Ford and GM say 2020 models will have OTA capability, but the convenience isn’t without safety or security risks
In just a few years, major automakers will be rolling out cars that can be repaired remotely while parked in your garage or while you’re asleep in bed.
Ford and GM, among others, recently announced that some of their 2020 models will allow over-the-air (OTA) updates that can upgrade a vehicle with new features, or even remotely fix faulty vehicle software.
It’s similar to how Apple or Samsung, for example, can update or repair the software on a smartphone. Tesla, the electric car company, upgrades its vehicles remotely.
With more opportunities for OTA maintenance and repairs, car owners could reap the benefits of saved time and hassle, and automakers and dealers could save some serious money by fulfilling basic warranty and repair claims with fewer overhead costs, completing the work over the airwaves.
It all sounds great. But several experts tell Consumer Reports that OTA updates could create some uncharted, if unintended, safety and security issues.
“Remote updates can be great if they go well, but if they introduce safety defects or compromise security, they could be a nightmare,” says David Friedman, director of cars and product policy and analysis for Consumers Union, the advocacy division of Consumer Reports. “When software crashes on your phone or computer because of an update, it’s annoying. But it could be deadly when it happens in a 2-ton computer on wheels that can travel over 70 mph.”
Friedman and others are concerned because modern vehicles run on millions of lines of code that control everything from brakes to steering. When automakers start updating that software remotely, any failure could be just as dangerous as if a mechanic made a faulty repair—and it might affect thousands of vehicles at the same time.
More Connectivity, More Control
Automakers have been using built-in wireless connections to send out noncritical OTA updates for years, remotely adding satellite radio channels or improving navigation maps.
But in 2012, Tesla took it to a new level, using OTAs to update what automakers call safety-critical systems, such as steering, braking, and engine-control software. Tesla vehicle owners could download software to fix a faulty keyless entry system, or to add new features such as automatic lane changing or rain-sensing wipers.
For owners of more mainstream vehicles, similar fixes—such as updating a transmission’s software so that it shifts more smoothly or changing the software in an engine control module to reduce tailpipe emissions—still require a trip to the dealership.
Now, Ford, GM, and some other mainstream carmakers say that most of their new vehicles will be able to accept OTA updates by 2020. Experts say the primary motivation for automakers is saving money.
“We’re talking billions of dollars a year that could be saved,” says Sam Abuelsamid, an automotive analyst at the consulting and research firm Navigant. He says software updates are “an increasingly large part of the warranty work that the dealers have to do because there’s so much more that’s software-driven.”
Jared Allen, spokesman for the National Automobile Dealers Association, tells CR that dealerships will still have to handle most serious fixes. “These are still machines that are mechanical in nature, and most of the components need to be repaired and replaced by physical, mechanical means,” he says.
He says dealers will also need to explain to customers how their vehicles changed after an update, especially if it enables new features that a driver might not understand.
For example, even though Cadillac’s semi-autonomous Super Cruise feature can receive OTA updates, the automaker says it uses the technology only to deliver new maps—not to give drivers access to new functions they may not yet understand and not to change how existing features work. For those updates, drivers still have to go to a dealership.
“The team has chosen not to push any vehicle functionality OTA so that consumers and dealers can be properly educated on any change in features or functionality that has changed on their vehicle,” company spokesman Donny Nordlicht wrote in an email to CR.
Failed Updates and Broken Cars
When an update goes wrong, it can affect thousands of vehicles at the same time. That has already happened with a couple of high-profile failures.
In February, SiriusXM sent an update to certain vehicles made by Fiat Chrysler Automobiles that forced their large touch screens to reboot every 30 to 45 seconds. This made it impossible to access the audio system, navigation, backup camera, and some climate-control features. (Sirius did not respond to repeated requests for comment on the situation.) Similarly, in 2016 some 2014 to 2016 Lexus vehicles got an OTA update that rendered their infotainment and navigation systems useless, requiring a trip to the dealer for repair.
According to Karl Koscher, a vehicle security researcher at the University of California, San Diego, manufacturers can take steps to mitigate risk, such as allowing vehicles to revert to prior versions of software if an update goes wrong.
“The software industry has been pretty good at figuring this out, and hopefully the auto industry will adopt some of their best practices,” he says. Indeed, Jaguar already confirmed to CR that the upcoming I-Pace, which will accept OTA updates, is designed to continue to run its existing software if an update fails.
Similarly, a Jaguar spokesperson told CR that the new I-Pace will require customers to opt in to OTA updates. Owners will be able to schedule when they take place and can accept or decline any new software.
The ability to choose when updates take place is important, Koscher says. “Say you have an emergency and the engine controller is being updated. Well, you can’t drive the car,” he says.
In CR’s experience, Tesla’s software updates often take from 20 to 90 minutes to complete, and the vehicle cannot be driven while an update installs. Drivers have no control over how long Tesla’s updates take, but they can at least schedule when the process starts.
A Target for Hackers
Giving a car the ability to accept OTA updates can also introduce security concerns. Hacking a car is currently a difficult, time-consuming task requiring specialized knowledge, but that doesn’t mean it can’t be done, Koscher says. “There’s just always a chance that there’s a screwup somewhere, and someone discovers that bug and is able to use that.”
Despite some high-profile examples of researchers gaining remote control of a vehicle’s steering and brakes, it’s also possible that hackers could mine an OTA-equipped car for the driver’s personal information.
According to Abuelsamid, because OTA platforms allow for two-way communication, if a car is connected to an insecure WiFi network hackers may be able to access some information stored on the vehicle, ranging from who owns the car to GPS data showing where it has been.
Connected cars may also become a more attractive target for hackers as they grow in popularity. “As we get more and more software-defined functionality in vehicles, and especially as you add more automation to vehicles, the level of risk does increase,” Abuelsamid says.
If a hack does happen at some point in the future, though, Koscher says that OTA updates should make it easier to fix—much the same way that your phone or computer can patch a security flaw with a software update.
“The security concern will be outweighed by the ability to catch security issues,” Koscher says.
Author – Keith Barry
Courtesy of Consumer Reports