Mitsubishi Recalls 68,000 SUVs Over Bad Software (consumerreports.org) 82
Mitsubishi is recalling 68,000 SUVs because of bad software in two different engine-control units (ECUs), according to the National Highway Traffic Safety Administration. Consumer Reports adds: In one of the two actions, the automaker is recalling 58,916 of its 2018 Eclipse Cross, 2017 to 2018 Outlander, and 2018 Outlander Sport SUVs because of faulty software in the hydraulic unit ECU -- the computer control system for the brake system. According to NHTSA, the software problem could cause some features -- such as adaptive cruise control (ACC); forward-collision mitigation (FCM), which is a combination of forward-collision warning and automatic emergency braking; and antilock brakes (ABS) -- to not work as expected. In the second action, Mitsubishi is recalling 9,166 of its 2018 Eclipse Cross, 2017 to 2018 Outlander, and 2018 Outlander Sport SUVs because of bad software in the computer control for the FCM system. According to NHTSA, if the FCM system detects a pedestrian in front of the vehicle who could be hit, that ECU may activate the brake for longer than necessary, even when the obstacle is no longer detected. There's concern that when this happens, the driver may provide additional braking, making the SUV slow rapidly and increasing the risk of a rear-end collision, NHTSA says. Consumer Reports has also detailed the models that are affected and how customers could contact the manufacturer.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
You mean for Subaru SUVs, not Mitsubishi.
Re: (Score:3)
Re: (Score:3)
Yes I screwed up!
Not as badly as Mitsubishi did...
Re: (Score:3)
Yes I screwed up!
Not as badly as Mitsubishi did...
Both had malfunctioning brakes.
Their Integration testing sucks... (Score:2)
Where were the system integration tests that where supposed to catch such things?
Seems to me that this kind of system interaction would be the subject of a series of integration tests which would be fully validated BEFORE they where allowed to sell these vehicles. Guess I was wrong.. Silly me.
Makes you wonder how much other garbage is slipping by. I guess they will discover that finding system bugs is cheaper the sooner in the development cycle you catch them. Enjoy paying the dealers to do this work and
Re: (Score:2)
Yep. Companies are neglecting QA testings like me. :(
Re: (Score:2)
Where were the system integration tests that where supposed to catch such things?
Hey, the regression tests on last year's models did not find any problems. Why are we spending money on them?
NHTSA quote doesn't make any sense (Score:2)
The second sentence doesn't make any sense to me. Am I the only one? Why would the drive provide additional breaking if the obst
Re: (Score:2)
My guess would be that the driver thinks the car 'sees' something he doesn't, and he reacts to that by braking harder.
Re: (Score:2)
There is only ONE reason for any of these 'driver assist' features (BLIS, ACC, lane departure, auto-braking, etc) to exist at all - to alert you to things you didn't see. If you are not going to trust alerts BECAUSE you didn't see it, then there is no reason for the systems in the first place. So, either the systems must be removed altogether (best idea), or they must work correctly. There is no middle ground.
Re: (Score:2)
Driver goes to hit brake, car applies brakes too, driver's weight transfers forwards and they apply lots of brake pressure accidentally. Car doesn't let off braking even though obstacle has cleared path, neither does driver due to weight transfer.
Re: (Score:1)
The NHTSA statement makes perfect sense. Natural instinct when your car spectacularly malfunctions is to perform an emergency stop of the vehicle and assess the situation.
Stop the car means driver press the brake. The problem is that the computer is mistakenly applying the brakes. This is how you get the double force braking phenomenon.
It's easy to think this wouldn't happen to you but this is not some kind of long thought out process. This is a high stress unexpected we're going to die moment when your foo
The Microsoftification of all machines (Score:2)
Our "machines" are becoming more software and less hardware over time because making complex or dynamic behavior in software is usually easier than via hardware. This also implies that more "hardware" problems will actually be software problems. They are essentially becoming robots controlled by microprocessors (which may or may not be controlled in part by a human user).
Getting things fixed is also becoming more like dealing with the likes of Microsoft than a local craft-person. Smaller shops and 3rd parti
Re: (Score:2)
We are now fighting next battle - lets not connect all that garbage to the Internet. Your car doesn't belong on IoT junk pile.
Re: (Score:2)
We are now fighting next battle - lets not connect all that garbage to the Internet. Your car doesn't belong on IoT junk pile.
I don't know, if these 68,000 SUVs could have their firmware updated over the Internet, it would save 68,000 people trips their local Mitsubishi dealership.
The trick, as always, is to enable that functionality without simultaneously enabling the vehicles to be hacked by bad actors.
Re: (Score:1)
"Plastics!"
-The Graduate
Re: (Score:2)
The trick, as always, is to enable that functionality without simultaneously enabling the vehicles to be hacked by bad actors.
I don't think I want "update over the Internet" functionality for my car regardless of whether it is protected from Internet hackers. I think it is possible that the evolution of rapid and easy update of software over the Internet has lowered the initial quality of software and software fixes. When software updates are expensive, more time/effort can be justified on the front-end of the software change, making sure that the change has the desired effects and only the desired effects. When software update
Re: (Score:2)
No dealership visit, no IoT.
Unless you brick your car by flashing bad firmware which doesn't support updates but seems to boot properly. Then it's a tow to the dealer to dig out the JTAG connections to fix it..
Don't laugh... I *could* happen, given the quality of software/firmware deliveries these days.
Re: (Score:2)
why when the dealer can sell you an 512GB HDD for $250+install.
Re: (Score:2)
"No dealership visit, no IoT"
If the vehicle has to come in to the dealer for the update they will, to a near certainty, find $200-500 worth of essential -- non-warranty -- maintenance that really should be done right now, today, "Man, you should NOT be driving a car with brake rotors that look like that ..."
No dealership visit, no profits. Not likely to be a big seller in the boardroom.
Re: (Score:2)
We are now fighting next battle - lets not connect all that garbage to the Internet.
I don't know, if these 68,000 SUVs could have their firmware updated over the Internet.
The trick, as always, is to enable that functionality without simultaneously enabling the vehicles to be hacked by bad actors.
This can't be done. When you connect something to the Internet, the Internet gets to access it. Even if something is designed and coded perfectly, and it won't be, new types of attacks will come out that would still make attacking it possible.
Cars last decades, software security last months. You are just signing yourself up to get hacked and/or EOL.
Re: (Score:2)
This can't be done. When you connect something to the Internet, the Internet gets to access it.
You can make the connection unidirectional (see below).
Even if something is designed and coded perfectly, and it won't be, new types of attacks will come out that would still make attacking it possible.
I think it can be done; if you want to be super-secure, use full encryption on everything (of course), and on top of that, design the car so that the only time it ever powers on its WiFi hardware is for a few minutes after you've typed in (on the car's touchscreen) a single-use/unique-per-vehicle activation code that you received in the mail from the manufacturer as part of a recall/update procedure. At that point it connects to the manufacturer's server via SSH, downloads and authenticates the new firmware image that corresponds to that activation code, and installs it (with an option to downgrade if anything goes wrong).
Could that still be theoretically hacked? Of course. Would it be? Probably not, because without a passcode to activate the hardware with, there would be no easy way for miscreants to develop or test any hacking technique. The amount of effort it would take them to develop an exploit would be greater than the amount of effort its would take them to "hack" the manual update procedure (e.g. by getting a job at a dealer and hacking customers' cars via the JTAG programmer when they come in for repairs), so they wouldn't bother.
Re: (Score:2)
Another aspect you fail to consider - authentication. You have to spend a lot of effort on making sure you car connects to the right server, and not one in CIA headquarters.
Re: (Score:2)
The trick, as always, is to enable that functionality without simultaneously enabling the vehicles to be hacked by bad actors.
The people responsible for updating the firmware remotely are also bad actors or soon will be. How do they protect the functionality from themselves?
So many acronyms! (Score:2)
SUV, ECU, NHTSA, ACC, FCM, ABS, most of them repeated several times. The summary would be twice as long if you'd typed them all out.
Re: (Score:2)
Really??? In the context of cars, SUV and ABS are in common use among laypersons.
ECU and NHTSA are pretty common as well.
ACC and FCM were about the only ones I could think of that needed explanation.
Also, ECU *was* defined.
Re: (Score:2)
Actually, except for SUV and NHTSA, they were all defined. I expect that the author rightly assumed that everyone knows what an SUV (in the automotive context is), and NHTSA is a well-known US.gov agency.
What? No OTA updates? (Score:3)
Tesla pushed an over the air update for its anti lock brake calibration and fixed the issue. All five slams were within 125 feet or so. Consumer Reports chief test engineer actually wrote that he has never seen such a critical component being fixed by OTA. In other vehicles it would resulted in recalls of hundreds of thousands of vehicles and still only those vehicles that were brought to the dealership would have been fixed.
Now it looks like not having an OTA is a huge mistake by the legacy car makers. They should follow Tesla and enable OTA on all their cars. NTHSA should mandate all cars should have OTA, after some cut off year like 2022 or so.
Re: (Score:1)
Personally I'd rather not have OTA updates for critical systems in my car, thanks. Last thing I want is somebody to discover a 0-day and send an update that disables my brakes entirely while I'm driving.
Re: (Score:1)
So many systems now do OTA update, from Linux distributions to Windows, Android and IOS. If there is a vulnerability found in these methods, there are lot more juicier targets like banks and brokerage houses, or deep pocketed people who would pay huge ransoms. Random dude disabling the brakes of Anonymous Coward would not happen. The society would have collapsed long before that.
No thanks. (Score:2)
Sure, if a device has to be connected to the internet to perform its job, then it must have OTA updates. But taking a critical safety device that has no reason to be connected to the internet whatsoever, and connecting just to receive OTA updates is asking for trouble. You are massively increasing your attack surface for a small convenience.
Re: No thanks. (Score:2)
Several billion smartphones out there taking OTA updates all the time that hold valuable personal info and banking info, and not a single case of hijacking the OTA update process to compromise the device.
It might be plausible that there are ways to implement this securely.
Re: (Score:2)
Several billion smartphones out there taking OTA updates all the time that hold valuable personal info and banking info, and not a single case of hijacking the OTA update process to compromise the device.
Your banking info is not as valuable to you than your life. There is a big difference when random internet hacker gets access to hundreds of mobile phones and investigates user data on them. Compare that to getting access to hundreds of cars and crashing them.
Re: (Score:2)
Unless they are an assassin or a particularly psychotic anarchist, being able to crash random cars is of no value.
Thousands, if not millions of bank accounts, is worth exactly the balance of the accounts to the hacker.
Your argument makes no sense.
Re: (Score:2)
"Personally I'd rather not have OTA updates for critical systems in my car"
Nor would I. Different reason. I spent several decades working in software test of complex systems. Frankly, the state of the art in software system test isn't that great. My experience was that patches generally did what they were intended to do, but all too often caused unexpected problems is other parts of the system, and that exhaustively testing every patch against the full system was impractical
My concern is that we have a
Re: (Score:2)
Now it looks like not having an OTA is a huge mistake by the legacy car makers.
Have you done the math? It costs such and such to include OTA, it costs such and such to do a recall, recalls happen x% of the time and affect y% of the models, vs z# total of units sold?
They should follow Tesla and enable OTA on all their cars.
Maybe. Do the math, show your work.
NTHSA should mandate all cars should have OTA, after some cut off year like 2022 or so.
Bollocks. OTA has security implications and if other automakers can achieve their goals without it, best to leave it out.
Re: (Score:2)
Why?
Automakers are jerks. If they realize if they can do OTA and cripple the cars after selling it and hold people or ransom they will do it. If they see OTA is a way to get steady revenue stream, they would jump all over it.
They will pitch it as safety, but once in, they will have fees every time you sell the car, to "register" the new owner, etc etc.
Re: (Score:3)
Personally I consider OTA a bad idea, as it would the foster the "ship it now, fix it later" attitude towards cars that has completely taken over with just about anything else that can connect to the internet.
I want my car's brakes to work properly coming right from the factory right from day one. If screwing this up means a costly and embarrassing recall, that means the manufacturer has a pretty big incentive to get it right the first time.
Re: (Score:2)
No. But I've always considered stopping a priority.
Re: Remember when... (Score:2)
That has never been the case with any automobile ever manufactured.
See: brakes, transmission, driveline / axles, tires / wheels, steering, suspension, charging system, cooling system, headlights, etc.
No degree, no problem! (Score:2)
Re: (Score:2)
There aren't any degrees out there that goes through required safety standards for automotive programming.
They used to be the same standards used for industrial embedded design and there are books on the subject of what *not* to do in mission critical systems.
Very easy to fix! (Score:2)
The software's not bad (Score:2)
The software isn't bad, it's just compiled that way.
Re: (Score:2)
It is called software because they cannot keep it up.
"We are compiling your braking system updates" (Score:2)
"Attention, user!
We are compiling your braking system updates.
They should be operational in approximately 3 minutes.
Please enjoy this music while the steering disables and we drive off a cliff."
Shocking! (Score:2)
This "recall" is likely a hoax designed to make people think that other people actually still buy Mitsubishis. Too obvious though, since you surely don't know anyone who will actually admit to buying a Mitsubishi in the last five years, if not ten. How long now until they leave the US market completely?
Hello (Score:1)