Software updates should absolutely be recalls. Ship a complete vehicle or don’t. I absolutely do not want cars to turn in what games are today. I do not want hotfixes on my car because they didn’t test. Fuck an OTA update too, I don’t want that either, if they need an update it’s a recall and the cars have to go back to the shop. I want it to hurt and appropriately damage the company’s reputation.
In my opinion it points to a more dangerous thing, “continuous delivery” software mindset seeping into safety critical systems.
It’s fine, good even, that web developers can push updates to “prod” in minutes. But imagine if some dork could push largely untested control system updates to your car’s ECU… it’s one thing for a website site to get a couple errors, but it’s a very bad thing if it makes your steering wheel stop working.
Unfinished products make more money, and it’s high time a consumer protection law clamped down on this.
I agree I mean how many times in the past couple of years have large sites or services gone down because an update was pushed through.
Most recently I can think of teams going down earlier this year.
Should be protocols put into place for cars that need to be followed for a software update.
Should be protocols put into place for cars that need to be followed for a software update.
Protocols are in place. We can argue over wether or not those are good enough, but the car industry is incredibly heavily regulated.
Those protocols include certain systems being designated as “critical” and significantly more testing is required to change them. Some changes can only be made after an entire year of testing by a third party auditor including crash tests, emissions tests, etc.
Updating the map to inform the driver that a police officer is standing around the next corner with a radar gun? That can be done OTA with zero testing (and yes, my car does that). That’s not a critical system, it’s an important safety feature. If the car ahead of me is going to slam on the brakes the moment they see the officer… I want to know it’s likely to happen ahead of time - might even slow down myself. ;-)
This operates under the assumption that cars produced before the era of OTA updates could not have been improved by OTA updates. I’ve used a few of them, and that doesn’t seem to be the case.
But imagine if some dork could push largely untested control system updates to your car’s ECU…
While I can’t deny that this isn’t categorically impossible, it seems incredibly unlikely. At the very least, I don’t think we’ve seen this happen yet, and OTA updates have been around for a while now.
Put your hate for Tesla aside for a moment. If a car company can fix an issue with a simple OTA software update, it’s way more convenient for both the customer and the manufacturer. Quality control of an update is a separate issue but I don’t imagine there’s a difference whether your car updates itself or gets taken in for the update- the same patch gets applied in either case.
It’s not Tesla that I hate. It’s shipping products too quickly.
The inconvenience is the point. I want people to be inconvenienced, myself included. That means people complain to one another. I’ll know which models suck simply by talking to people around me. I do not want quiet stealthy patches for things like an accelerator pedal. Either do it right or pay the price. We used to make cars without hot fixes, we don’t need to start. It will allow auto manufacturers to further cut corners and push for faster releases with less testing, and we pay the price with our lives.
We used to make cars without hot fixes, we don’t need to start. It will allow auto manufacturers to further cut corners and push for faster releases with less testing, and we pay the price with our lives.
Is that borne out in the data though? It seems modern vehicles are way safer and more reliable compared to older vehicles.
Motor vehicle fatalities had their nadir in 2014, which coincides with the time when we had all major safety innovations sorted out: Advanced air bags, stability and traction control, ABS, RADAR/LIDAR/etc. collision avoidance on fancier models, reverse cameras, mandatory TMPS, etc.
Cars today are basically exactly the same mechanically and insofar as physical safety features existed in 2014. But the line goes back up into the 2020’s as idiots started packing cars with touchscreens, everything-by-wire control systems, hiding critical controls into the infotainment screen, removing physical tactile controls, and loading everything with mountains of electronic distractions. Many of these whizz-bang electronic features nobody actually wants are also released in a sorry state. New cars are objectively worse than cars from 10-15 years ago, with the possible exception of EV range.
Think of the inverse though- it used to be that in every case when your car had an issue you needed to either take it in yourself or have the technical knowhow to fix it yourself.
I do agree that it’s a slippery slope for automakers to get lazy and cut corners, but I think stricter regulation is the better solution than forcing an unnecessary inconvenience onto the customers.
it used to be that in every case when your car had an issue you needed to either take it in yourself or have the technical knowhow to fix it yourself.
That knowledge is mostly trivial. 7/10 repairs a regular Joe could do. Or worse comes to worse you can take it to a mechanic of your choosing.
I’ll take that level of service.
With the Tesla model, you very like end up with a 100k brick that no one can work on except very expensive very specialized very limited service centers.
A Tesla battery is expensive…now look at install costs. And if you’re not using an authorized installer, you’re locked out of the supercharger network.
I’m amazed how many people here drive Teslas. I think there’s only one Tesla dealership in the entire state. It would take a good 2 hours to get there from here. I guess they’re okay with having to pay for a tow all that way if something seriously goes wrong since there’s no local mechanic who will be able to fix it.
They are dirt cheap around me, which is why I see so many of them. I saw a 2016 Model S with the Ludacris update go for 13k. I kind of wanted it just to drive one, then I looked up the repair prices.
Sure… I’d get a maybe 200 mile range out of it in the summer…but once winter hit I was looking at like 25k-50k to replace the battery and the motors.
I can swap the motor and transmission in my car for less than 10k and have a mostly new car.
Or worse comes to worse you can take it to a mechanic of your choosing.
That’s also what I meant when I said “taking it in.” In either case you’re taking your car somewhere to get it repaired for X hours instead of applying an update at your home.
A Tesla battery is expensive…now look at install costs. And if you’re not using an authorized installer, you’re locked out of the supercharger network.
We aren’t talking about batteries.
I just think there’s more nuance to the situation and saying that cars should be as inconvenient as possible to fix isn’t a good solution to lazy auto software that requires future patching. Rigorous safety testing and regulation around car software sounds like a better plan to me- automakers will be held to really high standards and the consumers will still benefit from simple OTA patches to fix their vehicles when necessary.
That knowledge is mostly trivial. 7/10 repairs a regular Joe could do. Or worse comes to worse you can take it to a mechanic of your choosing.
That’s not true anymore. Modern cars have really complex problems that even mechanics struggle to fix. Especially when it’s a software problem… usually those problems just never get fixed.
As a software developer (not an automotive one) my take is the fix is to have everyone be running the same software, so that fifty thousand dollars diagnosing and fixing a problem for one car will result in it being fixed for all cars. Spread the cost out like that and it’s affordable. Otherwise it just won’t get fixed at all.
Should we go back to basic cars? I think so yes… but then I ride a motorcycle that doesn’t even have water cooling or a battery. But most people aren’t like me. They want lane keeping cruise control/etc.
I don’t want ANY manufacturer to be able to silently fix huge problems. This is not a Tesla issue. But they’re the ones currently doing it. Now to bring it back to Tesla… Do you want Elon to be able to cover his ass after a dozen people die to some manufacturing defect… Just for Tesla to silently fix some software thing and never get found out/thrown in jail for negligence?
I dont disagree with anything you said, I just think there should be a different, but equally severe term for clarity. It’s not hurting Tesla so much as devaluing the word “recall”. Make it hurt, Tesla is reckless with the way they ship unfinished products, but as I said before, I wasn’t even sure what “recall” meant in this sense.
I’m saying upgrade what it’s considered to recall. No OTA hot fix, car goes back to the shop. A proper recall just like any other recall. A software issue is just as dangerous as a hardware issue for something like an accelerator pedal. To be clear, this isn’t Tesla hate, this is modern “sell unfinished products” hate. I’d say the same thing for any other manufacturer.
If the blinker pattern needs to be updated, that’s fine for OTA in my opinion, and shouldn’t be a recall. Problems with the accelerator, brakes, steering, anything safety critical - nah. Recall for that, proper recall.
Recalls still require the customer to take action. They’re much less likely to go into the shop to have it fixed than press a button on their phone and have the car fix itself overnight.
Your suggestion for not allowing safety software fixes OTA is dangerous.
Other way around. Unsupervised OTA updates are dangerous.
First: A car is a piece of safety-critical equipment. It has a skilled operator who has familiarized themselves with its operation. Any change to its operation, without the operator being aware that a change was made, puts the operator and other people at risk. If the operator takes the car into the shop for a documented recall, they know that something is being changed. An unsupervised OTA update can (and will) alter the behavior of safety-critical equipment without the operator’s knowledge.
Second: Any facility for OTA updates is an attack vector. If a car can receive OTA updates from the manufacturer, then it can receive harmful OTA updates from an attacker who has compromised the car’s update mechanism or the manufacturer. Because the car is safety-critical equipment — unlike your phone, it can kill people — it is unreasonable to expose it to these attacks.
Driving is literally the most deadly thing that most people do every day. It is unreasonable to make driving even more dangerous by allowing car manufacturers — or attackers — to change the behavior of cars without the operator being fully aware that a change is being made.
This is not a matter of “it’s my property, you need my consent” that can be whitewashed with a contract provision. This is a matter of life safety.
If a car can receive OTA updates from the manufacturer, then it can receive harmful OTA updates from an attacker who has compromised the car’s update mechanism or the manufacturer.
There’s potential for a very dystopian future where we see people assassinated, not via car bomb but via the their cars being hacked to remove braking functionality (or something similar). And then a constant game of security whack-a-mole like we see with anti-virus software. And then some brilliant entrepreneur will start selling firewalls for cars. And then it’ll be passed into law that it’s illegal to use a vehicle that doesn’t have an active firewall/anti-virus subscription.
It almost feels like the obvious path things will go down. Yay, capitalism…
I’m not totally opposed to software being used in cars (as long as it’s tested and can be trusted to the degree mechanical components are) but yeah, OTA updates just seem like a terrible idea just for a little convenience. I’d rather see updates delivered via plugging the car in (and not via the charging port - it would need to be a specific data transfer port for security reasons). Alert people when there’s an update, and even allow the car to “refuse to boot” if it detects it’s not on the latest version. But updates should absolutely be done manually and securely.
Cutting someone’s brake lines has been a means of assassination for a while. What’s new here is that it could potentially be done remotely, e.g. an attacker in Bucharest targeting a victim in Seattle on behalf of a payer in Moscow.
So yeah you could assassinate someone like that, or you could break every cars brakes at once and have thousands of simultaneous car accidents timed during some other infrastructure attack
Cutting someone’s brake lines is all or nothing and can’t be done while the vehicle is already in motion. Anyone who is not an idiot will hopefully notice as soon as they start driving that there’s something wrong with the brakes. But you could brick somebody’s car remotely and without warning while they’re taking a curve on the interstate at 80 MPH, and that’d be a lot more problematic.
In reality, few to no people outside of novels and Hollywood have actually been killed by some malefactor “cutting their brake lines.”
Wow man, I never thought about your 2nd point before. Every car like this is a kinetic weapon waiting to be activated. And I was worried about the “self driving” mode…
I don’t think anyone will disagree with you about unsupervised OTA updates.
To your first point- I agree that any update that changes the behavior of any fundamental system in a car is pretty reckless. Especially ones that increase a car’s acceleration, which Tesla historically does. I don’t know why those sorts of updates aren’t being regulated harder. OTA updates should be for mundane things like infotainment updates or, in more serious cases, to fix systems that aren’t functioning properly. It shouldn’t otherwise be used to alter how the car functions as a car, especially when these updates largely happen silently or the changes are tucked into some changelog that the owner doesn’t have to read.
However, to your second point, cars are smart now and there’s no going back. So cars do need software updates to close attack vectors.
However, to your second point, cars are smart now and there’s no going back. So cars do need software updates to close attack vectors.
He’s not saying that cars shouldn’t be updated… But that OTA updates are a problem. They’re saying that it should be a drive to the dealership to do an update. I would go a step further and make it possible to have it opt-in for car manufacturer to send out cd/usbs to update firmware.
Offline updates are generally fine and not super susceptible to general hacking. OTA on the other hand… that’s a massive risk for a reward of… slightly faster fix times?
If it’s a safety system, it might be “have the car taken to the dealership on a flatbed truck”. Also, some people don’t live near a dealership.
Like it or not, all modern cars are connected - for the maps if nothing else - and if a car is capable of an OTA update, I say do it. I don’t see how a dealership adds anything other than cost which will always discourage updates from being made at all.
And I actually think physical updates are easier - connect a laptop to the ECU, and you’re done. It’s generally only OTA updates that use code signing/etc.
all modern cars are connected - for the maps if nothing else
Carplay and Android Auto are better than any other in built infotainment shit. I do not see this as valid. Nor that does mean that firmware on the car should be writable from those systems.
I don’t see how a dealership adds anything other than cost which will always discourage updates from being made at all.
Thus why I said…
I would go a step further and make it possible to have it opt-in for car manufacturer to send out cd/usbs to update firmware.
Then any dick or harry can do it on their own.
But honestly whenever I say “dealer” I really mean any repair shop.
You do realize your entire first point is invalidated by the comment you’re replying to? I just said the customer has to press a button on their phone to initiate the update. On that same phone they can view release notes that clearly outline the recall. Additional on first use, the car will display those same release notes on the screen.
Sure, safety vs convenience is a huge factor in software development. The biggest factor to safety is unpatched software. You know, the kind that requires significant effort to update, such as needing to bring your car into the shop to apply.
Overall your doom and gloom argument against OTA safety updates is pretty weak.
I think you don’t understand the realities of software development. Have you ever tried to write an application that another person is going to use?
The software running onboard modern vehicles isn’t all from the vehicle manufacturer. There are computer parts in there from various manufacturers that have their own software, and all the various pieces have to interact. Bugs can show up later that didn’t appear in testing because no amount of testing can possibly check every interaction, it’s just too complex. And most of those bugs are relatively minor, things like the music player volume not adjusting properly, or a little lag time in the menus. The idea that every customer would bring their vehicle back to a dealer for an update that fixes something like that is ludicrously unrealistic.
I think the point the parent poster was making is that the system shouldn’t be designed that way in the first place. And when the vendor fucks it up due to releasing the product in a half-baked state, the hammer needs to be brought down on them in such a way that it will functionally discourage them from doing it again.
If the electronics providing functionality in your vehicle are so complex that the excuse is being made potentially adverse interactions between its various components from various OEM’s can’t be tested and accounted for, what has actually happened is that designed your product wrong. Throw it away, start over, and do it right next time.
the system shouldn’t be designed that way in the first place
Designed what way? Having parts from several manufacturers? Everything is designed that way. No manufacturer is an island, and having every manufacturer reinvent their own wheels is a terrible idea.
Tesla isn’t going to write their own firmware for every component that they buy from another company and no one sane would expect them to.
when the vendor fucks it up due to releasing the product in a half-baked state
There are so many assumptions about what’s going on in this statement that it’s hard to even begin addressing them. It is not possible to test any device that will be used in the real world in every possible set of circumstances that it might encounter. This doesn’t mean it’s “half-baked”, and it’s not an “excuse”, it’s just the nature of reality. Best you can do is test the most common circumstances.
As someone who might be plowed into by one of these things, I care about the difference. Is it something where 80% of them will be automatically fixed within 72 hours by an auto-update, or is it something I’ll need to worry about for weeks/months. There’s no way to know which recalls have been fixed when encountering a vehicle in the wild, so if it’s a software-only recall fix that applies automatically, I feel less concerned about it once the fix is available.
None of this should be taken as support of recklessly shipping unfinished software into a car.
or is it something I’ll need to worry about for weeks/months
Try years. For example the 2020 Takata airbag recall… wouldn’t be surprised if there’s still a hundred million cars around the world that haven’t been recalled. If you don’t live in a first world country, it wasn’t even possible to get parts for the fix until recently.
Even if the fix was smaller, there aren’t enough mechanics in the world to check/update/test a significant percentage of cars quickly, and manufacturers share components so that can easily happen.
And the biggest time sink for a recall is often not the repair, it’s all the time spent with humans scheduling/testing/documenting the recall. Only way to speed that up is with automation/OTA updates.
Yeah no - you’re dead wrong about that. My oldish car has an annoying glitch where it occasionally goes into limp home mode. The workaround makes it pretty clear this could be fixed with a software change (or even just a non-vague error code would be nice…) - but my car can’t do OTA updates and also it’s old enough it doesn’t really have software so a recall would be hideously expensive.
It’s not a safety problem, so wouldn’t rigger a recall. When it’s under warranty, they fix it… but sometimes it takes several attempts with multiple thousand dollar parts replaced on suspicion before finally finding the one that caused it, when it fails out of warranty… either live with the issue or sell the car for spare parts.
if an OTA update was possible they would absolutely do that. The ones that fail under warranty must be costing them a fortune.
But the real issue is recalls are expensive, and ultimately the car buyer pays for them. Car manufacturers are not charities, they will either raise prices to cover the cost of a recall or they will go bankrupt to avoid doing a recall. There is no other option on the table.
Our cars are computers and we are beta testers. They spy on you, need updates and features are behind paywalls. Heated seats anyone? that’ll be $9.99 a month… That’s under 10 bucks!
Software updates should absolutely be recalls. Ship a complete vehicle or don’t. I absolutely do not want cars to turn in what games are today. I do not want hotfixes on my car because they didn’t test. Fuck an OTA update too, I don’t want that either, if they need an update it’s a recall and the cars have to go back to the shop. I want it to hurt and appropriately damage the company’s reputation.
In my opinion it points to a more dangerous thing, “continuous delivery” software mindset seeping into safety critical systems.
It’s fine, good even, that web developers can push updates to “prod” in minutes. But imagine if some dork could push largely untested control system updates to your car’s ECU… it’s one thing for a website site to get a couple errors, but it’s a very bad thing if it makes your steering wheel stop working.
Unfinished products make more money, and it’s high time a consumer protection law clamped down on this.
I agree I mean how many times in the past couple of years have large sites or services gone down because an update was pushed through. Most recently I can think of teams going down earlier this year.
Should be protocols put into place for cars that need to be followed for a software update.
Protocols are in place. We can argue over wether or not those are good enough, but the car industry is incredibly heavily regulated.
Those protocols include certain systems being designated as “critical” and significantly more testing is required to change them. Some changes can only be made after an entire year of testing by a third party auditor including crash tests, emissions tests, etc.
Updating the map to inform the driver that a police officer is standing around the next corner with a radar gun? That can be done OTA with zero testing (and yes, my car does that). That’s not a critical system, it’s an important safety feature. If the car ahead of me is going to slam on the brakes the moment they see the officer… I want to know it’s likely to happen ahead of time - might even slow down myself. ;-)
Oh yeah don’t stop.
This operates under the assumption that cars produced before the era of OTA updates could not have been improved by OTA updates. I’ve used a few of them, and that doesn’t seem to be the case.
While I can’t deny that this isn’t categorically impossible, it seems incredibly unlikely. At the very least, I don’t think we’ve seen this happen yet, and OTA updates have been around for a while now.
Put your hate for Tesla aside for a moment. If a car company can fix an issue with a simple OTA software update, it’s way more convenient for both the customer and the manufacturer. Quality control of an update is a separate issue but I don’t imagine there’s a difference whether your car updates itself or gets taken in for the update- the same patch gets applied in either case.
It’s not Tesla that I hate. It’s shipping products too quickly.
The inconvenience is the point. I want people to be inconvenienced, myself included. That means people complain to one another. I’ll know which models suck simply by talking to people around me. I do not want quiet stealthy patches for things like an accelerator pedal. Either do it right or pay the price. We used to make cars without hot fixes, we don’t need to start. It will allow auto manufacturers to further cut corners and push for faster releases with less testing, and we pay the price with our lives.
I can’t wait to live in a world where my own damn car wont start because someone forgot to renew a cert.
Calling it a recall or an update won’t change that. Enshittification is happening everywhere all the time anyway.
Is that borne out in the data though? It seems modern vehicles are way safer and more reliable compared to older vehicles.
Yes, actually, it is.
Source.
Motor vehicle fatalities had their nadir in 2014, which coincides with the time when we had all major safety innovations sorted out: Advanced air bags, stability and traction control, ABS, RADAR/LIDAR/etc. collision avoidance on fancier models, reverse cameras, mandatory TMPS, etc.
Cars today are basically exactly the same mechanically and insofar as physical safety features existed in 2014. But the line goes back up into the 2020’s as idiots started packing cars with touchscreens, everything-by-wire control systems, hiding critical controls into the infotainment screen, removing physical tactile controls, and loading everything with mountains of electronic distractions. Many of these whizz-bang electronic features nobody actually wants are also released in a sorry state. New cars are objectively worse than cars from 10-15 years ago, with the possible exception of EV range.
Think of the inverse though- it used to be that in every case when your car had an issue you needed to either take it in yourself or have the technical knowhow to fix it yourself.
I do agree that it’s a slippery slope for automakers to get lazy and cut corners, but I think stricter regulation is the better solution than forcing an unnecessary inconvenience onto the customers.
That knowledge is mostly trivial. 7/10 repairs a regular Joe could do. Or worse comes to worse you can take it to a mechanic of your choosing.
I’ll take that level of service.
With the Tesla model, you very like end up with a 100k brick that no one can work on except very expensive very specialized very limited service centers.
A Tesla battery is expensive…now look at install costs. And if you’re not using an authorized installer, you’re locked out of the supercharger network.
I’m amazed how many people here drive Teslas. I think there’s only one Tesla dealership in the entire state. It would take a good 2 hours to get there from here. I guess they’re okay with having to pay for a tow all that way if something seriously goes wrong since there’s no local mechanic who will be able to fix it.
They are dirt cheap around me, which is why I see so many of them. I saw a 2016 Model S with the Ludacris update go for 13k. I kind of wanted it just to drive one, then I looked up the repair prices.
Sure… I’d get a maybe 200 mile range out of it in the summer…but once winter hit I was looking at like 25k-50k to replace the battery and the motors.
I can swap the motor and transmission in my car for less than 10k and have a mostly new car.
That’s also what I meant when I said “taking it in.” In either case you’re taking your car somewhere to get it repaired for X hours instead of applying an update at your home.
We aren’t talking about batteries.
I just think there’s more nuance to the situation and saying that cars should be as inconvenient as possible to fix isn’t a good solution to lazy auto software that requires future patching. Rigorous safety testing and regulation around car software sounds like a better plan to me- automakers will be held to really high standards and the consumers will still benefit from simple OTA patches to fix their vehicles when necessary.
I guess my position is if a car needs an OTA update, it’s a critical failure by the manufacturer. They should be 99.999%.
That’s not true anymore. Modern cars have really complex problems that even mechanics struggle to fix. Especially when it’s a software problem… usually those problems just never get fixed.
As a software developer (not an automotive one) my take is the fix is to have everyone be running the same software, so that fifty thousand dollars diagnosing and fixing a problem for one car will result in it being fixed for all cars. Spread the cost out like that and it’s affordable. Otherwise it just won’t get fixed at all.
Should we go back to basic cars? I think so yes… but then I ride a motorcycle that doesn’t even have water cooling or a battery. But most people aren’t like me. They want lane keeping cruise control/etc.
“When it’s a software problem…”
Correct…now we are back to talking about vendor lock in and very specialized techs to install the updates.
I don’t want ANY manufacturer to be able to silently fix huge problems. This is not a Tesla issue. But they’re the ones currently doing it. Now to bring it back to Tesla… Do you want Elon to be able to cover his ass after a dozen people die to some manufacturing defect… Just for Tesla to silently fix some software thing and never get found out/thrown in jail for negligence?
Absolutely - because Elon is dumb enough to do that.
Um - when people die, it gets investigated and retroactive ass covering is a darwin award waiting to happen.
I dont disagree with anything you said, I just think there should be a different, but equally severe term for clarity. It’s not hurting Tesla so much as devaluing the word “recall”. Make it hurt, Tesla is reckless with the way they ship unfinished products, but as I said before, I wasn’t even sure what “recall” meant in this sense.
I’m saying upgrade what it’s considered to recall. No OTA hot fix, car goes back to the shop. A proper recall just like any other recall. A software issue is just as dangerous as a hardware issue for something like an accelerator pedal. To be clear, this isn’t Tesla hate, this is modern “sell unfinished products” hate. I’d say the same thing for any other manufacturer.
If the blinker pattern needs to be updated, that’s fine for OTA in my opinion, and shouldn’t be a recall. Problems with the accelerator, brakes, steering, anything safety critical - nah. Recall for that, proper recall.
Recalls still require the customer to take action. They’re much less likely to go into the shop to have it fixed than press a button on their phone and have the car fix itself overnight.
Your suggestion for not allowing safety software fixes OTA is dangerous.
Other way around. Unsupervised OTA updates are dangerous.
First: A car is a piece of safety-critical equipment. It has a skilled operator who has familiarized themselves with its operation. Any change to its operation, without the operator being aware that a change was made, puts the operator and other people at risk. If the operator takes the car into the shop for a documented recall, they know that something is being changed. An unsupervised OTA update can (and will) alter the behavior of safety-critical equipment without the operator’s knowledge.
Second: Any facility for OTA updates is an attack vector. If a car can receive OTA updates from the manufacturer, then it can receive harmful OTA updates from an attacker who has compromised the car’s update mechanism or the manufacturer. Because the car is safety-critical equipment — unlike your phone, it can kill people — it is unreasonable to expose it to these attacks.
Driving is literally the most deadly thing that most people do every day. It is unreasonable to make driving even more dangerous by allowing car manufacturers — or attackers — to change the behavior of cars without the operator being fully aware that a change is being made.
This is not a matter of “it’s my property, you need my consent” that can be whitewashed with a contract provision. This is a matter of life safety.
There’s potential for a very dystopian future where we see people assassinated, not via car bomb but via the their cars being hacked to remove braking functionality (or something similar). And then a constant game of security whack-a-mole like we see with anti-virus software. And then some brilliant entrepreneur will start selling firewalls for cars. And then it’ll be passed into law that it’s illegal to use a vehicle that doesn’t have an active firewall/anti-virus subscription.
It almost feels like the obvious path things will go down. Yay, capitalism…
I’m not totally opposed to software being used in cars (as long as it’s tested and can be trusted to the degree mechanical components are) but yeah, OTA updates just seem like a terrible idea just for a little convenience. I’d rather see updates delivered via plugging the car in (and not via the charging port - it would need to be a specific data transfer port for security reasons). Alert people when there’s an update, and even allow the car to “refuse to boot” if it detects it’s not on the latest version. But updates should absolutely be done manually and securely.
Cutting someone’s brake lines has been a means of assassination for a while. What’s new here is that it could potentially be done remotely, e.g. an attacker in Bucharest targeting a victim in Seattle on behalf of a payer in Moscow.
Remotely at scale.
So yeah you could assassinate someone like that, or you could break every cars brakes at once and have thousands of simultaneous car accidents timed during some other infrastructure attack
This reminds me of the movie “Leave the world behind” from last year.
And at any time.
Cutting someone’s brake lines is all or nothing and can’t be done while the vehicle is already in motion. Anyone who is not an idiot will hopefully notice as soon as they start driving that there’s something wrong with the brakes. But you could brick somebody’s car remotely and without warning while they’re taking a curve on the interstate at 80 MPH, and that’d be a lot more problematic.
In reality, few to no people outside of novels and Hollywood have actually been killed by some malefactor “cutting their brake lines.”
deleted by creator
Um, what city do you live in? Can I live there please? Not many skilled drivers around here.
Wow man, I never thought about your 2nd point before. Every car like this is a kinetic weapon waiting to be activated. And I was worried about the “self driving” mode…
I don’t think anyone will disagree with you about unsupervised OTA updates.
To your first point- I agree that any update that changes the behavior of any fundamental system in a car is pretty reckless. Especially ones that increase a car’s acceleration, which Tesla historically does. I don’t know why those sorts of updates aren’t being regulated harder. OTA updates should be for mundane things like infotainment updates or, in more serious cases, to fix systems that aren’t functioning properly. It shouldn’t otherwise be used to alter how the car functions as a car, especially when these updates largely happen silently or the changes are tucked into some changelog that the owner doesn’t have to read.
However, to your second point, cars are smart now and there’s no going back. So cars do need software updates to close attack vectors.
He’s not saying that cars shouldn’t be updated… But that OTA updates are a problem. They’re saying that it should be a drive to the dealership to do an update. I would go a step further and make it possible to have it opt-in for car manufacturer to send out cd/usbs to update firmware.
Offline updates are generally fine and not super susceptible to general hacking. OTA on the other hand… that’s a massive risk for a reward of… slightly faster fix times?
If it’s a safety system, it might be “have the car taken to the dealership on a flatbed truck”. Also, some people don’t live near a dealership.
Like it or not, all modern cars are connected - for the maps if nothing else - and if a car is capable of an OTA update, I say do it. I don’t see how a dealership adds anything other than cost which will always discourage updates from being made at all.
And I actually think physical updates are easier - connect a laptop to the ECU, and you’re done. It’s generally only OTA updates that use code signing/etc.
Carplay and Android Auto are better than any other in built infotainment shit. I do not see this as valid. Nor that does mean that firmware on the car should be writable from those systems.
Thus why I said…
Then any dick or harry can do it on their own.
But honestly whenever I say “dealer” I really mean any repair shop.
You do realize your entire first point is invalidated by the comment you’re replying to? I just said the customer has to press a button on their phone to initiate the update. On that same phone they can view release notes that clearly outline the recall. Additional on first use, the car will display those same release notes on the screen.
Sure, safety vs convenience is a huge factor in software development. The biggest factor to safety is unpatched software. You know, the kind that requires significant effort to update, such as needing to bring your car into the shop to apply.
Overall your doom and gloom argument against OTA safety updates is pretty weak.
Oh good, hackers can’t bypass button presses. I was worried for a bit, appreciate you helping us out.
Mr hackerman couldn’t get to the car because it crashed first due to a software bug the customer did not have time to take his car to the shop to fix.
The real world is quite different than the idealistic one.
Fair enough.
What should the term be?
I think you don’t understand the realities of software development. Have you ever tried to write an application that another person is going to use?
The software running onboard modern vehicles isn’t all from the vehicle manufacturer. There are computer parts in there from various manufacturers that have their own software, and all the various pieces have to interact. Bugs can show up later that didn’t appear in testing because no amount of testing can possibly check every interaction, it’s just too complex. And most of those bugs are relatively minor, things like the music player volume not adjusting properly, or a little lag time in the menus. The idea that every customer would bring their vehicle back to a dealer for an update that fixes something like that is ludicrously unrealistic.
I think the point the parent poster was making is that the system shouldn’t be designed that way in the first place. And when the vendor fucks it up due to releasing the product in a half-baked state, the hammer needs to be brought down on them in such a way that it will functionally discourage them from doing it again.
If the electronics providing functionality in your vehicle are so complex that the excuse is being made potentially adverse interactions between its various components from various OEM’s can’t be tested and accounted for, what has actually happened is that designed your product wrong. Throw it away, start over, and do it right next time.
Designed what way? Having parts from several manufacturers? Everything is designed that way. No manufacturer is an island, and having every manufacturer reinvent their own wheels is a terrible idea.
Tesla isn’t going to write their own firmware for every component that they buy from another company and no one sane would expect them to.
There are so many assumptions about what’s going on in this statement that it’s hard to even begin addressing them. It is not possible to test any device that will be used in the real world in every possible set of circumstances that it might encounter. This doesn’t mean it’s “half-baked”, and it’s not an “excuse”, it’s just the nature of reality. Best you can do is test the most common circumstances.
As someone who might be plowed into by one of these things, I care about the difference. Is it something where 80% of them will be automatically fixed within 72 hours by an auto-update, or is it something I’ll need to worry about for weeks/months. There’s no way to know which recalls have been fixed when encountering a vehicle in the wild, so if it’s a software-only recall fix that applies automatically, I feel less concerned about it once the fix is available.
None of this should be taken as support of recklessly shipping unfinished software into a car.
Try years. For example the 2020 Takata airbag recall… wouldn’t be surprised if there’s still a hundred million cars around the world that haven’t been recalled. If you don’t live in a first world country, it wasn’t even possible to get parts for the fix until recently.
Even if the fix was smaller, there aren’t enough mechanics in the world to check/update/test a significant percentage of cars quickly, and manufacturers share components so that can easily happen.
And the biggest time sink for a recall is often not the repair, it’s all the time spent with humans scheduling/testing/documenting the recall. Only way to speed that up is with automation/OTA updates.
Yeah no - you’re dead wrong about that. My oldish car has an annoying glitch where it occasionally goes into limp home mode. The workaround makes it pretty clear this could be fixed with a software change (or even just a non-vague error code would be nice…) - but my car can’t do OTA updates and also it’s old enough it doesn’t really have software so a recall would be hideously expensive.
It’s not a safety problem, so wouldn’t rigger a recall. When it’s under warranty, they fix it… but sometimes it takes several attempts with multiple thousand dollar parts replaced on suspicion before finally finding the one that caused it, when it fails out of warranty… either live with the issue or sell the car for spare parts.
if an OTA update was possible they would absolutely do that. The ones that fail under warranty must be costing them a fortune.
But the real issue is recalls are expensive, and ultimately the car buyer pays for them. Car manufacturers are not charities, they will either raise prices to cover the cost of a recall or they will go bankrupt to avoid doing a recall. There is no other option on the table.
You can’t get an update at a dealership if it’s something that critical?
Our cars are computers and we are beta testers. They spy on you, need updates and features are behind paywalls. Heated seats anyone? that’ll be $9.99 a month… That’s under 10 bucks!