a Mercedes, and now push an update that KILLS the car. No fix until it gets back to a dealership where the chip can be replaced with one that isn't borked.

    • by drinkypoo (153816)

      Just get a small transmitter used to emulate the official server,

      When someone says "Just" or "all you have to do" they prove that they have no idea what they are talking about or how to do it.

      No fix until it gets back to a dealership where the chip can be replaced with one that isn't borked.

      Actually, it'll be no fix until the PCM is sent back to the rebuilder who will JTAG (or equivalent) flash it. Nobody is going to be desoldering flash chips because you reflashed a PCM.

  • Why quote the word? It's a common English word these days, especially amongst nerds reading slashdot.

  • Many cars today have flash able computer systems that basically keep track of everything on the car such as bluetooth, headlights etc. With DIY mods, it's often necessary to reflect the software yourself or pay a dealer to do it. Unfortunately, it's often not as easy as pulling a part and reinstalling the upgraded one; for example a component pulled from a salvage vehicle may not properly register with the software, causing much grief as you troubleshot; even for a factory trained mechanic at the dealer who
    • by guisar (69737)

      All the more reason to go open source ECU. I used to own Mercedes- for twenty years in fact but no more- they have become unreliable POS. I now drive a Subaru which in fact has a fully-flashed open source ECU. Both the car and the tools are under the communities control- not MBs or Subarus.

  • The las thibg Michael Shumacher needs is to be approaching a corner at 150mph and the car decides to update the brake control software.

  • And so... It has come to this.

  • As you can in a border area pick up a NON US tower and face data fees that can hit highs of $20 a MEG. Now how will be stuck with that bill?

    Also you can be driving in canada and will the car stop trying to update it self or just auto do it with a very hidden menu to trun it off.

    • by drinkypoo (153816)

      As you can in a border area pick up a NON US tower and face data fees that can hit highs of $20 a MEG. Now how will be stuck with that bill?

      Nobody; it just won't connect to those towers at all. Nobody is expecting you to drive your Mercedes into Mexico and anyone on the border is a corner case that can be ignored, they can go to the dealer and get flashed through the scan tool as has been done since time immemorial. Or indeed, they could reflash you with a picocell so that if there is a problem you're already at the dealer. They can loan you a car if your car doesn't start.

      Also you can be driving in canada and will the car stop trying to update it self or just auto do it with a very hidden menu to trun it off.

      The car probably won't switch to the new code until you cycle the igniti

  • REMOTE DIAGNOSTICS [teslamotors.com]

    An additional benefit of Roadster ownership made possible by firmware is Tesla’s ability to diagnose a car’s operations remotely. If an owner feels something has gone wrong with their car, remote diagnosis enables the Tesla Rangers to determine the issue and a solution without direct access to the car.

    The Roadster firmware contains a system that allows the car to “talk” to headquarters if the customer chooses. In the situations where customers have opted-in, t
  • Tesla has been doing this for several years. They wait until middle of the night and the car is plugged in. Then re-flash. No big issues. For those of you thinking that this is a bad thing, they monitor batteries, provide updates, and even allow you to download your own information. My only issue with this is the idea that access COULD be provided to the feds/local police for seeing where the car is. However, I am also guessing that this will be done on all cars over the next 5 years. The reason is that al

Receiving a million dollars tax free will make you feel better than being flat broke and having a stomach ache. -- Dolph Sharp, "I'm O.K., You're Not So Hot"

Working...