Who Is Stopping You From Getting Software Updates in Your Automobile?

FEB 28 2014 BY MARK HOVIS 20

Does Tesla See Its Product As An Electric Device?

Does Tesla See Its Product As An Electric Device?

On January 10, Tesla issued a statement on its Model S charging adapter.

Later, Tesla handled the potential problem implementing an over-the-air software update with plans to mail the 14-50 adapter yet to follow. In our world of software today, we are use to regular automatic software updates from our electronic devices except for one: our automobile!

Over The Air Updates - Way Of The Future?

Over The Air Updates – Way Of The Future?

In the EV community, we were so focused on a possible fire and Musk’s argument over “what is a recall” that we once again overlooked the way Tesla has changed the way we interact with our automobile. Automatic updates are so common to us that we don’t see it as innovative, yet we don’t seem to be put out by having to take our auto in to get them. I equate it to pumping gas and changing oil. You really don’t see it as a nuisance until you don’t have to do it anymore.

A recent financial article had listed the number one reason EVs will win is convenience. Now, this particular convenience does not have to be limited to EVs. However, it was an EV manufacturer that sees their product as an electronic device that made the forward thinking move. Tesla has, on numerous occasions both large and small, provided this service to their customers.  From infotainment updates, to making the decision to raise their optional suspension control at higher speeds due to two accidents involving road debris.

Automatic software updates is a move that all manufacturers will need to embrace sooner rather than later. Already, wireless connections are rapidly being used for infotainment, communications, adaptive cruise control, advanced braking, steering, acceleration and more. Tesla has however been the first to actively use this modern day tool for service. It is likely that Tesla will further the use of this in the next five years with auto pilot options.

Tesla the first auto to embrace over-the-air updates for service

Tesla the first auto to embrace over-the-air updates for service

With the many electronic advancements coming to the auto industry, bringing your car in for software updates is quickly going to become cost prohibitive. Now, we have come to expect bold innovation from Tesla, but this time the move was easier for them. Why? Because in the auto world, software updates are still viewed as a form of service and service is how dealerships make their money. Oh yeah, Tesla does not have those!

Whether the dealerships charge for software updates or not, they are still reluctant to give up control of this process. Whether it stems from security issues, implementation fears, or control, the dealerships have been unwilling to  remove themselves from the process. Meanwhile, the consumer suffers in both the inconvenience of taking time out of their day and sometimes an expense. Whatever the reason given, once again the new EV auto manufacturer is doing it with ease.

Now, automatic software updates are a part of our lives today, at least for everything electronic except your automobile. That is. unless it is an EV and that EV is a Tesla.


Categories: General, Tesla


Leave a Reply

20 Comments on "Who Is Stopping You From Getting Software Updates in Your Automobile?"

newest oldest most voted

That was the plan, and it’s what you get when futurist thinking geeks get to build their dreams.
Another factor is the connected car whereas cars will be informing other cars of their presence on the road. Something that will probably be mandated in the near future as an accident avoidance feature. So Tesla is ahead of the game there. Also think of all the data they are compiling regarding the cars systems and how they are effected over time by how they are driven, weather conditions, etc…(Aids in future design).
One value of this feature is that the negative review of the NY Times reporter could be questioned on how he drove the vehicle, failed to charge it properly, undercharged it according to Tesla. Anyhow. There have been few repeat incidents of reporters reporting such things.

I would love it if more manufacturers embraced this.

Some of the few annoyances I have with my Volt would be quickly and easily solved with a software update, but given that they haven’t even issued software updates to add Hold mode to ’11 and ’12 Volts, it seems clear that GM sees software improvements as Something You Buy A New Car To Get.

There has been some suggestion that GM does this in the Volt for certain “non-critical” updates. It hasn’t been confirmed though.

A while back I was asked to participate in a group to beta test such a capability. It never happened, and through other channels, it sounded like the reason was because they started using it trouble-free on their fleet.

Of course, updates to enhance functionality is not included as part of these “fixes” if they do occur OTA. I still believe there’s various issues that prevent them from adding/changing functionality that is displayed to the user, such as owner manual obsolescence. It can likely be overcome, but it probably easier said than done.

In this situation, Tesla has the distinct advantage of being able to define their processes from scratch, rather than adjust existing processes and procedures to try and offer a new capability.

I had some update to my Volt done through OnStar w/out me doing anything. It was like a year ago. I just got a letter mentioning it.

Sorry to not share the excitement, but the fact something like a vehicle would need software upgrades in the first place is IMHO a weakness at the very least, a security nightmare at worse. Yes, sure, updates to non-critical pieces like Nav are a good thing; many manufacturers currently handle this via an SD card or similar (used to be DVDs), and 3G may be the logical next step. All are totally fine with me. Mission-critical components, e.g. brakes, airbags etc, are another matter entirely. Those should IMHO, first, be very carefully designed and tested, and therefore not require a fix ever. Should one end up being needed nonetheless, it should not be possible outside a tightly-controlled environment, to protect against any tampering, and insure everything ends up the way it should. Call me paranoid if you like, but as a software engineer working on security products, the thought that vehicles could be messed around with remotely and on an unprecedented scale, by the manufacturer or anyone which happen to breach their systems, is quite frightening. A milder concern, from first-hand experience, the availability of a cheap, quick and easy update path, encourages sloppiness. “Whatever, we can always push an… Read more »

You have some good points but the reality is that the SW developers can not possibly anticipate all possible issues in a complex system like an EV.

The security issue isn’t as significant because the manufacturer can create a closed environment. I’m not saying it’s not an issue but that it’s less than systems where third parties can make changes. Still, security has to be a top level focus.

Probably the biggest issue in my mind is the tendency towards sloppy SW engineering. Treating car SW like a beta release is an invitation to problems. I’ve had a number of annoying glitches in my Tesla appear to have been introduced by an update (I’m on my 5th one), none of them serious but still a bit unsettling.

That’s funny. The software developers I work with know to use security protocols properly to only allow fully authorized software updates. Even if you can hack up a matching update file, the update will not take unless the file is properly signed and decrypted. No remote software update – no space missions, no Mars rover. Remote software update is a must, is available today, and can be properly secured. To pander paranoia, is to do a disservice to technology.

I’m quite familiar with those protocols, and authentication in particular. Yes, you can program the car (or whatever) to not accept any update unless properly signed, but even if this part is done right (big IF by itself), that still doesn’t mean the update isn’t malicious. How is this signature generated? You take the data needed to be authenticated, compute some cryptographic hash on it, and encrypt the result with a private key. Possible attacks: 1) Break the crypto. Pretty much impossible for algorithms considered secure today… but that’s no guarantee they still will be 10 or 20 years from now. DES, GSM A5/1, MD5, RC4, SHA1 were all considered solid at one point. 2) Exploit a design error. E.g. the combination of a stream cipher (RC4) with a CRC in WEP. Or Sony’s misunderstanding of ECDSA, which allowed the PS3 master key to be determined. 3) Exploit an implementation flaw. E.g. Debian’s RNG or Apple’s recent SSL validation blunders… 4) Breach security upstream, e.g. at the manufacturer, or whoever provides it services (e.g. data storage), to inject malicious code there (which will then be considered authentic; e.g. the 2003 Linux kernel backdoor attempt), or outright steal the key(s) used… Read more »

I agree with your analysis, but an update at the dealership will be subject to all those same vulnerabilities. So the core question remains: Why should I need to take my car to the dealer for a routine software update?

First, you’ll note that I clearly distinguish between “comfort” (e.g. nav, entertainment), and safety-sensitive components (e.g. ABS).
The former is dramatically more likely to receive updates, which even if flawed or malicious, are unlikely to cause physical harm. As stated already, the benefits of those being made OTA likely outweigh the drawbacks.

Requiring bringing the car in for updates to critical parts is much safer for many reasons. Some of what I can think of:

– They will be less frequent. Slower release cycles also increase reliability.
– Changes can only happen when scheduled by the manufacturer. It’d be extremely hard for anyone to lure people into a fake dealership for a malicious update without being quickly discovered.
– Change can’t be pushed to a large number of vehicles at once. Deployment will be slow, limiting the damage a malicious update could do before being identified.
– It’s inherently opt-in. Drivers can trivially skip or postpone any change they are concerned about.
– Most importantly, nothing can be done surreptitiously: drivers, dealers, manufacturer, all know if, and when, a vehicle has been modified.
– All those obstacles significantly increase the difficulty and lower the effectiveness of an attack, making the target less attractive.

I think you’re applying an internet mentality to security holes, when it doesn’t necessarily apply.

Unlike the internet connection for a general-purpose PC, there is no reason for the update mechanism for a car to be “always on.” If there is a physical switch on the car that has to be flipped on to receive an update via OnStar (and has to be flipped off for the car to start), I don’t think malicious hackers are a real concern.

Mark, the Tesla 14-50 adapter actually has not been mailed out. At least I don’t have mine and as of about a week ago there was a thread on the Tesla club forum that indicated no one has received it.

Wow guys after read your commests I will disconnect my PC from the wifi and remove the wireless adapter for good just to be safe.

naah, you just learn to take the security pro’s definition of safety with a grain of salt (turn to the insurer for statistics regarding the possibility of their fears being realized) and move on. When it’s your Job, security (unfortunately, for security professionals) Must be perfect, according to this hour’s definition. For the rest of us, it amounts to planes colliding at precisely 50,254 feet in a snowstorm on Sunday, and those two views cannot be consolidated. Take comfort in the fact that hundreds of security pro’s have already thought it up, thousands of money guys have responded to can we protect against it and not go bankrupt? and what we lowly clueless get is the best balance money can provide against the convenience that we actually want. and OTA software updates, both convenience and critical, are here, now, and not going anywhere anytime soon. io’s references are so long ago as to be meaningless but are recognizable to we the clueless – the issue is growing computing power, and individual highly-intelligent malice, increasing faster that the pros can conceive of and combat it – an arguably losing proposition that no amount of procedure can perfectly protect against. see also… Read more »