Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Bug Transportation

65,000+ Land Rovers Recalled Due To Software Bug 97

An anonymous reader writes with word that owners of Range Rover and Range Rover Sport SUVs (model year 2013 and newer) will need to get their cars' software updated, which means a visit to a dealer. The update will fix a bug in the cars' locking system, which occasionally resulted in car doors randomly unlocking and opening themselves (in one instance, when the car was moving). This is not the first time that a car manufacturer asked customers to contact dealers for a security update. In July, Ford has recalled over 430,000 cars in North America because of a bug that prevented the engine from shutting down even after the ignition key was put into the "off" position and removed.
This discussion has been archived. No new comments can be posted.

65,000+ Land Rovers Recalled Due To Software Bug

Comments Filter:
  • by Anonymous Coward

    I wonder how many issues like this have been silently fixed on models that have mobile data service for OTA updates.

    • by Anonymous Coward

      Bad idea. It is better that the customer has a problem with your product that you solve when they ask about it than if the product works flawlessly.
      That way you can establish a contact with your customer where you have gone through a rocky time together that ended up well because you fixed the problem.
      It seems counterintuitive at first, everyone wants products that works out of the box.
      What you don't get when everything works perfectly is a social connection with the customer where they feel that you care a

      • By selling a flawed product you can buy customer loyalty.

        That explains why Windows is so popular!

        • I know I always feel better when I fly to Seattle and get Bill Gates to help solve driver incompatibility problems.

      • Bad idea roaming fees can cost more then the cars cost.

        as 1GB of updates when roaming can cost $15,360 - $20,480.

        • So you program the software to not pull the update if the car is roaming (or use data at all, for that matter).

          Of all the reasons OTA may be a bad idea, I think this is one of the least concerning ones (as in, not at all).

        • Bad idea for who? The car manufacturer gets a cut of your data bill for your car.

  • by SuperKendall ( 25149 ) on Tuesday July 14, 2015 @08:03AM (#50106949)

    Only makes sense that car called the Range Rover would have either an off-by-one or Out of Array Bounds error.

    • There's only a 50% chance of that as it's only one of the two hardest problems in computes science (said hardest problems comprising naming of things, cache invalidation, and off-by-one errors).
  • by tomxor ( 2379126 ) on Tuesday July 14, 2015 @08:04AM (#50106963)
    The other one was ok though.
  • by i.r.id10t ( 595143 ) on Tuesday July 14, 2015 @08:17AM (#50107119)

    Is this the new incarnation of Lucas electrical systems?

    http://www3.telus.net/bc_trium... [telus.net]

  • by Anonymous Coward

    Well, given that companies in the UK seem to think they can get a degree qualified senior embedded software engineer for GBP 35-40k, I'm not surprised they have a bunch of incompetents working on this stuff. If you are a good embedded dev you can easily move into mobile or enterprise but engineering companies seem oblivious to this connection.

    • Re: (Score:3, Insightful)

      by Kester1964 ( 3655703 )

      I am not sure how many software engineers are employed by Range Rover, but I expect that the subsystem providing the central locking features will have been outsourced just like all the major components to companies like Bosch, Visteon, Wipro, Yazaki etc.

      In order to reduce costs the software engineers will have been outsourced to Eastern Europe and India, and although just like everywhere else the software teams will be a mixture of the competent/incompetent, it will likely be the management who will have

  • Does the software in cars fall under any particular standard for quality? Like actual engineering standards?

    Or do we really have auto makers doing little better than people making apps for phones?

    It just seems like if it controls any part of a car it should really be required to be subjected to much more rigorous verification.

    • by drinkypoo ( 153816 ) <martin.espinoza@gmail.com> on Tuesday July 14, 2015 @08:31AM (#50107233) Homepage Journal

      Does the software in cars fall under any particular standard for quality? Like actual engineering standards?

      No.

      Or do we really have auto makers doing little better than people making apps for phones?

      Well, it's quite a bit better than that, which is still terrible.

      It just seems like if it controls any part of a car it should really be required to be subjected to much more rigorous verification.

      They're nowhere near that. The complexity has gone way up, but the quality hasn't...

      • There are some quality/safety standards for UK automotive software [misra.org.uk]
        • There are some quality/safety standards for UK automotive software

          Those are just voluntary guidelines that everyone is free to ignore.

          • There are some quality/safety standards for UK automotive software

            Those are just voluntary guidelines that everyone is free to ignore.

            Oh, please. Do I have to quote you the formula for determining whether to make something safer? It involves cost of new parts, frequency of accidents, cost of lawsuits, and possibly soap made from human fat.

        • Just don't look too closely at the compliance audits and root cause analysis of previous faults while you're googling that one, or you may have a disappointed scowl all week. The trouble with standards like this is that unless there is some compulsion to actually follow them effectively, they are just squiggles on a piece of paper or someone's computer screen.

          This is the industry where those stories about comparing the cost of the lawsuit when people die against the cost of the recall originated, remember.

      • QC didn't go up or down. It stayed the same but the complexity of the controllers has gone up. Contrary to circuit boards, software is far more flexible and allows for higher levels of complexity which results in higher probability of failure.

        It scares me to think that auto makers are moving ABS, Cruise Control and other critical features to 100% software driven systems. With the coming of self driving cars there's no doubt QC will improve but until then we will see stuff like this.

        • It just seems like if it controls any part of a car it should really be required to be subjected to much more rigorous verification.

          They're nowhere near that. The complexity has gone way up, but the quality hasn't...

          QC didn't go up or down. It stayed the same but the complexity of the controllers has gone up.

          Is there an echo in here?

          Contrary to circuit boards, software is far more flexible and allows for higher levels of complexity which results in higher probability of failure.

          Both have become massively more complex. My 1989 240SX had a 3MHz, 16-bit ECU. Modern PCMs are typically 32-bit and measured at minimum in double-digit MHz... for really boring, small engines. My 240SX's Hitachi ECU had probably half as much I/O as my Audi's PCM, which has probably half as much I/O as a really modern car. Maybe two-thirds.

          It scares me to think that auto makers are moving ABS, Cruise Control and other critical features to 100% software driven systems.

          Cruise control is not a critical feature. You hit the brakes and it shuts off. ABS is a critical feature. If the ABS goes full idiot, then you can

          • Is there an echo in here?

            Was just adding weight to your argument.

            Both have become massively more complex

            Yes but until more recently only the combustion system was making use of complex software. The transmission in some cases. Now you have brakes, steering and throttle controlled by software with far more complex algorithms then could ever be included in non programmable circuit boards

            Cruise control is not a critical feature. You hit the brakes and it shuts off

            That was true of the non software driven cruise controls. If the software isn't taking action when the brake switch it depressed then you'll just keep driving away.

            I would also like to point out that electric parking brakes are a horrible idea in every way

            I agree. There's the arg

    • You could try making all embedded system programmers to start using full formal methods, but good luck with that...
    • by fermion ( 181285 )
      Honestly this is simply competent software development, like aggressively validating user input so a website can't be compromised with maliciously formed URLs.

      It is understandable that a software glitch might unlock the door. But opening a door should be a more controlled thing that is designed to be secure. For instance there should be a distinction between a request to open the door by someone putting the door handle and a request from software. The request from software should have fairly low priority

  • And with a high price tag commands a lot of 'prestige'. Ever sit inside one? They are very, very mediocre internally. Also extremely unreliable cars historically.

    I still don't understand why people buy them, but I chalk it up to an issue of more money than sense. Or they might be rappers...

    • I chalk it up to an issue of more money than sense. Or they might be rappers...

      ...but you repeat yourself.

  • a car that's not got more computers than the Apollo 11?
  • Bad design (Score:4, Insightful)

    by DriveDog ( 822962 ) on Tuesday July 14, 2015 @08:39AM (#50107303)
    Doors unlocking, that's one thing. Doors opening and engine not halting when ignition switched off, that's horrible design. Always, always keep physical means that override any other possible means to do things like opening doors and disabling engine. Person approving those designs should be shot and then sent to the Russian front. Stuff can go wrong mechanically, but why would you ever add yet another possible point of failure?
    • Doors opening and engine not halting when ignition switched off

      Gees, does Range Rover have to include Drivers Seat Extreme Side Tilt as an option in next year's model for people to get the hint? The car has places to go, get out of the damn car and let it have a little space of its own!

      If monkeys are people then why can't cars be too? All these people and their bias against steel-based life forms.

    • Happened to me a few years ago. Some technicians were installing our telematics unit into a Mercedes Econic and wired something wrong, so engine wouldn't halt when ignition switched off. Pulling fuses wouldn't help either so they actually had to wait for several hours until the fuel tank was empty.

      • by guruevi ( 827432 )

        Pulling off the battery and alternator wouldn't work? Most engines will shut down when power is removed, you could even short the battery leads for a second to blow the alternator fuse.

        • Probably was difficult to reach in a truck built for compactness.

    • by bws111 ( 1216812 )

      What makes you think physical is any better? My daughter called me one night saying she could not shut her car off, ignition key would not turn. Purely physical, no software involved. Turns out she had the GM iginition switch problem. The major difference between physical and software was that she was without her car for 10 weeks while they waited for parts, vs a quick trip for a software update.

      • by Agripa ( 139780 )

        The major difference between physical and software was that she was without her car for 10 weeks while they waited for parts, vs a quick trip for a software update.

        This is more likely just a demonstration of GM's well known incompetence.

      • by DeVilla ( 4563 )

        It's a car. There will always be the physical component as a point of failure. Adding an electronic component on top of that adds another point of failure. In some cases the function is too important to add unnecessary points of failure.

        I would try to think of a car analogy, but ...

  • ...never buying a new car again. Only cars old enough not to have this crap.

    • Me too, for both reliability and security/privacy reasons. Car security hasn't really advanced all that much since the invention of immobilisers (which effectively ended car theft as a serious risk) and alarms (which significantly reduce the risk of theft of what's inside the car). Arguably trackers help with back-of-lorry issues, but you're already into creepy remote-monitoring territory there. And the new ideas where software will track every little thing almost like a black box... except that instead of

  • by smooth wombat ( 796938 ) on Tuesday July 14, 2015 @08:48AM (#50107383) Journal
    because of a bug that prevented the engine from shutting down even after the ignition key was put into the "off" position and removed.

    I guess it's too difficult to leave the physical connections in place. They had to be replaced by shiny, just because.

    There's a reason light switches work every single time. Physical connections are superior to digital connections.
    • by bws111 ( 1216812 )

      Light switches certainly do not 'work every single time'. They are mechanical devices, and as such are subject to failure. And the failures can be quite spectacular, such as burning down the house. Many places now require 'anti-arcing' circuit breakers to prevent the fires caused by arcing switches.

    • by mjwx ( 966435 )

      because of a bug that prevented the engine from shutting down even after the ignition key was put into the "off" position and removed.

      I guess it's too difficult to leave the physical connections in place. They had to be replaced by shiny, just because.

      Its a Land Rover, people buy them because they need the shiny to justify their inflated ego's. They aren't cars for people who want reliable, trouble free or sensible motoring.

  • by fahrbot-bot ( 874524 ) on Tuesday July 14, 2015 @09:09AM (#50107547)
    The Ford bulletin listed in TFS says: "This is a compliance issue with FMVSS 114 regarding theft protection and rollaway prevention." One would think the issue would simply be shutting off the engine when turned off so, you know, it doesn't keep running. I understand that software controls allow for more features and save the vendor money on hardware, but I don't think they actually makes things simpler, better, safer or more reliable. I know that, historically, whenever I have turned the engine off in my cars, the engine has always turned the fuck off.
    • The Ford bulletin listed in TFS says: "This is a compliance issue with FMVSS 114 regarding theft protection and rollaway prevention." One would think the issue would simply be shutting off the engine when turned off so, you know, it doesn't keep running. I understand that software controls allow for more features and save the vendor money on hardware, but I don't think they actually makes things simpler, better, safer or more reliable. I know that, historically, whenever I have turned the engine off in my cars, the engine has always turned the fuck off.

      Ah, you are obviously too young to remember the tail end of the carburetor era, when increasingly lean mixtures made dieseling after shutoff a pleasant feature of your every automotive journey, until somebody got the bright idea of putting a solenoid valve in the gas line.
      Having the car not turn off isn't that serious, though. It will absolutely run out of gas, after a finite time interval.

      • Ah, you are obviously too young to remember the tail end of the carburetor era, when increasingly lean mixtures made dieseling after shutoff a pleasant feature of your every automotive journey, until somebody got the bright idea of putting a solenoid valve in the gas line.

        I'm 52 and have replaced those solenoids in my younger years...

        Having the car not turn off isn't that serious, though. It will absolutely run out of gas, after a finite time interval.

        People have actually died from leaving their key fobs in cars with key-less ignition systems and exiting the vehicle while it was still running. At least one person has been run over and another died from CO poisoning.

        I found that info while researching the sad, impending "all cars will have key-less ignition" future I see coming. I despise cars that *require* key-less entry/ignition because fobs are stupid to have carry around in your pocke

  • Kardashians die in Range Rover when unable to unlock doors. Kanye's last words were "fish filet."

  • by nimbius ( 983462 ) on Tuesday July 14, 2015 @09:21AM (#50107647) Homepage
    As an automotive SCADA programmer, its the hillarity of a marketing driven product that causes outright lethal problems like this. We finish coding important things like o2 and knock profiles, 3d cylinder maps and such into the engine and give the vehicle the ability to start or stop with ease in damned near any environment. we also write in cockpit code that handles fun stuff like TCS and ABS for the driver. Then, suddenly, our competitor one-ups us in either horsepower, torque, or some other mundane argumentative ego stroke brought up at the dinner table of automotive shows and product spotlights. And just like that, some marketing drone instantly tasks us with a new, untested, and wholly remarkable feature we are to provide.

    so another project is created in git, branches are furiously spawned, we're given a deadline to make this new system work with everything (including the legacy stuff thats 10 years old) and things like lighting controllers as well. We're told we will deliver this feature on time or all hell will rain down from above, and so we do. Its another set of servos, and because we dont have a 2 year test cycle we have to use the same ones you have to close the trunk, but this time we bolted it to keiths new handler code based on a fork of the trunk code that he spent 90 hours hacking. Sure, the newest vehicle comes out and all is well, but we just do not have enough time to make sure everything works before some talking head gets up on a stage and rails about our latest "innovation." And chances are the average driver with more brass than sense is too old to understand the technology, how it works, or when to use it so it gets disabled at the dealership for them along with a half dozen other bells and whistles that confuse and bewilder the OAP.
  • It seems like a lot of the car manufacturers are having some major software issues. This Range Rover issue certainly isn't the worst one.

    For instance, see this blog post (which links to US court testimony documents) where an embedded software expert (Michael Barr) reviews Toyota's code and finds numerous flaws:

    http://embeddedgurus.com/barr-... [embeddedgurus.com]

    Did Toyota fix these flaws? Who knows? Toyota still denies that there's even a problem. They released an update to the Prius last year [nytimes.com] which corrected a problem with p

  • So I have to drive my Cayenne or X5 for a while. BFD.
  • We published a report recently at the NHTSA's Enhanced Safety of Vehicles (ESV) conference that surveys many recent electrical/electronics (E/E) problems. Software defects fall into electrical/electronic systems in the ISO 26262 lingo. This includes a statistical analysis of recalls (classifying into those due to E/E problems) and ancedotes of many software defects resulting in recalls, including several examples of unintended braking, unintended acceleration, etc.: A Survey of Electrical and Electronic (E/ [dot.gov]
  • Most stop lights have (or, 20 years ago, had) a graceful fail-safe mode: When the software is confused or there is a hardware fault like "incompatible green lights detected" the systems go into a failsafe mode, which is usually an all-way stop.

    A reasonable fail-safe mode for a car door lock would be that it could be locked and unlocked using purely mechanical means from the inside and at least one door (typically both front doors) could be locked and unlocked using purely mechanical means from the outside.

  • Pure genius! Turns out that 65,000 Land Rovers make an excellent continuous integration server. BTW the build is broken.
  • They'll just slap in a new AE-35 unit, and you're good to go. I wouldn't even bother with a helmet.
  • "The update apparently will not solve the well-known vulnerabilities in the keyless ignition feature, which reportedly allow thieves to easily unlock the cars with the help of a hardware device that can be bought online .. it's generally believed that the industry is still far from creating a reliable system that can't be hacked and abuse" ref [net-security.org]

    Is it really impossible to design a keyless ignition system that can't be compromises, or is it the case that the car manufacturers are not allowed to design such
    • In France, a group of english robbers stole around thirty expensive Range Rovers.

      The technique is called "mouse jacking".
      http://www.europe1.fr/faits-di... [europe1.fr]
      And what's worse is that the insurance won't compensate the victims, since there is no trace of burglary.

      • A few years back when air bags were new, I saw a TV show where one of these "reformed criminals" demonstrated how easy it was to steal cars. He walked up to whatever car it was, hauled off and kicked it as hard as possible in the bumper, where the air bag trigger sensor was located. The airbags went off and.... it unlocked all the doors, so the emergency folks could extract your unconscious body.
    • "The update apparently will not solve the well-known vulnerabilities in the keyless ignition feature, which reportedly allow thieves to easily unlock the cars with the help of a hardware device that can be bought online .. it's generally believed that the industry is still far from creating a reliable system that can't be hacked and abuse" ref [net-security.org] Is it really impossible to design a keyless ignition system that can't be compromises, or is it the case that the car manufacturers are not allowed to design such. The doors to your house can be picked with the right system, so as to allow the locksmith back in if you lose the keys.

      So, let's see; the car unlocks when it receives the coded transponder signal of sufficient power; the transponder generating that signal is somewhere in the neighborhood of the car, like inside the house the car is parked outside, but just too far to trigger the unlocking..... Yeah, foolproof security, absolutely. How could you possibly beat that system.

  • My '89 Ford Escort was a lemon. I was the last American car I'll ever buy. In any case, from memory I was able to remove the key with the engine running. One of the many mechanical engineering defects with this vehicle. It was a horrible product.

  • Close the driver's door, Hal.
    I'm afraid I can't do that.

HELP!!!! I'm being held prisoner in /usr/games/lib!

Working...