Who Is Stopping You From Getting Software Updates in Your Automobile?


Does Tesla See Its Product As An Electric Device?

Does Tesla See Its Product As An Electric Device?

On January 10, Tesla issued a statement on its Model S charging adapter.

Later, Tesla handled the potential problem implementing an over-the-air software update with plans to mail the 14-50 adapter yet to follow. In our world of software today, we are use to regular automatic software updates from our electronic devices except for one: our automobile!

Over The Air Updates - Way Of The Future?

Over The Air Updates – Way Of The Future?

In the EV community, we were so focused on a possible fire and Musk’s argument over “what is a recall” that we once again overlooked the way Tesla has changed the way we interact with our automobile. Automatic updates are so common to us that we don’t see it as innovative, yet we don’t seem to be put out by having to take our auto in to get them. I equate it to pumping gas and changing oil. You really don’t see it as a nuisance until you don’t have to do it anymore.

A recent financial article had listed the number one reason EVs will win is convenience. Now, this particular convenience does not have to be limited to EVs. However, it was an EV manufacturer that sees their product as an electronic device that made the forward thinking move. Tesla has, on numerous occasions both large and small, provided this service to their customers.  From infotainment updates, to making the decision to raise their optional suspension control at higher speeds due to two accidents involving road debris.

Automatic software updates is a move that all manufacturers will need to embrace sooner rather than later. Already, wireless connections are rapidly being used for infotainment, communications, adaptive cruise control, advanced braking, steering, acceleration and more. Tesla has however been the first to actively use this modern day tool for service. It is likely that Tesla will further the use of this in the next five years with auto pilot options.

Tesla the first auto to embrace over-the-air updates for service

Tesla the first auto to embrace over-the-air updates for service

With the many electronic advancements coming to the auto industry, bringing your car in for software updates is quickly going to become cost prohibitive. Now, we have come to expect bold innovation from Tesla, but this time the move was easier for them. Why? Because in the auto world, software updates are still viewed as a form of service and service is how dealerships make their money. Oh yeah, Tesla does not have those!

Whether the dealerships charge for software updates or not, they are still reluctant to give up control of this process. Whether it stems from security issues, implementation fears, or control, the dealerships have been unwilling to  remove themselves from the process. Meanwhile, the consumer suffers in both the inconvenience of taking time out of their day and sometimes an expense. Whatever the reason given, once again the new EV auto manufacturer is doing it with ease.

Now, automatic software updates are a part of our lives today, at least for everything electronic except your automobile. That is. unless it is an EV and that EV is a Tesla.


Category: GeneralTesla

Tags: ,

20 responses to "Who Is Stopping You From Getting Software Updates in Your Automobile?"
  1. ffbj says:

    That was the plan, and it’s what you get when futurist thinking geeks get to build their dreams.
    Another factor is the connected car whereas cars will be informing other cars of their presence on the road. Something that will probably be mandated in the near future as an accident avoidance feature. So Tesla is ahead of the game there. Also think of all the data they are compiling regarding the cars systems and how they are effected over time by how they are driven, weather conditions, etc…(Aids in future design).
    One value of this feature is that the negative review of the NY Times reporter could be questioned on how he drove the vehicle, failed to charge it properly, undercharged it according to Tesla. Anyhow. There have been few repeat incidents of reporters reporting such things.

  2. Dan says:

    I would love it if more manufacturers embraced this.

    Some of the few annoyances I have with my Volt would be quickly and easily solved with a software update, but given that they haven’t even issued software updates to add Hold mode to ’11 and ’12 Volts, it seems clear that GM sees software improvements as Something You Buy A New Car To Get.

    1. Mark H says:

      Hi Dan,
      As a 2012 Volt owner, and with the help of Mr. ClarksonCote, I have learned a little about the Hold Mode Update. If you have a mid-year MY2012, you might be in luck for $300
      If it is MY2011 or early MY2012 you are out of luck. You can get the other Volt updates for the asking but you have to ask. So to your point, I agree it would have been nice just to get them the Tesla way.

  3. ClarksonCote says:

    There has been some suggestion that GM does this in the Volt for certain “non-critical” updates. It hasn’t been confirmed though.

    A while back I was asked to participate in a group to beta test such a capability. It never happened, and through other channels, it sounded like the reason was because they started using it trouble-free on their fleet.

    Of course, updates to enhance functionality is not included as part of these “fixes” if they do occur OTA. I still believe there’s various issues that prevent them from adding/changing functionality that is displayed to the user, such as owner manual obsolescence. It can likely be overcome, but it probably easier said than done.

    In this situation, Tesla has the distinct advantage of being able to define their processes from scratch, rather than adjust existing processes and procedures to try and offer a new capability.

    1. kdawg says:

      I had some update to my Volt done through OnStar w/out me doing anything. It was like a year ago. I just got a letter mentioning it.

      1. Mark H says:

        Onstar goes under the category of communication. This is currently being done along with infotainment. The great abyss is anything that has to do with service. Below io lays the security concerns out very well. This is one of the big three that is stopping it from happening (security, implementation, and control).

        I agree with io’s statement that anything can be hacked or certainly the likelihood is high. I probably differ in what I believe to be the risk of lives and injury. For conversation purposes I call autonomous driving as 100% control and auto pilot as 85% control. As you have stated before kdawg, autonomous is going to be tough. I do however believe 85% auto pilot is possibly within five years from implementation. I believe that auto-pilot is a) going to require over-the-air updates and b) will save lives and reduce injury. Not saying that a hacked system could strike fear and cause multiple accidents. I am saying that the accidents prevented with this inevitable technology is going to save more lives and prevent more injury than any hacking can undo. That being said, someone aka Tesla needs to be prepared to support this.

        Again, not doubting the ability to be hacked, I am arguing that the risk in the very near future is going to be worth it. That is just my opinion and therefore I did not post it in the article. I did put a snipit about autopilot as to point out the importance of having a robust and secure as possible link.

        1. kdawg says:

          I think “auto-pilot” needs to be defined better. Technically we have auto-pilot now if you consider traction control and ABS. Each feature needs to be detailed and a time-line set independently for each one. Otherwise how do you put a banner up that says “Mission Accomplished”, without looking foolish.

          1. Mark H says:

            lol, I’ll let you take that one up with Elon.

  4. io says:

    Sorry to not share the excitement, but the fact something like a vehicle would need software upgrades in the first place is IMHO a weakness at the very least, a security nightmare at worse.

    Yes, sure, updates to non-critical pieces like Nav are a good thing; many manufacturers currently handle this via an SD card or similar (used to be DVDs), and 3G may be the logical next step. All are totally fine with me.

    Mission-critical components, e.g. brakes, airbags etc, are another matter entirely. Those should IMHO, first, be very carefully designed and tested, and therefore not require a fix ever. Should one end up being needed nonetheless, it should not be possible outside a tightly-controlled environment, to protect against any tampering, and insure everything ends up the way it should.

    Call me paranoid if you like, but as a software engineer working on security products, the thought that vehicles could be messed around with remotely and on an unprecedented scale, by the manufacturer or anyone which happen to breach their systems, is quite frightening.

    A milder concern, from first-hand experience, the availability of a cheap, quick and easy update path, encourages sloppiness. “Whatever, we can always push an update later”.
    Faster release cycles also mean shorter testing “soak time”, compromising quality and reliability.

    I can back up the content of my computer and smartphone, so as to mitigate most of the loss software mishaps (e.g. bug, malware, or just a botched update) could cause.
    I can’t do that with the occupants of my car and people around it. At least some of its software needs to be rock-solid, which to me also mean, immune from any outside interference.

    1. Mark H says:

      Your’s is a valid point io and is noted in the article that security is one of the three concerns.

      As a software engineer myself, it is imperative that you take measures to stop from being hacked. As an early user of a machine tool product coded on an SCO UNIX platform, it was very robust product with the back door left wide open for attack. Fortunately our own staff caught the problem prior to any major aversion.

      IMO, there is a software service life in between Nav vs brakes and airbags that manufacturers are all too quick to dump on one side of the service question. As Dan noted, there have been some low level sevice issues on the Volt that could have easily been handled in this manner. Curious how you feel about the 1) suspension change and 2) adapter update as to is this an acceptable over-the-air update?

    2. SeattleTeslaGuy says:

      You have some good points but the reality is that the SW developers can not possibly anticipate all possible issues in a complex system like an EV.

      The security issue isn’t as significant because the manufacturer can create a closed environment. I’m not saying it’s not an issue but that it’s less than systems where third parties can make changes. Still, security has to be a top level focus.

      Probably the biggest issue in my mind is the tendency towards sloppy SW engineering. Treating car SW like a beta release is an invitation to problems. I’ve had a number of annoying glitches in my Tesla appear to have been introduced by an update (I’m on my 5th one), none of them serious but still a bit unsettling.

    3. Stimpacker says:

      That’s funny. The software developers I work with know to use security protocols properly to only allow fully authorized software updates. Even if you can hack up a matching update file, the update will not take unless the file is properly signed and decrypted. No remote software update – no space missions, no Mars rover. Remote software update is a must, is available today, and can be properly secured. To pander paranoia, is to do a disservice to technology.

      1. io says:

        I’m quite familiar with those protocols, and authentication in particular. Yes, you can program the car (or whatever) to not accept any update unless properly signed, but even if this part is done right (big IF by itself), that still doesn’t mean the update isn’t malicious.

        How is this signature generated? You take the data needed to be authenticated, compute some cryptographic hash on it, and encrypt the result with a private key.
        Possible attacks:
        1) Break the crypto. Pretty much impossible for algorithms considered secure today… but that’s no guarantee they still will be 10 or 20 years from now.
        DES, GSM A5/1, MD5, RC4, SHA1 were all considered solid at one point.

        2) Exploit a design error. E.g. the combination of a stream cipher (RC4) with a CRC in WEP. Or Sony’s misunderstanding of ECDSA, which allowed the PS3 master key to be determined.

        3) Exploit an implementation flaw. E.g. Debian’s RNG or Apple’s recent SSL validation blunders…

        4) Breach security upstream, e.g. at the manufacturer, or whoever provides it services (e.g. data storage), to inject malicious code there (which will then be considered authentic; e.g. the 2003 Linux kernel backdoor attempt), or outright steal the key(s) used for signatures; e.g. the RSA SecurID compromise, then leveraged against Lockheed Martin.

        Social engineering (tricking employees) goes a long way. E.g. Verisign, Diginotar, Comodo issued SSL certificates for Microsoft, Google etc. to fraudsters.

        Getting security 100% right is extremely tricky: all an attacker needs is ONE hole, one software flaw, one distracted or overly helpful person, anywhere in the chain.

        I believe it will be impossible for a car manufacturer to guarantee that its software won’t ever be subverted. Large players in this field (Microsoft, Apple, Adobe, Google etc…) all failed so far.
        I disagree that any large, commercial system can be adequately secured, so focus should also be put on minimizing the impact a breach can have.

        For computers and mobiles, a successful attack can compromise data incl e.g. credit card details, cause loss of business, reputation or money.
        Subverting a Mars rover is a bit harder (it’s not like those are available off-the-shelf to experiment with); taking one over would surely upset anyone involved with it, then what?
        Cars, on the other hand, routinely kill people already. The stakes are much higher.

        While, again, unattended updates to all the auxiliary parts of a vehicle (entertainment, climate control, etc) will surely be appreciated by users, manufacturers IMHO would be wise to properly segregate at the very least the components critical for safety (brakes, incl engine/motor override, airbags etc), and not allow those to be remotely updated at all.

        1. Open-Mind says:

          I agree with your analysis, but an update at the dealership will be subject to all those same vulnerabilities. So the core question remains: Why should I need to take my car to the dealer for a routine software update?

          1. io says:

            First, you’ll note that I clearly distinguish between “comfort” (e.g. nav, entertainment), and safety-sensitive components (e.g. ABS).
            The former is dramatically more likely to receive updates, which even if flawed or malicious, are unlikely to cause physical harm. As stated already, the benefits of those being made OTA likely outweigh the drawbacks.

            Requiring bringing the car in for updates to critical parts is much safer for many reasons. Some of what I can think of:

            – They will be less frequent. Slower release cycles also increase reliability.
            – Changes can only happen when scheduled by the manufacturer. It’d be extremely hard for anyone to lure people into a fake dealership for a malicious update without being quickly discovered.
            – Change can’t be pushed to a large number of vehicles at once. Deployment will be slow, limiting the damage a malicious update could do before being identified.
            – It’s inherently opt-in. Drivers can trivially skip or postpone any change they are concerned about.
            – Most importantly, nothing can be done surreptitiously: drivers, dealers, manufacturer, all know if, and when, a vehicle has been modified.
            – All those obstacles significantly increase the difficulty and lower the effectiveness of an attack, making the target less attractive.

        2. Dan says:

          I think you’re applying an internet mentality to security holes, when it doesn’t necessarily apply.

          Unlike the internet connection for a general-purpose PC, there is no reason for the update mechanism for a car to be “always on.” If there is a physical switch on the car that has to be flipped on to receive an update via OnStar (and has to be flipped off for the car to start), I don’t think malicious hackers are a real concern.

  5. SeattleTeslaGuy says:

    Mark, the Tesla 14-50 adapter actually has not been mailed out. At least I don’t have mine and as of about a week ago there was a thread on the Tesla club forum that indicated no one has received it.

    1. Mark H says:

      Thanks, Did you have a recent visit from Tesla service? I have a friend who has a Model S signature. He had informed me that he had a personal visit recently which is not the same as getting it mailed to you. Not sure if Signature customers are getting preferential treatment either. If you get the update anytime soon post it here if you will. Thanks again.

  6. MDEV says:

    Wow guys after read your commests I will disconnect my PC from the wifi and remove the wireless adapter for good just to be safe.

  7. Phr3d says:

    naah, you just learn to take the security pro’s definition of safety with a grain of salt (turn to the insurer for statistics regarding the possibility of their fears being realized) and move on.

    When it’s your Job, security (unfortunately, for security professionals) Must be perfect, according to this hour’s definition.
    For the rest of us, it amounts to planes colliding at precisely 50,254 feet in a snowstorm on Sunday, and those two views cannot be consolidated.

    Take comfort in the fact that hundreds of security pro’s have already thought it up, thousands of money guys have responded to can we protect against it and not go bankrupt? and what we lowly clueless get is the best balance money can provide against the convenience that we actually want.

    and OTA software updates, both convenience and critical, are here, now, and not going anywhere anytime soon. io’s references are so long ago as to be meaningless but are recognizable to we the clueless – the issue is growing computing power, and individual highly-intelligent malice, increasing faster that the pros can conceive of and combat it – an arguably losing proposition that no amount of procedure can perfectly protect against. see also legislation.
    Design it, give it to pros to break it, constantly seek out new pros that can invent new breakage, sooner or later finally release it, one year, five years and someone can break it. You are defining how Long until Someone breaks it, nothing more. Thankfully a (large? hard to say) percentage of the ‘breakers’ – aka hackers, only do so for fame of discovering the exploit, and publish the exploit before someone else does, and maybe get hired by pros looking for new talent.
    No worries, as long as io has your back, but dammitall, we still want convenience..