Automakers Move Toward OTA Software Upgrades 157
Lucas123 writes: While some carmakers today offer over-the-air software upgrades to navigation maps and infotainment head units, Tesla became the first last week to perform a powertrain upgrade overnight. But as the industry begins adopting internal vehicle bus standards with greater bandwidth and more robust security, experts believe vehicle owners will no longer be required to visit dealerships or perform downloads to USB sticks. IHS predicts that in the next three to five years, most, if not all automakers, will offer fully fledged OTA software-enabled platforms that encompass upgrades to every vehicle system — from infotainment, safety, comfort, and powertrain. First, however, carmakers must deploy more open OS platforms, remove hardened firewalls between vehicle ECUs, and deploy networking topologies such as Ethernet, with proven security.
"remove hardened firewalls between vehicle ECUs" (Score:5, Insightful)
Re:"remove hardened firewalls between vehicle ECUs (Score:5, Funny)
Worst case? The only ship to survive will be the one without wifi! (Battlestar Galactica)
https://www.youtube.com/watch?... [youtube.com]
Re:"remove hardened firewalls between vehicle ECUs (Score:5, Funny)
Re: (Score:2)
Greeaaat. I can't wait until my care can be remotely hacked over the Internet and subjected to constant automated scanning for vulnerabilities.
Re: (Score:2)
Just wait! by 2025, our cars will all have cameras and AIs whom will choose to communicate via flashing head lights in Morse Code. Not because they HAVE to (it'll be way less efficient for them!) but because of *our* annoyance factor! It will be the first sign we have amalgamated sentient AIs among us ;-)
Re: (Score:2)
Infected by Cylons? ;)
Re: (Score:1)
BS (Score:5, Informative)
>> What could possibly go wrong?
Nothing. There are hardly any firewalls between ECUs. Firewalls do not exist on CAN.
The article is written by someone with no insight in car architecture :
>> First, however, carmakers must deploy more open OS platforms
Nothing to do with the reflashing
>> remove hardened firewalls between vehicle ECUs
There aren't any firewalls
>> and deploy networking topologies such as Ethernet, with proven security. .....)
Ethernet is already widely deployed in cars for data hungry applications ( infotainment) For other uses, ethernet is absolutely not suitable ( price, power, wiring constraints, EMC, safety,
Re: (Score:2, Funny)
Yes, there is a firewall. It sits between your feet and the engine compartment. It is made of metal and designed to prevent fire from spreading. That said, i do not see why it would be necessary to remove it for OTA updates to succeed.
Re: (Score:2)
Nothing. There are hardly any firewalls between ECUs. Firewalls do not exist on CAN.
What? Who told you that? There are CAN gateways in some cars, and they don't pass all messages to all buses. That's a firewall in my book. They're not switches, they don't autoreconfigure or anything like that.
Re: (Score:2)
>> and deploy networking topologies such as Ethernet, with proven security. .....)
Ethernet is already widely deployed in cars for data hungry applications ( infotainment) For other uses, ethernet is absolutely not suitable ( price, power, wiring constraints, EMC, safety,
That's why they are using 2-wire ethernet.
https://www.broadcom.com/press... [broadcom.com]
I'm not sure where you got that information about Ethernet widely deployed in cars for Infotainment. If you can send me an article about that I'd really like to read it.
Re:BS (Score:4, Informative)
A friend of mine works for an automotive electronics supplier, so knows how in-service software updates are performed.
One of the ECUs also functions as a "diagnostic gateway" (DG). The DG is connected to the vehicles "diagnostic link connector" (DLC). To update the software in an ECU, a service technician plugs a reprogramming tool into the DLC and talks to the DG. The DG forwards the commands and data from the tool to the ECU being reprogrammed. It also forwards the ECU's responses to the tool.
Many new vehicles also have a remote assistance feature, like GM's OnStar, that uses a cellphone radio to communicate with a help center. An additional feature provided by these remote assist (RA) ECUs is reporting diagnostic messages from the other ECUs to the vehicle vendor.
To enable OTA software updates of any ECU in a vehicles requires only to upgrade the RA to be able to receive and buffer an entire file and to incorporate the "tool side" of the ECU reprogramming protocol (in vehicles that support OTA updates to the infotainment system, this has already been done). Also, the DG would need to be enabled to forward commands and data from the RA to ECUs not on the same network bus as the RA.
Will they be cut off after 6mo-1year (Score:5, Informative)
Will they be cut off after 6mo-1year
and they want the new update BUY A NEW CAR.
I hope auto drive systems have at least 5 years of updates at no added cost.
Re:Will they be cut off after 6mo-1year (Score:4, Funny)
You will get new versions of a car :
- Home basic car : will only start 10 times, until you get an upgrade. Can only take a single passenger
- Home premium car : start always, but there are no brakes
- Profesionnal car : has brakes, but they break often
- Enterprise car : has reliable brakes, but lacks a radio
- Ultimate car : you get the radio for 5000 Euro extra.
I have to put the obligatory GM-Microsoft :
http://mistupid.com/jokes/msvg... [mistupid.com]
Hmm... I thought it was *my* vehicle. (Score:5, Insightful)
So the vendor can/will push an update OTA to *my* vehicle w/o my specific consent?
Also... Imagine (a) needing to use your vehicle - for an emergency, perhaps, in the middle of the night only to be met the dashboard message: "Update in progress; Please wait ..." or (b) waking up to a bricked vehicle from a bad update.
Re: (Score:2)
So the vendor can/will push an update OTA to *my* vehicle w/o my specific consent?
You've never signed paperwork at a dealer? You know their attorneys will have this air-tight.
Personally, I'm driving pre-TPMS vehicles until the whole mess is straightened out. Maybe they'll have a reliable autopilot by time that happens.
Re: (Score:2)
You've never signed paperwork at a dealer? You know their attorneys will have this air-tight.
Paperwork signed at a dealership can never be air-tight. Look up Contracts of adhesion [wikipedia.org].
Re: (Score:2)
Look up Contracts of adhesion.
Betcha a dollar that no judge would rule that a car company pushing OTA updates would fall under any of those categories. Just because I/you/they don't want something, doesn't mean it's legally unreasonable by the other party.
Re: (Score:1, Funny)
If you want to be really safe, don't buy anything made after 1971, something you can fix with a screwdriver and a hammer, especially when you know which end of the screwdriver to hit.
Re: (Score:2)
What is more dangerous, is that with two way communication car makers will be able to implement DRM schemes. So no more aftermarket alternator for you, shell out for $1000 for a new part that will have to get authorized form headquarters.
Re: Hmm... I thought it was *my* vehicle. (Score:2)
Not legal in the US, the Magnuson-Moss Warranty Act ensures that you may use third party replacement parts.
Re: (Score:1)
Re: (Score:2)
You know you can turn that off, though, right? I don't have auto-updates enabled on any of my Windows boxes.
They need to offer the same options in cars if they do this: let you a) auto-update, b) download updates but only install with permission, and c) notify about updates but do not download or install without permission. If they do that I'm okay with something like this, but if car makers can push out things arbitrarily that is a no-go for me. It would mean that a hacker could potentially also force an u
Re: (Score:2)
My GFs windows laptop does that all the time. PISSES ME OFF!!!
Get your own laptop, you leeching bum.
Re: (Score:3)
So the vendor can/will push an update OTA to *my* vehicle w/o my specific consent?
Also... Imagine (a) needing to use your vehicle - for an emergency, perhaps, in the middle of the night only to be met the dashboard message: "Update in progress; Please wait ..." or (b) waking up to a bricked vehicle from a bad update.
Let's see how it is implemented before we make that kind of complaint. Any piece of software actually critical to the function of the engine is probably very small in size and quickly installed. GPS maps and entertainment systems shouldn't exclude driving the car. I'm looking forward to possibly interacting with the car maker directly rather than having to deal with the dealerships.
The last car I bought had an outdated GPS system, so I wrote in the contract that they must update it at their expense.
Re: (Score:3, Insightful)
The problem is, some of us are over 21, and have seen the other things the auto industry has implemented. The omens are all bad here. (I can feel the force).
If you want control over when and where your vehicle will go, you need a mechanically injected diesel. (No need for electricity at all). See today's post on tractors: "Farmers Struggling With High-Tech Farm Equipment". Hooray for hot-bulb engines!
Re: (Score:1)
Let's see how it is implemented before we make that kind of complaint.
You must be new here.
Re:Hmm... I thought it was *my* vehicle. (Score:4, Insightful)
It does have some advantages. I got the Scion FR-S the day it came out. The original firmware had a number of small issues and one very serious one.
At a specific load and intake volume, the car wouldn't push enough fuel. It ended up being dangerously lean and it was found that those who stayed at that point for too long would have a catastrophic failure from their direct injector seals melting, necessitating a full block replacement.
An ECU update came out a while later that fixed it, but nobody was notified. Cars coming in for service don't get it automatically -- the techs aren't even told about it. 99% of those original cars remain unupdated. Anyone who chooses some "spirited" driving on a hot day is at risk.
An OTA update would solve issues like this really smoothly for a lot of people. I'm all for it.
Re: (Score:3)
It does have some advantages. I got the Scion FR-S the day it came out. The original firmware had a number of small issues and one very serious one.
At a specific load and intake volume, the car wouldn't push enough fuel. It ended up being dangerously lean and it was found that those who stayed at that point for too long would have a catastrophic failure from their direct injector seals melting, necessitating a full block replacement.
An ECU update came out a while later that fixed it, but nobody was notified. Cars coming in for service don't get it automatically -- the techs aren't even told about it. 99% of those original cars remain unupdated. Anyone who chooses some "spirited" driving on a hot day is at risk.
An OTA update would solve issues like this really smoothly for a lot of people. I'm all for it.
My fear is that the easier it is for manufacturers to update the software, the sloppier it will be on initial release. You already see this with computer software. It'll be terrible until six months after the cars go on sale (and maybe longer). Then they'll give up entirely a few years later when the new revision comes out.
I appreciate my 14-year-old car with manual, physical switches and buttons for everything more every time I get in a new car these days.
Re: (Score:2)
Do you happen to have any reference numbers or links so I can argue with the dealer mechanics about getting the update?
See these: page 1 [ft86club.com], page 2 [ft86club.com].
The easiest way to get the ECU update is the Idle dip TSB [ft86club.com], which you're likely also experiencing. This'll update you to version B01, which includes all prior fixes. Print it out and bring it with you.
Re:Hmm... I thought it was *my* vehicle. (Score:4, Informative)
All of the OTA updates to my Tesla ask me if and when to install the updates. Usually it's a no brainer.
Re: (Score:2)
I don't think they can install an update without asking. For one thing the car cannot be driven while the update is taking place. Updates can take upwards of 45 minutes and includes updating many systems. During the update system lights will sometimes flash and various clicks and other noises are heard as subsystems are updated. It displays a message when the car is started indicating that there's an update and defaulting to installing it at 2am if you select that. Otherwise you can choose not to install it
Re: (Score:2)
But I could see other manufacturers not giving the option to refuse an update.
Re: (Score:2)
That's one reason why I drive cars built in the previous millennium, and have no plans to every buy one built after 2005 or so.
(Of course, if I were really paranoid I'd get an old diesel Benz with mechanical injection -- those things can operate without an electrical system at all, as long as you don't mind things like headlights and windshield wipers not working, and having to push-start it).
What could go wrong? (Score:5, Insightful)
Automatically upgrading non critical systems makes sense. Upgrading the working of a car through a insecure interface is nuts, automatically more so. You leave work to go home, the upgrade failed, you are stranded. Someone hacks the interface, upgrades you car to their car, you no longer have a car.
I am sure people are going to attack dealers over this as well. But when I needed the firmware of my car upgraded to allow the new commutation standard, I drove the car to my friendly ane highly reputable dealer, they upgrade the software for free, made sure everything still worked, and I did not have to risk the upgrade would brick my car.
Re: (Score:3, Funny)
Re: (Score:2)
I drove the car to my friendly ane highly reputable dealer
You have just shown you are not a representative sample.
Re: (Score:2)
Out of curiosity I put a packet sniffer on the traffic from my Tesla. All traffic is sent over OpenVPN so it is fairly secure. NMAP reports no open ports.
Re: (Score:2)
I think we need some serious open source effort (Score:2, Insightful)
I had a car that at about 18,000 miles, had its "check engine" light come on. I ignored it as I knew from past experience, that this car had no major problems. This light remained on till 29,000 miles when the car started shaking while at about 80 mph.
Any speed lower than that would be without problems. I decided to have it checked out. The dealership wanted $480 to for a new sensor. Without fixing, this car "will stall on you one day" he said.
Well, stubborn as I am, I ignored his advice. I added another
Re:I think we need some serious open source effort (Score:5, Insightful)
Re:I think we need some serious open source effort (Score:5, Funny)
Why bother with that when he can shift into neutral at 10 mph over the speed limit and redline it. He knows better than anyone else.
Re: (Score:3)
For people not mechanically inclined - redlining engine in neutral is fundamentally bad idea. Engines designed to operate under load, when you do this unloaded you are causing all kinds of internal bearing damage. More so, automatic transmissions are not designed to be repeatedly shifted into Neutral-Drive at highway speeds. When you shift
Re: (Score:2)
Mine has a 'call your mother' light. Damn thing comes on twice a week but I don't dare ignore it!
Re: (Score:2)
Given that he went another 120K miles, I'd say he was right to ignore it.
Re: (Score:2)
Part of the problem is that there are far too many things that can trigger the give the dealer your wallet light that have nothing to do with emissions or safety. Some even come on at timed intervals.
I would have at least tried to read the codes first to make the decision, but given the way auto makers jealously guard that information, it's not always possible.
Re: (Score:2)
There are other ways to notice compression and cooling issues.
Re: (Score:2)
Re:I think we need some serious open source effort (Score:5, Insightful)
I am with you, the other day I was patching mission-critical server when I noticed SMART errors. I ignored it, as I know from past experiences that this server had no major problems.
At some point, at above 90% load the server started random kernel panics. Any lower load than that would be without any problems. I decided to have sysadmin check it out. He wanted $480 for a new hard disk. Without fixing, this "server would permanently lose data one day" he said.
Well, stubborn as I am, I ignored his advice. I added couple months on it without any problems at all. When it kernel panics, I would just reboot it...At one time, I thought my reset button may be dirty - it wasn't.
Re: (Score:2)
Thank you good sir, this is how I know I succeeded at sarcasm.
Re: (Score:2)
I had a car that at about 18,000 miles, had its "check engine" light come on. I ignored it as I knew from past experience, that this car had no major problems. This light remained on till 29,000 miles when the car started shaking while at about 80 mph.
Any speed lower than that would be without problems.
On the other hand, I once had a car that where the check engine light came on every now and again for no apparent reason at all. I took it in to be repaired and it turned out to be a trivial sensor that needed replacing.
Then later on, every now and again the engine would "splutter" and the check engine would come on, but would stay off the next time the car was started. As the "spluttering" seemed trivial (and that the light always went out again) I was thinking that the problem was also trivial. After s
Re: (Score:1)
just gonna say, a camshaft position sensor doesn't do anything except read off the angle of the camshaft to the computer. It won't ruin your top end when it fails, just cause the car to die. So either something else was wrong or you got screwed.
Re: (Score:2)
You can also blame bad design for that. Note how the trivial failure makes darned sure you go get it serviced but the important one gives only momentary notice then signals all's well.
Re: (Score:1)
You're an idiot. That's all there is to say.
Re: (Score:3)
That reminds me of BMW. You have to take the car in to the dealership if you change the battery. [bimmerforums.com] The new BMW I8 makes it almost impossible to work on. You need two people to open the hood [youtube.com] and you have to know exactly what you're doing so you don't damage it.
Re: (Score:2)
Re: (Score:2)
The i8 is comparable in specialness to a high-end ferrari. Nobody will accidentally buy one. People for whom that is an arduous restriction can't afford one. They're worth more used than new, since they're otherwise not available.
Re: (Score:2)
Re: (Score:2)
f "features" like this stay only in exotic cars like this one, then that's fine with me. I doubt that they will, though,
I think they will, because I think that if automakers push too much harder, they'll wind up forced to give us more repair information than we're even asking for so far.
Important when updates ARENT wanted. (Score:4, Insightful)
This is mostly for updates that remove or reduce features.
EXAMPLE. I own a Mitsubishi Lancer Evolution X, big time performance car. It comes with HID lights that have a switch inside the cabin for adjusting the leveling.
Apparently enough fools are setting it to the max height setting that the feature was deemed illegal and a TSB was sent to Mitsubishi dealers informing them to disable the switch and fix the lights at a certain height.
I personally love being able to aim my headlights down lower towards the ground when driving through my neighborhood at 1am and adjust my headlights higher for country gravel roads.
For that very reason I haven't let the dealer touch my car. I don't want to visit them to LOSE features. So I won't let them have it. They also want to change a torque reduction value in the ECU to save their ass on warranty by reducing my cars performance. I won't let them change that either.
OTA is to fix the problem of unwanted updates. Things where you no longer desire the "upgrade" because it removes control from you. You should really fight this because it will eventually be used to control you like a slave.
I'm waiting for a big plane to crash or bomb to go off in the future where suddenly all cars get an OTA upgrade that enforces a "no-drive-zone" around certain important geo-coordinates. Everyone would freak out and then question how they let something like that take over their cars....
Re: (Score:2)
Re: (Score:2)
So you want to have the right to blind oncoming drivers without pesky interference from the gumment?
Re: (Score:2)
He bought a car with the ability to blind oncoming drivers. This is illegal. The manufacturer fixed the car so it now meets regulations. If he still wants to blind oncoming drivers, there is a thing called "high beam" which he can use whenever he wants... just hope that it's not a highway patrol he's blinding.
Your computer analogy is stupid... how about a car analogy?
DO NOT WANT (Score:2)
Or rather, do not want unless there it is "off" by default and it's only turned on when I want to turn it on.
While I am okay with a non-signed binary for an in-peson/over-USB-disk upgrade so I can hack my car, when it comes to OTA upgrades that by definition might happen when I'm not controlling the process, the software better be signed by someone I trust.
Re: (Score:1)
Or rather, do not want unless there it is "off" by default and it's only turned on when I want to turn it on.
While I am okay with a non-signed binary for an in-peson/over-USB-disk upgrade so I can hack my car, when it comes to OTA upgrades that by definition might happen when I'm not controlling the process, the software better be signed by someone I trust.
Which excludes anybody in the car selling and maintenance business, at least for me.
Patch Tuesday (Score:3)
You'll be taking the bus to work Wednesday morning should something go wrong.
Oh HELL no ... (Score:2, Funny)
So some fucking OTA update is going to fail while you're in the middle of driving because it just happened without asking you?
This sounds like some epic stupidity there.
I would NOT accept a car company arbitrarily making changes to my car without my knowledge or consent.
This is not a toy, this is not an app ... this is a freaking car, and if it is MY car, you will only modify it when you have MY express permission. Not just because you think it's a good idea or want to hide your previous mistakes.
If these
Re:Oh HELL no ... (Score:4, Informative)
So some fucking OTA update is going to fail while you're in the middle of driving because it just happened without asking you?
Nice strawman you've constructed. The one car that does OTA updates right now (Tesla) downloads them and then prompts you when to do them, so you can wait until your home in your garage. You don't hear any Tesla owners complaining do you?
Mobile phones are another device with OTA update support. Have you heard a lot of stories where the phone interrupted a 911 call to do an ota update and then failed? No? Because it never happens. The phone says theres an update ready, and waits for you initiate... most of them will even refuse to go if you are low battery, and most recommend you be plugged into a charger for the update... absolutely none ever have just spontaneously decided to update during a call.
This is so incredibly stupid as to defy belief.
Why manufacture imaginary problems to be outraged about; there are plenty of real problems in the world. But OTA updates isn't one of them.
Re: (Score:2)
tesla chose to offer you a choice. they still retain the power. that's the problem. only solution is to short the cell antenna to ground.
Re: (Score:2)
All you need to do is disable the remote connectivity. It's trivial to do in the configuration.
Re: (Score:2)
Which is controlled by software, yes? Their software?
Re: (Score:2)
Just because Tesla Motors has chosen to do OTA updates intelligently (so far), that does not imply that General Motors or Ford will do so. I would lay money on GM being the first to force an OTA update and the first to brick more than a thousand cars at once.
HUH? (Score:2)
Sorry but my BMW has had an ethernet backbone inside it for years. My ODB-II connector has pins used for ethernet connection for programming and coding.
It seems the article writer has zero education about modern cars. Oh and "proven security" called isolated networks are just fine.
The Telecommunications module can easily be a 2 part box that has a second processor specific for system updates. Telcom side downloads the file, update side looks at the file in the flash storage and checks not only it's chec
Re: (Score:3)
I have come to the conclusion that most articles when they say "experts believe" you should substitute it for "some moron thinks this will happen".
I think this is a terrible idea, and is more of the "oh, you don't own the car, we just license it to you". Sorry, if it isn't mine, and I'm not the one who makes decision about it ... WTF would I give you money for it then?
It is my car, and I, and I alone will decide what happens to it and when it
Re: (Score:2)
The answer then is to not buy anything after 2007. Most everything previous to that is very well hacked and 3rd party documented so you can call it 100% your car as you can modify every part of it as you see fit.
Re:HUH? (GM) (Score:1)
And GM *could* have used a slightly stronger spring in the ignition key switches so that heavy key rings wouldn't shut off the engine mid-drive and kill people.
But they didn't, because pennies for extra metal. Pay the vastly larger cost for a second processor? ... that's less likely than RedHat stripping systemd back out of their distro.
Updates vs Attack Surface (Score:1)
If you don't allow updates, then a drive-by-wire car with a bunch of wireless systems (keyless entry, keyless starter, bluetooth, cellular, 802.11p (DSRC), ... ?) connected to its bus is a timebomb. If updates are allowed, at least there is a way to fix problems on a larger scale. If that update mechanism is the open Internet, then it presents an attractive large-scale, low-risk target. An OTA update mechanism that is privately networked (eg, dedicated cellular APN) might at least make mass attacks by re
Re: (Score:2)
If you don't allow updates, then a drive-by-wire car with a bunch of wireless systems (keyless entry, keyless starter, bluetooth, cellular, 802.11p (DSRC), ... ?) connected to its bus is a timebomb. If updates are allowed
This is the best reason I can think of to be against easy updates and unnecessary complexity. If a component needs to be constantly updated to not become a "timebomb" it has no business existing in the first place.
There needs to be a cost (e.g. recall) involved or people will feel no pressure to resist market pressure to enroll us all in their endless beta programs.
Re: (Score:2)
Heh, solutions to problems that wouldn't exist if that computer wasn't there to begin with, right? Also, there's the problem of 'legal' access to the system. If the backdoor exists it will be used.
I'd rather not have the connectivity because there's too many grubby fingers looking to separate me from control over my vehicle. It's also safer. If something is wrong, I want to be notified and make a choice before any work is done.
Just no. (Score:2)
If you have something to offer in terms of genuine improvement to my vehicle's performance or its systems, then you can offer it to me in a safe and secure way that I can retain control over whether or not it is applied, and when. I do not want any part of my vehicle's systems - be they critical or seemingly trivial - to be remotely accessible and able to be changed or updated by other people or the manufacturer.
Not only do I not want people to be able to use any sort of wireless technol
Re: (Score:2)
I will be removing the antenna from it
You're not allowed to damage foreign property.
OMG (Score:2)
Right when I'm overtaking, my car decides to do an OTA update of it's software. The controls block for about ten seconds, during which time I careen into a truck coming from the opposite side. Will my insurance cover for that?
Re:OMG (Score:4, Informative)
Re: (Score:3)
OMG! The geniuses at /. have again come up with something that I'm sure no automotive software engineer has ever considered.
Quick! Call the auto companies and tell the they are about to make a big mistake. I'm sure they will thank you profusely.
Re: (Score:2)
We're making fun of you right now, but to be honest it isn't dumb to be worried.
Spacecraft and aircraft are highly computerized, and have redundant systems because accidents are either very deadly or very expensive and likely both. What you're talking about sounds like a scenario in which federal regulations have failed to force car makers to introduce this level of safety. Depending on the automaker, even if an engineer is aware of the risks, it may be out of his control and his employer could ultimately d
How can someone think that this is a good idea ... (Score:5, Insightful)
I am not against the ability to perform an OTA update in principle, but considering how abysmal record with firmware (and software in general) these companies have, this is a major disaster waiting to happen.
When Microsoft, Apple or Google botch an update, there will be a few dead computers or phones at worst. If someone like e.g. Toyota or BMW (both with a "proven" record of poor quality firmware - think "stuck" accelerators or the famous BMW video of stalling car spitting out its key at the driver) push an automatic OTA update and something unexpected fails, there will be *dead people* in addition to dead computers. And something *will* fail sooner or later - we are far far from the ability to write provably correct code as a matter of course. And embedded code is often one of the worst examples of both software engineering (non-)methods and quality, mainly because it costs money and time to do things properly instead of outsourcing the firmware to the lowest bidder somewhere in a sweatshop. Nobody will ever see that code anyway, right?
The only way this can work safely is with previous user's authorization - i.e. *never* automatically and unattended. In that way I can make sure that I am safely stopped and not going 130 kph on a motorway when my engine or brakes decide to go bust on me. That is, AFAIK, what Tesla is doing (a message pops up and the driver needs to accept the update). However, unless this mode of operation is made mandatory, some dickhead will for sure push an automatic update at some point. It is just too tempting to not to and I would be surprised if Tesla didn't have an option to push a "silent" update too already ...
The other point that nobody reacted on so far - do you really want an always-on, always phoning home wireless connection in your car? That's a wet dream come true for anyone who wants to track your car for whatever reason. Tesla is doing it for (ostensibly) performance tracking (and, conveniently, busting lying journalists), your insurance may start to require access to that data if you want to keep your premiums low and finally police and spooks will rejoice, because they don't even have to bug your car or bother with license plate cameras anymore ...
Re: (Score:2, Insightful)
Cars are, today, often reflashed with new firmware as part of dealer servicing, usually without the owner being aware (or caring, for that matter).
Nobody dies. Brakes keep working.
Runaway Toyotas didn't have a software problem. They had a mechanical problem wherein the pedal would get physically get stuck, and they fixed that in a mechanical way by adding a plastic widget to the bottom of the accelerator pedal.
Mind you, a software update was also applied, presumably to make such keyless cars easier to shu
Re: (Score:3)
Having cars reflashed at a dealership is something different - the mechanic will usually do at least some basic sanity tests that everything works before handing it over to the client.
Anyway, my point wasn't that reflashing firmware is bad - it may be even required and I am fine with that. It needs to be done safely and securely, though!
And yes, Toyota had a big software problem too, even though it wasn't why they have lost that accelerator pedal lawsuit:
http://www.edn.com/design/auto... [edn.com]
Why should we? (Score:1)
What could possibly go wrong? (Score:1)
Excuse me, I'm making a local hacker site to "upload" "fixes" to your car's OS.
Ooh, another one bit! Now to do Car Wars (SJG) IRL!
Updates are not always better (Score:1)
I will never let a dealer touch my ECU. I explicitly forbid them for "flashing" or "updating" it. I have had two examples of where my ECU were updated (without my permission) and they have ruined a car. One was a EPA change which made my car run 5 MPG less after that oil change (at a dealer, who updated the ECU). The other added some self tests to the car which made me lemon law it (but every single person that got these changes, had this issue).
If there is nothing wrong, I don't want any changes done t
BSOD on the highways (Score:2)
For Real
Anyone else 100% sure to boycott this? (Score:1)
Why would we create a world where a terrorist organization or other deeply flawed institution could take physical control of vehicles over the air?
There's no use speculating on whether it would happen -- if it can, it will and you won't be told when it does, because that would hurt sales or national security or whatever.
Keep the hardened firewalls. Keep it IMPOSSIBLE to do. Keep the fuck out of MY STUFF except with my permission.
Pounds head on dashboard... (Score:2)
You mean remote access for someone trying to screw with your car.
I guess they're going to have to add some new entries under 'wardriving'.
Like everything else that can be abused, if it can, it will be, and this one is so much easier than actually having to get physical access to the car first...
Navigation Map Updates (Score:2)
While some carmakers today offer over-the-air software upgrades to navigation maps and infotainment head units,
Others, such as Toyota, want to charge you $250 US for a one time update to the maps. Then they wonder why I still have a Garmin stuck to my windshield. Thanks for nothing Toyota.
Re: (Score:2)
While some carmakers today offer over-the-air software upgrades to navigation maps and infotainment head units,
Others, such as Toyota, want to charge you $250 US for a one time update to the maps. Then they wonder why I still have a Garmin stuck to my windshield. Thanks for nothing Toyota.
A better question is why the hell would you spend $3k on their stupid "navigation package" when that amount of money would buy a brand new Garmin every year (with current maps included) for THREE DECADES??
I don't want my car to be buggy (Score:2)
I worry about this stuff making cars less reliable. I have a car that is pretty much 100 percent mechanical. I don't think there is any computerized anything in it that is relevant to it. I'd just assume keep it that way.
I like my tech as bolt ons to the car. Give me the GPS and the stereo and whatever. But I'd like the portion of the car that is a car to be a "car" and not a computer.
I don't trust this nonsense when I'm going down the road at 80 miles an hour. Some of these systems are getting control of t
For god's sake.. (Score:2)
Re: (Score:3)
CAN is the least secure thing out there, and always has been.
Anecdotal evidence coming... A friend of mine managed to crash a Formula 1 car. It pulled out of the pits during practice and subsequently stalled. The whole pit was running around, panicking, scratching their heads and my friend rather sheepishly had to recommend they unplug the camera he'd just installed!
Re: (Score:2)
My Tesla runs Linux, does that count?
In the early software releases if I rebooted the main display the X logo was prominently displayed. The GUI is built using Qt. It's not open, however, since no one has figured out how to gain access to the OS (though Tesla can do that over the VPN connection the car maintains).