Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Why Your Phone Gets OTA Updates But Your Car Doesn't

timothy posted about 5 months ago | from the 5g-at-95-mph dept.

Software 305

New submitter kjbullis writes with this snippet from Technology Review: "When Toyota recalled over two million cars last week because of flaws with antilock braking systems and other problems, the fix was simple — a few software updates .The implementation of that fix is far from simple. Every one of those cars has to be taken into a dealership to have the new software installed, an expensive process that can take months. Cars that haven't been fixed could, in some cases, suddenly stall and crash. There is an alternative — the same sort of remote software updates used for PCs and smart phones. Indeed, one automaker, Tesla Motors, already provides what it calls 'over-the-air updates,' which allowed it to execute a recent software fix without requiring anybody to bring in their cars. But other automakers are dragging their feet, both because they're worried about security and because they might face resistance from dealers."

cancel ×

305 comments

Umm safety? (5, Insightful)

fsck-beta (3539217) | about 5 months ago | (#46298563)

Because a bad update on the phone won't cause a high speed fiery wreck.

Re:Umm safety? (4, Insightful)

camperdave (969942) | about 5 months ago | (#46298623)

Also a phone has communication capabilities built right in. A car... not so much.

Re:Umm safety? (1)

Anonymous Coward | about 5 months ago | (#46298713)

You're right. Cars don't have RF receivers. Oh wait.

Re:Umm safety? (3, Insightful)

mythosaz (572040) | about 5 months ago | (#46298781)

Which modern car do you think doesn't?

Re:Umm safety? (1, Informative)

mythosaz (572040) | about 5 months ago | (#46299081)

The parent is +5 insightful and my post is trolling?

Most every car today comes with some form of remote data receive ability, from full on cellular data all the way down to lowly RDS.

Re:Umm safety? (4, Insightful)

Immerman (2627577) | about 5 months ago | (#46298879)

Well the hardware's cheap, and considering the miniscule data usage I'm pretty sure they could work out something with cell companies - the "phone" wouldn't even need to be on but for a few minutes a month. Wifi support would probably be even cheaper, if not quite as convenient.

I suspect security and inertia are a bigger issues - auto manufacturers have got to be aware of how atrocious their security is, but at present it needs physical access to attack - and if you've got physical access all safety bets are off anyway. I doubt any company wants their cars to be the first to to be used as Anonymous assassination tools, that's the sort of publicity that could decimate their business.

Re:Umm safety? (1)

Kookus (653170) | about 5 months ago | (#46299021)

Many cars come with onstar capabilities. which means they have a phone in them.

Re:Umm safety? (1)

CanHasDIY (1672858) | about 5 months ago | (#46299083)

Many cars come with onstar capabilities. which means they have a phone in them.

... and it's a serious pain in the ass to disable. At least, in my truck it is (have to remove the gauge cluster to get to the module).

Re:Umm safety? (0)

Anonymous Coward | about 5 months ago | (#46299117)

I thought there was a separate fuse for onstar?

Re:Umm safety? (3, Interesting)

tiberus (258517) | about 5 months ago | (#46298657)

Hmm, but, you have to weigh that risk (and okay, I'm assuming software updates won't occur while the car is moving) against the risk of not updating a vehicle. Yes it's a numbers game and their are vested interests both ways (e.g. I have a vested interest in your car getting a safety update).

Re:Umm safety? (1)

CrimsonAvenger (580665) | about 5 months ago | (#46299091)

Did you weight the risk of a malicious attack on your car via its over-the-air update capability?

Re:Umm safety? (2)

CanHasDIY (1672858) | about 5 months ago | (#46299107)

I have a vested interest in your car getting a safety update

This statement sums up exactly what's wrong with society today, IMO.

Believe me, dude, that's a slope you don't want to go slipping down. Because I could respond with, "I have a vested interest in making sure my neighbors aren't cooking meth," implying that they (which implies all citizens) don't have a right to be free from unlawful search and seizure in their (our) own homes.

Manufacturer Interest (2)

Etherwalk (681268) | about 5 months ago | (#46299267)

The *manufacturer* has a vested interest in making sure your car has a safety update--it's a bit different than just the neighbor's concern. Think about it. If you make a product that *will* kill a few hundred people over its lifetime unless you fix it, and only half of the owners will bring it in for an upgrade, wouldn't you rather be able to push the upgrade out?

An auto-upgrade is a major safety feature. Is there a security issue? Yes. But not an unsolvable one.

Every manufacturer will switch to auto-upgrades when the first one loses a massive tort case over failure to auto-upgrade.

Re:Umm safety? (5, Funny)

ifiwereasculptor (1870574) | about 5 months ago | (#46298687)

Of course it does. Happened to me. Since my Nexus 4 updated to KitKat, I sometimes lose 3g signal. So there I was on the highway, trying to send a text, when, again, whatsapp refuses to send my message. I get frustrated, connect the phone to my laptop, fire up ADB and, lo and behold, the car crashes. It's ridiculous. I'm going to fucking sue Google.

Re:Umm safety? (1)

slapout (93640) | about 5 months ago | (#46298885)

They'll just tell you that it's a software problem and that you should sue WhatsApp/Facebook.

Re:Umm safety? (2)

thue (121682) | about 5 months ago | (#46298759)

Obviously the update should not be applied while the car is turned on... car companies are not that stupid.

Updates always come at the wrong moment (5, Funny)

Anonymous Coward | about 5 months ago | (#46299127)

Oh no, I need to get the hospital quick. "please wait while your car is being update... installing update 1 of 35... time remaing 1 h 16"

Re:Umm safety? (1)

CanHasDIY (1672858) | about 5 months ago | (#46299143)

Obviously the update should not be applied while the car is turned on... car companies are not that stupid.

Just so we're clear... you're saying that the companies that brought us such gems as the Corvair, Pinto, Daytona, Monza, et. al., aren't stupid? Or just not stupid enough to send OTA updates while the vehicle is in drive?

How would that work, anyway?

Re:Umm safety? (1)

Anonymous Coward | about 5 months ago | (#46298823)

You give the car companies way too much credit.

They don't give a shit about our safety - that's why it has to be legislated and why they ALWAYS fight safety legislation. Always.

The updates are done at the dealership so while the software is being updated, you're walking around looking that the new models and it gives the salesperson to harass you.

It gets you to the dealership to shop.

When it comes to the intentions of business, cynism is always appropiate.

Re:Umm safety? (1)

viperidaenz (2515578) | about 5 months ago | (#46299037)

Not really just to shop.
It gets you to the dealership, which the manufacture pays for time and materials.
The manufactures can't do this directly because they don't have a large network of sites to do the work at, because there is legislation that forces them to go through dealers.

Re:Umm safety? (4, Interesting)

jeffmeden (135043) | about 5 months ago | (#46299043)

You give the car companies way too much credit.

They don't give a shit about our safety - that's why it has to be legislated and why they ALWAYS fight safety legislation. Always.

The updates are done at the dealership so while the software is being updated, you're walking around looking that the new models and it gives the salesperson to harass you.

It gets you to the dealership to shop.

When it comes to the intentions of business, cynism is always appropiate.

Strangely, the dealership/manufacturer model is rather adversarial, with dealerships lobbying (successfully) for control over who sells cars where, locking out the automakers from any attempt at selling directly to customers. The reason dealerships would balk at OTA software fixes is that they get a nice steady stream of revenue from the manufacturer by performing those recall updates. Its easy work: they plug the car in, double click, and collect $100 or more from the manufacturer. Who wouldn't want to run a shop that had guaranteed, easy to complete work that's always paid for on time? Time to lobby to make sure doing it any other way is illegal!

Re:Umm safety? (1)

CohibaVancouver (864662) | about 5 months ago | (#46299105)

They don't give a shit about our safety - that's why it has to be legislated and why they ALWAYS fight safety legislation. Always.

They fight a lot of it because it raises the price of their cars which in turn causes consumers to delay their purchases.

Let's imagine you could buy a car that was $2000 cheaper without airbags - Would people buy them?

Re:Umm safety? (1)

Dishevel (1105119) | about 5 months ago | (#46299181)

Are you mad bro? Because you are either stupid or currently not thinking straight.

Look at high end autos. Lane departure warnings, heads up displays, adaptive cruise control, cars that stop before you know there is an issue.

When people care about safety the car companies give it to them. Period. It just makes good business sense.

Re:Umm safety? (2)

plover (150551) | about 5 months ago | (#46298837)

Just because an update came over the phone doesn't mean it will crash your car. A bad dealer update could cause the same problem.

The main difference is the update mechanism may have a security flaw. But really, if your car can already get on line for any reason (traffic, directions, reservations, etc.) it already has a significant attack surface. This is just one more application that could let an attacker have his way with your vehicle.

Re:Umm safety? (1)

Anonymous Coward | about 5 months ago | (#46298877)

I personally am glad cars don't get OTA updates:

1: What happens if a glitch happens during the update process? No-start conditions suck, and having to get a tow to a dealer because of some glitch isn't popular. One European car brand, you have to "register" a new battery with the dealer, or the vehicle will not start, or if it does, it will function in a degraded mode.

2: How secure is the update process? Oh, the update is signed? Someone can easily hack the HSM holding a private key and sign a module under an authorized identity, even though the private key is well protected, which happened with an OS maker a few years back. Once bogus updates are made, it isn't too tough to forge an update advertisement and push out a car-destroying image... or just have the image lock out updates and demand the car maker pay the organization a couple billion dollars... or else the cars will disable en masse.

Re:Umm safety? (1)

The MAZZTer (911996) | about 5 months ago | (#46298883)

Considering how many people text while driving, it might PREVENT one!

Re:Umm safety? (1)

ackthpt (218170) | about 5 months ago | (#46299045)

Considering how many people text while driving, it might PREVENT one!

I don't think I'd like an update to happen while I'm away from home, let alone moving. If I'm at home and the car fails on the installation update or to work afterwards I have my bike and public transportation options. When I was 400 miles from home and needed car repair I was stuck in a hotel for 3 days, the novelty, even of having a loner car, wore off pretty fast.

Re:Umm safety? (1)

Riceballsan (816702) | about 5 months ago | (#46299023)

Safety + security indeed, which in this case are one and the same. Imagine someone manages to spoof an OTA update for your car, and it is a trojan horse causing your car to go into a serious wreck etc... Potential side effects could be devastating.

TR article inaccuracies (0)

Anonymous Coward | about 5 months ago | (#46299139)

The software update to reduce the time that a Prius switched from regenerative braking to friction braking--because ABS was needed--happened in 2010, not recently. Updates to not take "months." The currently available software update to the motor-generator/powertrain system was announced last week; it is to protect some power transistors when accelerating during highway speeds. I just had that update installed, along with three other maintenance items, this morning in just two hours.

Re:Umm safety? (0)

Anonymous Coward | about 5 months ago | (#46299241)

"Because a bad update on the phone won't cause a high speed fiery wreck."

Yes, Markho, the Bosnian mechanic, who doesn't understand a word you say, is much more trustworthy.

Call me paranoid... (4, Insightful)

Forbo (3035827) | about 5 months ago | (#46298587)

...but I'd rather not add any more attack vectors than absolutely essential.

Re:Call me paranoid... (1)

tiberus (258517) | about 5 months ago | (#46298725)

Can't saw I'm a big fan of adding cellular or WiFi to a car for this purpose but, how hard would it be to "have an app for that" connect your phone via USB and wala you have control and choice. The app notifies you of an update, etc. Of course you'd also incur the liability for having not installed a software update that has been made available.

Granted no matter what method is chosen, there will be risks and issues. Pretty sure their is something better than what we are doing or not doing now.

Re:Call me paranoid... (1)

Marxist Hacker 42 (638312) | about 5 months ago | (#46298803)

Pretty sure this could be done via the ODBII connector with the right kind of bluetooth dongle.

Re:Call me paranoid... (0)

Anonymous Coward | about 5 months ago | (#46298809)

If only there was an app to learn to spell voila properly....

Re:Call me paranoid... (1)

michelcolman (1208008) | about 5 months ago | (#46299157)

Yeah, it's quite difficult, with the accent and all.

Re:Call me paranoid... (0)

Anonymous Coward | about 5 months ago | (#46298831)

The word you're looking for is "voilà" not wala (which, incidentally, is not a word).

Re:Call me paranoid... (2, Interesting)

mrchaotica (681592) | about 5 months ago | (#46299003)

Or better yet, why can't the manufacturer just email everybody a flash drive containing the update which they can then stick in the car's USB port at their leisure? No phone necessary, no possibility of wireless hacking, and the owner can apply the update at a time when it's convenient for them (avoiding the possibility of a bad update stranding somebody in the middle of a road trip or something).

Sure, the cost is probably higher than OTA updates, but it's lower than dealer updates and it maintains the manufacturers' incentive not to screw up in the first place.

Re:Call me paranoid... (4, Funny)

CanHasDIY (1672858) | about 5 months ago | (#46299163)

Or better yet, why can't the manufacturer just email everybody a flash drive

Channeling Morbo...

EMAIL DOES NOT WORK THAT WAY! GOODNIGHT!

Re:Call me paranoid... (1)

Rob the Bold (788862) | about 5 months ago | (#46299243)

Or better yet, why can't the manufacturer just email everybody a flash drive

Channeling Morbo...

EMAIL DOES NOT WORK THAT WAY! GOODNIGHT!

Then fax it to them.

Re:Call me paranoid... (1)

Rogue974 (657982) | about 5 months ago | (#46299213)

1) Wait until USB updates for cars are the norm
2) Send USBs that infect the cars with viruses and then they will crash at predetermined time
3) Send blackmail notices that arrive when a certain number of cars throw themselves off the highway at high speed actives
4) Profit

Or

1) Wait until USB updates for cars are the norm
2) Put USB sticks in mail to rich people who's cars you want to boost
3) Wait until they plug it in and have the car unlock itself and then start up at a time you want to boost it, like when they are at the office and you are waiting outside
4) Profit

Or just go tin foil hat and realize that terrorist can follow this and program all cars when the get over 70 miles an hour to accelerate and then cut the wheel all the way to cause mass destruction. How many people would see it and plug it in not realizing they just infected their car OS with a killer bug.

Cars need to not be hackable and the more we connect them, the more hackable they become. USB isn't as bad as connecting them, but it is trusting that granny or Joe blow will know, "This USB looks like a fake" and not plug it in. We can't convince them not to open email attachments from people they don't know, how will we stop this.

The whole point is to get the 'consumer' inside (0)

Anonymous Coward | about 5 months ago | (#46299221)

Car dealerships don't make big money on new car sales, it all comes from used sales and repairs.
Making updates a dealear-only item is a bone the manufacturers throw to to the dealers. Once the soon-to-be victim gets in to the dealers clutches theres a great chance for the dealership to either upsel or outright bilk the car owner out of significant cash.

Re:Call me paranoid... (1)

cfulton (543949) | about 5 months ago | (#46299025)

The above is the best of all the ideas. Puts the onus on the owner. Makes it much harder to push a fake update and allows the car company to always be up to date; it being the owners responsibility to apply the update. I like it.

Re:Call me paranoid... (1)

gaudior (113467) | about 5 months ago | (#46299261)

Why not simply have that option in the car? This is all those fancy new cars with video displays, right? You just get an option that says, "There are updates available for this vehicle." Just like most software these days.

I wouldn't want this tied to smartphones, because many people do not have them. My next car will probably have some of these new 'features' , because you won't be able to buy a car without them. But I don't have a smart phone anymore, and I won't be getting one.

Re:Call me paranoid... (-1)

Anonymous Coward | about 5 months ago | (#46298727)

I hope you don't drive a car with OnStar.

Re:Call me paranoid... (1)

Mashdar (876825) | about 5 months ago | (#46299093)

In Soviet Russia, computer crashes you!

I would rather not have my car get updated OTA (1, Interesting)

Anonymous Coward | about 5 months ago | (#46298593)

What happens when it loses connection or gets hacked. I rather not have everything in my life constantly connected. Cars have too many computers now that have things go wrong.

Re:I would rather not have my car get updated OTA (2)

SJHillman (1966756) | about 5 months ago | (#46298773)

I was assume the same thing that happens when anything else loses connection during an update... it will either hold the download until it can complete or else will cancel it. I don't know of any device that patches itself while it's still downloading the update... storage is cheap enough that nothing should be doing that in this day and age... cache first, then install.

Re:I would rather not have my car get updated OTA (0)

Anonymous Coward | about 5 months ago | (#46299269)

You would think that, but automakers are the kind of bean-counter paradise that will short a car a half a cent on a cheaper gasket if the spreadsheets say it won't lead to higher warranty costs. Espically if they know it will fail shortly after the warranty is up, because it drives owners to the dealership for costly repairs.
http://www.girardgibbs.com/dexcool/

Reboot at 70? (1, Insightful)

some old guy (674482) | about 5 months ago | (#46298599)

Please wait while Windows restarts your......KER-BAM!

Re:Reboot at 70? (3, Funny)

thevirtualcat (1071504) | about 5 months ago | (#46298751)

That would be if the Windows Update team designed it, yes.

It would also idle for half an hour while the update installed.

Re:Reboot at 70? (1)

Anonymous Coward | about 5 months ago | (#46298865)

That would be if the Windows Update team designed it, yes.

And you really think car manufacturers are going to do a better job than Microsoft?

Re:Reboot at 70? (1)

thevirtualcat (1071504) | about 5 months ago | (#46299005)

Having had the misfortune of using the infotainment centers in some modern cars, that's a fair point.

Re:Reboot at 70? (0)

Anonymous Coward | about 5 months ago | (#46299033)

Well, there aren't widespread car viruses are there?

Score another win for Tesla (-1, Redundant)

Anonymous Coward | about 5 months ago | (#46298627)

Tesla is already doing these sorts of updates:

http://www.technologyreview.com/view/523621/tesla-motors-over-the-air-repairs-are-the-way-forward/

I suspect the dealers would push back because they can't pad the bill with other "necessary" work, or sell you extras when you come in for the free fix.
Score another win for Tesla for not using the dealer business model.

Re:Score another win for Tesla (1)

Mashiki (184564) | about 5 months ago | (#46298915)

Warranty work via recalls are always free to the consumer, even if your car is out of it's warranty period. The only they could "pad" would be the bill to the company itself. Which would state "X warranty service" and then the head office would pay for the labor. Since you know, that's how it actually works.

Re:Score another win for Tesla (1)

bobbied (2522392) | about 5 months ago | (#46298919)

Actually, manufacturers PAY dealers for warranty work. So the dealers make bucks for recalls. Maybe not as much as when they catch a live one that lets them do all the "routine service" stuff too, but they make money on recalls.

brick your car (4, Insightful)

roc97007 (608802) | about 5 months ago | (#46298633)

Although it doesn't happen as often these days, I do remember OTA updates bricking my phone in the past, and PCs under my care are still occasionally screwed up by "drive-by updates" in the middle of the night. For something like a car with the potential for property damage or stranding me and mine far from civilization, I'm pretty sure I don't want automatic OTA updates, even if they could arrange that the car not be moving during the time. I want to know exactly what problem the update is solving, the likelihood I will experience that problem, whether the update and backout procedures have been vetted, and the post-update test procedure. I make a living with my camera, and I don't blindly install firmware updates for it either.

Re:brick your car (1)

SJHillman (1966756) | about 5 months ago | (#46298821)

Given that most newer cars have some sort of LCD screen interface either for the HUD or the GPS/radio, it seems like it would be (relatively) trivial to run an update prompt through that, including either a short changelist or a reference number to look it up online. My bare minimum requirements would be some sort of screen to give feedback from an update, whether it failed, succeeded or gave some sort of error.

Re:brick your car (1)

i kan reed (749298) | about 5 months ago | (#46298899)

And when it was coded just a hair wrong, and fails in a way that wipes your control subsystems, because of an unexpected register state, well, ooooooooooooooops.

Re:brick your car (2)

ColaMan (37550) | about 5 months ago | (#46299125)

, because of an unexpected register state, well, ooooooooooooooops.

oooooooooooops indeed, that'll be at least 50 milliseconds while the system watchdog reboots into previous firmware version.

These are not the people that do your phone updates. These are people that deal with real-time embedded systems that are safety-criticial. There will be something like a hardware watchdog set that is used for the next 100 times of vehicle operation that triggers the 'fail safe' option of returning to the previous firmware.

Re:brick your car (1)

SQLGuru (980662) | about 5 months ago | (#46298909)

I seem to recall a couple of updates that got yanked after their initial release because they were bricking devices. The bug was fixed and they were re-released, but it still happens way too often.

I would suspect, thought, that a car would auto-download the update but only apply when the user accepts it. Even if you turn off the car, they can't start applying an update without alerting you that the update could take X minutes --- time that you wouldn't be able to use your car.

Tuesday updates (5, Interesting)

tomhath (637240) | about 5 months ago | (#46298641)

I'd rather not have a car manufacturer get into the mindset of assuming problems like that are cheap and easy to fix (so they can scrimp on testing)

Re:Tuesday updates (2)

Riceballsan (816702) | about 5 months ago | (#46299099)

Not to mention the secondary cost, lets assume testing is the same on both situations, a car goes out to the manufacturer, update is applied, update botches, car software system is bricked. The dealer can pull a spare hard drive or whatever it is stored on out of the back, get the car up and running etc... Now OTA update botches, does the dealer make a house call to swap out the car's storage, or do they pay for a tow truck? When an update fails and the device is rendered unusable... getting a car to the location to be repaired is considerably more expensive than a phone.

OTA seems excessive...How about USB? (1)

zidane2k1 (971794) | about 5 months ago | (#46298659)

How about firmware updates that a user can just download off the manufacturer's website, save on a USB stick, and insert it into a USB port somewhere on the dash?

A little less convenient than OTA, but with lesser risks, and still a whole lot more convenient than going to the dealer's service department.

Re:OTA seems excessive...How about USB? (1)

amiskell (1975458) | about 5 months ago | (#46298789)

I was thinking the same thing, use a USB stick to update the vehicle's onboard software. We use it to update navigation data on current vehicles, some use DVDs to update the infotainment software, it shouldn't be too hard to allow updates to the other modules in the vehicle as well.

Re:OTA seems excessive...How about USB? (0)

Anonymous Coward | about 5 months ago | (#46299059)

Agreed, in part - if the update is easy and cheap to push out, they will spend less time testing to make sure it's correct and doesn't start new problems, and will lead to manufacturers pushing out vehicles that are "not ready" because they can push out updates next month when they fix it. With Windows or phone updates, they can push out crap, and if it causes problems, just push another update out (assuming they don't break it completely).

I don't even like the idea of it being on a website I can download and install myself - again, too easy/cheap for the manufacturer, and lets them get out of their responsibilities too easily.

At least make them go to the expense of sending out a preloaded USB stick to all owners that requires no more smarts than to plug it in and hit ok on a screen or something. Because if you tell the average driver to go to some website, download some file, figure out how to put it on a usb drive (what's a USB drive?) and then go through some process to install it, it's not going to happen, so has safety issues for the public, even if the manufacturer is "off the hook" legally.

Making you go to the dealer has the benefit of 1) having someone supposedly qualified to do the install, and 2) tracking whether it's done or not, so they know the state of a particular car wrt recalls.

BTW, I don't so much mind if they go the easy route for something isolated from the core vehicle, like a radio/nav/entertainment system (assuming it is separate and isolated), but for the "core" vehicle computer, any updates should have a higher level of safety/assurance.

And no matter how they send it, it should require the owner to explicitly approve it - last thing I want is for some major part of how my vehicle works to change when I'm not expecting it.

And finally, I can drive a bricked phone to Verizon to fix it, but I can't drive a bricked car to the dealer to fix it.

Re:OTA seems excessive...How about USB? (1)

Z00L00K (682162) | about 5 months ago | (#46298893)

The car manufacturers these days makes more money on aftermarket service programs than on selling the cars themselves.

That's one driving factor.

Another factor is that many modern cars today runs only CAN buses which are very slow, and they don't want to go Ethernet because it's seen as dangerous and unreliable. This means that an update of an ECU can take 30 minutes to download, and a modern car today have between 10 and 70 ECUs - this means that a major upgrade is time consuming, and the car can't be used during that time.

Manufacturers like Tesla don't suffer as much from the legacy of CAN and Autosar so they can pick a much more modern approach.

Re:OTA seems excessive...How about USB? (1)

certsoft (442059) | about 5 months ago | (#46298939)

Ford did an update to the MyFord Touch infotainment system last year this way. Downloaded a bunch of files onto a USB drive, plug into car, wait 20 minutes. Since it uses an automotive version of Windows CE of course it needed to reboot a half a dozen times during the update. But for power-train related updates you have to take it into the dealer.

Re:OTA seems excessive...How about USB? (2)

bobbied (2522392) | about 5 months ago | (#46298949)

How about firmware updates that a user can just download off the manufacturer's website, save on a USB stick, and insert it into a USB port somewhere on the dash? A little less convenient than OTA, but with lesser risks, and still a whole lot more convenient than going to the dealer's service department.

No, I don't see *any* possible ways to hack that update path. Not one thing comes to mind.

Re:OTA seems excessive...How about USB? (1)

viperidaenz (2515578) | about 5 months ago | (#46299113)

Or mail out USB sticks the effected customers. Still has to be cheaper than paying a mechanic to do it.

Dealers aren't any safer (1)

hsmith (818216) | about 5 months ago | (#46298661)

Consider that updates are done via firmware that is downloaded and stored on computers at local dealerships (They aren't downloading the updates for every single car they update).

How difficult would it be for any moderately skilled hacker to compromise those machines to side load along with the updates?

So the idea that the dealer is somehow safer, is purely insane.

Re:Dealers aren't any safer (1)

bobbied (2522392) | about 5 months ago | (#46299039)

\So the idea that the dealer is somehow safer, is purely insane.

Not really. Where I get there is an attack vector there, it is a whole lot more indirect than just messing with the car. Are suggesting that somebody might try an attack that involves hacking into the dealer's diagnostic equipment to replace the firmware files with hacked ones so that the dealer will propagate said hack onto customer's cars to do some bad thing to somebody? Seems that there are a whole lot more convenient ways to go about this to me, so Yes, I feel safer having the dealer update my car's firmware.

Your mileage may vary..

Re:Dealers aren't any safer (2)

RyuuzakiTetsuya (195424) | about 5 months ago | (#46299233)

That's not my primary concern. My primary concern is bricking.

Dealer bricks my car, they already have it and can install a new ECU. I brick my car and it's a costly tow truck trip to the dealer.

Electric vs. Gas Powered (1)

Anonymous Coward | about 5 months ago | (#46298663)

I would assume part of the reason that this works for Tesla is that the cars most likely don't hard shut down when they're charging over night. This allows updates to be applied when the car is entirely idle.

No person is going to want to start their car and have it say, "Please wait while we install important updates to your car. Approximate time required will be 30 minutes."

Imagine having to tell your boss you were late because of your car applying necessary updates.

Re:Electric vs. Gas Powered (1)

SJHillman (1966756) | about 5 months ago | (#46298833)

Most ICE cars don't completely shut down either. It may not stay "awake" to the degree that Tesla does, but there's still power flowing. This is what saves your radio stations, among other things.

Re:Electric vs. Gas Powered (1)

Immerman (2627577) | about 5 months ago | (#46298967)

Neither do modern gas vehicles - or have you never noticed the radiator fan running even with the car off? Fucking scary if it starts up unexpectedly when you're working nearby - there's a reason they tell you to unhook the battery before putting your fingers anywhere near the fan.

Re:Electric vs. Gas Powered (1)

badboy_tw2002 (524611) | about 5 months ago | (#46299101)

Guess what, even your gas powered car is still drawing battery power when "off".

Hmm... (1)

sootman (158191) | about 5 months ago | (#46298701)

- because your phone comes with built-in wireless networking but your car doesn't?

- because your phone isn't a 4,000-pound hunk of metal and glass frequently moving at a hundred feet per second in public?

Just a couple thoughts...

Re:Hmm... (1)

bobbied (2522392) | about 5 months ago | (#46299141)

ADD the following to this...

- Your phone only is intended to last about 2 years, manufactures don't support these devices beyond this time because you are expected to replace it. Cars are expected to have 5x that lifespan (if not more) and ARE supported.

- A malfunction in a critical system in a car can easily kill somebody and cause property damage, a malfunctioning phone just becomes a useless object (i.e. a brick) when the firmware update gets scrambled.

- Cars are "critical infrastructure" for most people, you need it to go to work, get to the store, pick up the kids at day care, phones are (even today) unnecessary in the short term.

Potential Cost (0)

Anonymous Coward | about 5 months ago | (#46298715)

Beyond the possible risks to safety, I think it has a lot to do with the price and importance of a car relative to a phone. Cars also must undergo much more strict testing, and are likely to have fewer computer errors that could be easily fixed by flashing a new firmware. (many cars could probably benefit from one or two "updates," though, especially considering how computerized they have become)

Basically, a phone manufacturer and provider is taking less of a financial risk with a faulty or interrupted firmware update. If hundreds or thousands of cars get temporarily bricked, that is extremely bad publicity due to the inconvenience and could cost quite a bit for the company to fix, factoring in towing and service for tons of customers in addition to the possibility of requiring expensive and/or difficult to install replacement parts.

Also cell phones are known to sometimes be troublesome, so it's not like the temporary loss of use of your cellphone makes you unable to go to work or do other daily activities. (there will be a lined phone wherever you are, other than perhaps in your home)

Toyota recall ? (1)

psergiu (67614) | about 5 months ago | (#46298735)

I have a Toyota, it's traction control and all associated assists are acting crazy under certain circumstances (Check Engine light on due to stupid sensor in exhaust pipe + wet road) but i wasn't notified of any recall.
Could this be just for cars that are still under warranty ?
If that's the case, from where i can download the updated firmware and how do i install-it ?

Re:Toyota recall ? (1)

Drew M. (5831) | about 5 months ago | (#46299047)

Toyotas generally disable the traction control when there is a check engine light. You need to get a code reader to read out the error from your car so you can fix the problem which you seem to describe as a bad O2 sensor. A software update will NOT help you. You have a hardware problem.

could email it to us? (0)

Anonymous Coward | about 5 months ago | (#46298795)

install it ourselves usb...

everybody knows that baby has new clothes http://www.youtube.com/watch?v=xEwtUf2sGX4

Dealerships need to die (1)

Anonymous Coward | about 5 months ago | (#46298811)

Dealerships in most populated areas have no reason to exist in the 21st century.

OTA updates (0)

afidel (530433) | about 5 months ago | (#46298847)

Almost every Android manufacturer except Samsung: What are those?

Seriously the average number of OTA updates is slightly under 1 because while a few phones get 2 or 3 there are many that never get any.

Safety, Veracity, etc. (1)

userw014 (707413) | about 5 months ago | (#46298849)

If automobile manufacturers made as few different models of their products as Apple makes of their products, then I might trust that the update process could be reasonably tested and verified.

However, with all the different models and packages and trim lines - combined with different revision levels of different parts from 3rd party manufacturers - that automobile manufacturers produce, I don't think verifying that it's possible to verify that an update that can't be verified and documented by trained people is going to do anything but cause problems from dead cars in garages (or wilderness camps) to dead people when something bad happens at highway speeds.

In short, modern cars are not just one large, lethal embedded system - but a NETWORK of embedded systems controlling a potentially lethal device. A system with an expected useful life of several decades.

The business of embedded systems is barely up to the job of designing for systems with a useful life of several years in a hostile, networked environment. Automotive systems are networks of systems from different vendors, any of which might go out of business at any time - all of which jealously guard their designs as proprietary.

Last fall, I bought a Ford C-Max Energi (plugin hybrid.) It turned out that it had problems charging from a Level 2 (220V) charger that didn't manifest until after I'd been charging for a few weeks - which I didn't do until I installed a Level 2 charger after X-mass. This was a problem documented in the online forums for the car but I never received notice of it.

There are continuing problems with My Ford Touch - although (according to the online forums) it's better than it was a year ago (before an update this past summer.) My Ford Touch interacts with the charging system, the engine, etc. It seems to do so in a passive way - but the whole design of the internal communication network in automobiles (CAN) is based on implicit trust that one system won't send false messages to another system. (And various researchers have already exploited this.)

OTA creates the wrong incentives (3, Insightful)

JDG1980 (2438906) | about 5 months ago | (#46298859)

Having OTA capability encourages vendors to push out incomplete/buggy firmware ("we can always fix it later") and to push out updates without properly testing them ("if it breaks something, we'll just fix it and re-send"). Suffice to say we definitely do not need these kind of perverse incentives on cars.

And that's without even getting into the trouble that a malicious user could potentially cause if they managed to hack the OTA process and sent out spoofed updates to vehicles...

Re:OTA creates the wrong incentives (1)

viperidaenz (2515578) | about 5 months ago | (#46299193)

If you apply an update to a customers car and that causes them to crash and burn half their face off, you can bet you'll get sued.

Rebooting (3, Insightful)

SoundGuyNoise (864550) | about 5 months ago | (#46298863)

When you're running late for work, you don't want to wait for your car to reboot to install a software update.

Calls (1)

slapout (93640) | about 5 months ago | (#46298867)

Tech Support: Hello, this is tech support, how may I help you.

Customer: Yes, I'm trying to install this update on my car and it's not working.

Tech Support: Have you tried turning it off and on again?

Re:Calls (1)

confused one (671304) | about 5 months ago | (#46299131)

You do realize that a number of cars run Microsoft embedded.

dealers... (0)

Anonymous Coward | about 5 months ago | (#46298889)

Why does it seem that everything bad about the automobile industry eventually leads back to the dealers..

Priorities (1)

ericloewe (2129490) | about 5 months ago | (#46298897)

Bricked phone: A pain in the ass.

Bricked car: A major pain in the ass.

Car that suddenly decides to brake (or not to) for no reason: A deadly accident waiting to happen.

Besides, it took the dealership several hours to get my car's systems to accept a (official) retrofitted parking sensor kit. Automotive engineers don't seem to value ease of use in their non-user-facing software features.

Security? (1)

jenningsthecat (1525947) | about 5 months ago | (#46298935)

But other automakers are dragging their feet, both because they're worried about security and because they might face resistance from dealers.

Given that the level of security on OBD2 ports has been utter crap for about two decades now, I doubt the automakers' major concern is security. Even with well-publicized stories about car hacking, auto companies seem to persist in the belief that it will never be a major, widespread threat. It's probably dealer pushback that has them concerned - having a car dealership is a license to steal, and I imagine dealers are very resistant to any change that threatens their ability to charge $500 for 15 minutes' worth of work.

Dealers pay to play (1)

Virtucon (127420) | about 5 months ago | (#46298961)

You have to remember Dealers pay to play and they have contracts with auto makers on what kinds of service they'll perform under warranty and that the manufacturers will always support their interests. It's expensive when an auto maker has to change things in the field but it's a revenue stream for dealerships who charge all of the labor hours + service fees right back to the manufacturers but it's symbiotic and they both milk the customer either coming or going.

Remember when Chrysler and GM went bankrupt and all those dealers were screaming because their dealerships were terminated due to Chapter 11 reorganization [usatoday.com] ? It was a cost saving measure for GM and Chrysler disguised as the argument that fewer dealers meant less competition within their own lines of vehicles.

Bringing the car into the dealership means much more than just fixing a software glitch, it also means the ability to upsell you on their expensive bullshit that you can get from Midas or an independent for far less. Not to mention while you're waiting you can see the new models that are out, you know the ones that don't have all the problems your current vehicle has. That means it's ultimately in their best interests to keep you coming to them when you need your headlight grease changed. Think that's unrealistic? Manufacturers are putting more and more components into cars that independent service people can't repair [myfoxtampabay.com] just to keep the symbiotic relationship going.

Tesla can't do that because they don't have dealers so pushing changes makes sense for them but now I'll suspect that some hacker network in Eastern Europe will be trying to figure this out so Telsas can be used as WMDs.

Re:Dealers pay to play (1)

viperidaenz (2515578) | about 5 months ago | (#46299207)

Yeah... all those new models built by the same company who built that piece of shit of yours that you need to keep getting fixed.

Responsibility for the upgrade itself (1)

HockeyPuck (141947) | about 5 months ago | (#46299057)

If it's OTA and my car gets bricked, is the manufacturer going to send a tow truck to my house and take it to be repaired? This would be a major unplanned inconvenience for me.

If i have to take it into the dealership anyhow, and it gets bricked, it's already there and in capable hands of being fixed. If I time the update with other maintenance like oil changes, then it's all done at the same time.

The Tesla model could work perfectly well, just like i've never had my home router brick when doing upgrades, but if my router did brick, I'm not stuck somewhere.

Do not want. (2)

The Grim Reefer (1162755) | about 5 months ago | (#46299095)

There are way too many issues that this can cause for me to ever want a car that can do this. Here's a few:

Hacking. What's to keep a system like this secure? What happens if some criminal organization for bribing owner to pay them to "unlock" your car? Or a crazy person or group from changing the firmware to lock the brakes when the car hits 50 mph? Or just some 9 year old kid from doing this for the hell of it. And any number of other possibilities.

What happens if the process is interrupted in the middle of re-flashing? Does the car need to be towed in and the ECU replaced?

If there's a bad update, it's a hell of a lot better for it to be discovered quickly in the first few cars that receive it. It kinda sucks if the update is bad and suddenly a million+ cars all fail at the same time.

Perhaps I don't want the update. Granted, this doesn't happen often. But there have been cars that were recalled because they had more torque than they should have. Perhaps I want to keep this feature.

How many times have programs or video cards been released sooner than the software or drivers were ready. Being able to push out updates makes it possible to release a car that is not really ready. I would like to think it wouldn't happen. But as soon as someone's bonus is dependent on making a deadline, it will. Actually this would become pretty common I think. It's not done now because it costs the manufacturer a lot of money. Pushing updates would be very cheap by automotive company standards.

What's the added cost for this going to be?

I don't drive very much as it is. How much of a drain will this type of system put on my battery?

I don't want to have to pay to fix the update system when it breaks. A car is one of the harshest environments electronics can be in.

There was an article on /. not too long ago about the automotive industry charging monthly fees for functionality. I don't want a system like this in my car that would allow for fees of any kind.

I could go on. Perhaps I'm old and set in my ways. But I don't see any real benefit to this that would outweigh the potential issues.

Eup!! (-1)

Anonymous Coward | about 5 months ago | (#46299197)

A hybrid approach (1)

shellster_dude (1261444) | about 5 months ago | (#46299259)

A lot of people don't trust their car manufacturer to be in charge of firmware pushes. That makes perfect sense. Maybe the best approach, would be utilizing special software on existing smartphone platforms. This solves many issues at once. Car owners don't have to worry about their car "phoning home" or the dealer pushing "fixes" without their knowledge, while simultaneously giving the car owner, and the dealer the advantages of a remote software update. If you want it, you can install the dealer's smart app, and hook your phone up to your car for an update.

There are, of course, new issues. You need to properly sign and validate your updates, to make sure they are delivered to the cars uncorrupted, in the correct format, and that no one else can use the functionality to hack the car.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...