Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Software Businesses Programming Transportation

Software Is Eating the Auto Industry (strategyanalytics.com) 101

Roger Lanctot, writing for research firm Strategy Analytics: There are many more opportunities in cars today for things to go wrong as software takes over an ever-expanding array of functionality from the car stereo to enhanced safety systems and the vehicle powertrain. There are software bugs, updates, conflicts and, lately, cybersecurity vulnerabilities to worry about so it is perhaps no surprise that software is figuring in vehicle recalls. In the latest update of software-based recalls from CX3 Marketing, software-based recalls crept up higher again in 2016, surpassing 6M vehicles. It's a small portion of the overall total but it is growing -- especially as a proportion of the total. This expanding crisis in vehicle recalls is both good news and bad news for the automotive industry. The good news is that software recalls can often be corrected with over-the-air software updates. The bad news is that auto makers are in the very earliest stages of deploying software updating technology and, particularly in the U.S., they have yet to sort out conflicts with state-level dealer franchise laws that require warranty service work such as software updates be handled by dealers. The expanding role of software and the growing number of software-related recalls reflects an emerging battleground in the industry. The creation of software is expensive and labor intensive and also poses an ownership question. Starting approximately 10 years ago with BMW and Intel's mutual effort to bring Linux into cars on a larger scale via the GenIVI Alliance, auto makers have been seeking to segregated hardware from software in such a manner that hardware could conceivably be relegated to sourcing from contract manufacturers (like Flextronics) and software development costs could be reduced by sharing code. At the same time, car makers have sought to take ownership of the code written for their vehicles. Car enthusiasts have taken issue with the ownership question, asserting their right to modify vehicle software as they see fit. That particular struggle is yet to be resolved but has gained new life as more tinkerers experiment with home-grown self-driving car technology.
This discussion has been archived. No new comments can be posted.

Software Is Eating the Auto Industry

Comments Filter:
  • by nospam007 ( 722110 ) * on Friday August 25, 2017 @02:21PM (#55085023)

    Soon. It's time. Nobody needs obnoxious vendors who didn't even read their own fucking prospectus.
    What we need is some showrooms and then we buy directly at the manufacturer's site online.
    After all that's what the dealers are doing, besides those brands who have thousands of unsold cars laying around they the have to pay customers thousands to take off their hands.

    • Dealers are very easy to avoid, though. Just buy your cars used from real people. I've been doing that my whole life, except once when I bought one from a dealer. That one was the only lemon I got stuck with.

      • There was a time when you could select the options you wanted. My dad ordered a truck with the engine, clutch, transmission, and suspension he wanted. Today you must buy a package that has all the crap the mfgr. adds. Crapware, I've read that term somewhere before....
        • Not entirely true.

          You can go to the dealer and order the exact car you want. The dealer will either find it (if it's been built and exists in the area) or will order it from the factory. Of course, you will have to wait.

          That said, the dealer will push you to "settle" for one of the cars at the dealership. "You don't really want a stick shift, right? Tell you what, we'll offer you the automatic for the same price!" So if you want to drive a brand new car off the dealership that day, you have to settle f

          • There's still the problems with the options packages. You can't just buy the options you want, you have to buy a package with a whole bunch of things lumped together. Nowadays they've limited the number of configurations (usually grouped into a small number of "tiers") and available colors to the point where I would be surprised if a decently large dealer didn't have a specific configuration of a popular model in their stock.

    • Indeed.

      It's basically a needless service that gets mandated through paperwork.

      That's not even for the sales - it applies to the service too. Since this article talks about software: my new vehicle has one of the new info-tainment systems built it where it does bluetooth, interfaces with my phone, etc. It's pretty neat - when it works. The problem is half the time I plug in my phone and the screen just goes black. Unplug it, replug. Screen goes black again. TURN THE VEHICLE OFF, then back on, and it'll

    • I can imagine a manufacturer sending you a notice of a recall in the mail. In the same envelope, they include an explanation that you could get this update over the air with no effort in $(nearby_state), and include a business-reply-mail envelope with a form letter addressed to your state congressmen: "Dear Rep. Bork. I just went ___ miles out of my way and spent an extra ___ hour(s) getting a software update at a dealership instead of wirelessly. Please change this law."
      • by sjames ( 1099 )

        Make sure to keep it current. Add releasing __ pounds of carbon into the atmosphere.

    • Most states will require a change in law for this to happen. Tesla found out the hard way not being allowed to sell directly to customers. It is one of these cases where successful lobbying put a law on the books that at first sight seems reasonable, but really is only there to protect a select group from any market changes. In all fairness, dealers are far more than sales these days. Last time I bought a car I pointed to the car on the lot that I wanted, took it for a test drive, and then agreed to purchas
  • The other major issue is that manufacturers insist on tying safety and security updates to functionality changes.

    For example, on my Tesla it was determined that if you connect your car to a rogue wifi AP and open the web browser an attacker can gain root access on the car. To solve that issue though I'd have to agree to Tesla nerfing autopilot and making the whole UI exponentially worse. I've chosen instead not to connect the car to random access points or use the web browser on unknown sites.

    On an old fash

    • Bear in mind that it was not just surfing, but the worm was actually on the wifi. How many wifis do u hook up to, other than ur home? We only use our home and I setup so as we are not broadcasting out on out street.
      • by green1 ( 322787 )

        The exploit required using the browser, not just connecting to wifi. It appears it was really a browser exploit, but making you connect to a compromised wifi was the only way to guarantee you'd go to the page with the correct payload, as you could be redirected.

        The problem with saying you only use your own wifi though is that all tesla cars automatically connect to the service wifi, and you can't turn that off. It's easy for an attacker to spoof that ap and know you'll connect whether you like it or not.

        • nope.
          It actually required that you were connected to a cracked wifi, and then used the browser to go ANYWHERE. You did not have to hit a certain page. It is NOT a direct browser exploit like we see in MS Exploders. The fact is, that the browser had an opening it should not have.
          The hack requires the car to be connected to a malicious WiFi hotspot and is only triggered when the car's web browser is used. [thehackernews.com]
          And no, tesla does NOT automatically hook up to service AP. The tech has to hook them up. In addi
          • by green1 ( 322787 )

            You specifically state that you have to visit a web page, which is exactly what I stated. That proves that this is a browser exploit, otherwise you wouldn't have to open the browser. The point about a malicious WiFi access point, is simply a way to make sure your browser visits the page that they want you to visit when you open it. Otherwise they would have no way of forcing you to go to the malicious page. But with a malicious access point they can force any page load to go to the specific malicious page t

            • First off, I worked on USA PATRIOT act. Even now, I am trying to get CONgress to go after the REAL back-doors for how Russia is getting in, as opposed to the little garbage that they currently pursue. I suspect that I know a bit more about security then you do.

              Secondly, I said you can go to ANY web page. The exploit is NOT from HTML or other resource parsing. It is through a different mechanism. The fact of having the browser open and having seen ANY SITE, is all that is needed. This was NOT a typical a
              • by green1 ( 322787 )

                As you obviously have zero grasp on how software or networking work, nor any experience with either computer security in general, or Tesla's systems in particular, I see no reason to continue this conversation.

                To summarize: tesla vehicles always connect to the service wifi automatically without user intervention. If you connect to a compromised ap and visit any webpage, the compromised ap can redirect you to a malicious site and the malicious site can then use a browser exploit to give the attacker root acc

  • Not good news (Score:5, Interesting)

    by JohnFen ( 1641097 ) on Friday August 25, 2017 @02:32PM (#55085117)

    The good news is that software recalls can often be corrected with over-the-air software updates.

    Nope. No OTA updates for me. I don't trust companies to have access to my car (or computer, for that matter) any time they want. If I can't disable the communications channel, I'm not buying the car.

    • Exactly, now your car can crap out and you'll have no idea. If it craps out while leaving the dealer's lot after an update at least you have a pretty good idea what happened. We've seen so many times reliable software with few to no bugs is beyond human ability. Why would you allow on the fly updates to something as critical as your car? Oh yeah, because the same rule means they will screw it up in the first place. Nuts.
      • by Jeremi ( 14640 )

        Why would you allow on the fly updates to something as critical as your car?

        Well, you wouldn't -- you'd download the update automatically, perhaps, but you'd get the user's explicit permission before applying the update. That way the user can decide when or if applying the update is worthwhile (e.g. do it after an important trip, rather than before).

        Pretty much the same way it is done with cell phones and MacOS/X OS updates, no?

    • Didn't we just have an article on here about an OTA (or network) update disabling TVs? I really wouldn't want that happening to cars...

      Just wait until some hacker sends an OTA update to disable vehicles... then maybe shit will hit the fan?

      Really stupid decision.

      • Didn't we just have an article on here about an OTA (or network) update disabling TVs? I really wouldn't want that happening to cars...

        Two [slashdot.org] articles [slashdot.org] actually. At least in the smart lock case there was still the manual option of a normal key, the tv users were screwed. Hopefully these car manufacturers are taking notes and designing their system that if the update fails the car still retains it's "car" functionality, like starting and driving. You're point about a hacker sending code to break a vehicle is a valid [wired.com] one, but imagine being some dude working a 9-5 who can't get into work for a couple weeks because the manufacturer bricked his c

    • Chill out. For example, on Tesla, u can kill ota of both WiFi and 3/4g. I'm sure others will follow suit soon enough.
  • by __aaclcg7560 ( 824291 ) on Friday August 25, 2017 @02:37PM (#55085151)
    Yesterday it was JavaScripting eating the Internet [slashdot.org], today it's software eating the auto industry. That's just the software. The hardware must be starving.
    • by dmomo ( 256005 )

      Seriously, i came here to say just this. Is the eating analogy devouring slashdot?

    • The headline actually said that "Javascript [was] eating the world". Since Javascript is (a subset of) software and the auto industry is a subset of the world, this new headline contains no new information since the old one already subsumes it.
      • by zifn4b ( 1040588 )

        The headline actually said that "Javascript [was] eating the world". Since Javascript is (a subset of) software and the auto industry is a subset of the world, this new headline contains no new information since the old one already subsumes it.

        So basically nothing new on Slashdot for the past 20 years then? :)

      • You're a hoot at parties, aren't you?

        That's a hypothetical question.

        • Considering that I don't attend parties, yes, I've never been to a party yet where I wasn't a hoot. So you're correct.
  • They probably don't realize that that manufacturing has been running on software since the 60's and when they do we'll get the FUD headline of "ZOMG!!! Software is eating the manufacturing industry!!!!!"

    And then it will be "ZOMG!!! Software is eating the shipping industry!!!"

    Followed by "ZOMG!!! Software is eating the mining industry!!!"

    And then "ZOMG!!! Software is eating the power generation industry!!!"

    etc. etc. etc.

  • software updates be handled by dealers is way a way to make big profit. and stopping updates after 2-3 years can make for new car sales.

    Just think of an $50-$100 labor change for that or even mark up parts like an HDD X2-X3 bestbuy rental prices.

  • ... nearly any and every industry. Look what happened to Samsung. Or those people with the "security" cameras that phoned home, or pacemakers, or... or... or...
  • I do NOT want the ability to do any "hands off" update of a killer robot, er, I mean automobile.

    If the good guys can do it, so can the bad guys.

    Make me come in for service or send someone out to me, just as you would for faulty hardware.

    Now, if you need to update a non-critical system such as the infotainment or air conditioning system that's fine, as long as there is no way for those systems to make changes to the critical systems. Yes, I know this isn't risk-free - a bad guy could make the radio go on fu

    • You are not alone, far from it.
      Since it's highly unlikely that they'll have (or would tell you of) a way to turn that off completely: If you have some background in electronics, you should be able to poke around and find the relevant antenna(s) that would be receiving the updates. Disconnect the antenna and connect it to a dummy load instead (most likely 50 ohm). Problem solved.
  • by Anonymous Coward

    The car I bought has a built-in touch-screen Android system as part of the entertainment system. It runs the audio, trip computer, phone address book, the (optional) navigation system, and even has an interface with the air conditioning. It's basically a built-in Android tablet with car-specific software installed that interfaces with the rest of the car. I thought "Wouldn't it be wonderful if I could install any Android program I want?" Nope. It's locked down with a whitelist program in the background

  • by fish_in_the_c ( 577259 ) on Friday August 25, 2017 @03:30PM (#55085519)

    over the air updates of your anti lock break control system.

    Over the air update of auto software is only slightly less stupid then over the air updated of avionics software.

    Or if you prefer, fast and cheap software updates supporting cool new software for vehicles are much more important something as small and insignificant as human life.

    • by bws111 ( 1216812 )

      how exactly do you 'assasinate' someone with an anti-lock brake system?

      • by Jeremi ( 14640 )

        how exactly do you 'assasinate' someone with an anti-lock brake system?

        Ideally by remapping the accelerator pedal to the brakes, and the brake pedal to the throttle. (Note that Toyota may claim prior art regarding this technique)

  • Apart from being stupid, they seem to be nonsense as well...

  • by ElizabethGreene ( 1185405 ) on Friday August 25, 2017 @04:09PM (#55085883)

    I travel for work, and rent a lot of brand-spanking-new cars.

    Car software is shit. It doesn't matter what brand of car, it's shit.

    I get in the car, factory reset the radio, reboot the car, connect Bluetooth, sync contacts, and go. Most recently I did this in a Buick Endeavor. Enabling Android Auto locked up the car entertainment system and I had to reboot the car. Apple car play worked, but bluetooth phone calls only worked 25% of the time when the phone rang while Pandora was open.

    That's not an isolated incident. I've locked up the infotainment system on a dozen other rentals. That's extremely frustrating. The best was a Ford Focus that wouldn't reset with a power-off/power-on reset. The system didn't recover until I left it off for an hour.

    It's not just new cars, either. I own a Chevy Equinox that won't Bluetooth pair with an iPhone 6. At least it doesn't lock up.

  • of auto industry being eaten by software: you can't repair your own car, or you violate the DMCA. Farmers Demand Right To Fix Their Own Dang Tractors [slashdot.org] Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware [slashdot.org]

Ummm, well, OK. The network's the network, the computer's the computer. Sorry for the confusion. -- Sun Microsystems

Working...