Comment by thayne
Comment by thayne 7 hours ago
Why does an OtA update even have the ability to brick the entire vehicle?
The infotainment system should be completely isolated from the driving system.
Comment by thayne 7 hours ago
Why does an OtA update even have the ability to brick the entire vehicle?
The infotainment system should be completely isolated from the driving system.
> Unclear where this idea that OTA = Infotainment came from.
Because to some people, the idea of an OTA update being allowed to change mission critical parts of a machine automatically without a solid rollback system is absurd, and the best way to do that is to never do OTA updates of mission critical parts at all.
Rollback is getting extinct for security reasons. When you will screw up, you need to do a new release. Hopefully screwed part is still talking.
This is why OTA updates should simply be illegal/considered negligent engineering. If you want a convenient update, let people plug their phones or computers in via a USB port or something, or take it to a mechanic to do so. There shouldn't be security concerns with an appliance because it shouldn't be writable outside of an owner-intended maintenance mode, which should be impossible to activate wirelessly.
... but then you'd have to pay mechanics at dealerships to do it. Middleman cutting.
This should be made illegal. It’s a massive national security threat. Imagine on the eve of a war, instead of Jeep 4xes, it’s every recent Ford or Toyota or GM car, and instead of a software update that can be rolled back, it wipes the flash completely, or reprograms the ECU to damage the engine or disable the brakes on the highway or something else to cause accidents.
You assume that it will be a foreign enemy and not your own government bricking your car on the eve of revolution.
"I'd go as far as to say that most manufacturers can do this in 2025."
What does that have to do with OP's comment? And their point is still valid, and OTA update should not be able to brick a vehicle, regardless of the system receiving the update. And regardless if "they all can do it".
Any update can brick your device if done poorly. This device just happens to be a car.
You misunderstood what OP was saying. They claimed that an update to the infotainment system shouldn’t be able to brick the other systems in the car. The response points out the car’s OTA update subroutine has access to update every critical system in the car by design. It’s flawed logic to assume that OTA updates only affect the infotainment system.
It has everything to do with it.
If OTA updates can update core vehicle computer systems, in ways that can correct safety, performance, and reliability problems then they can also brick that vehicle.
The manufacturer has the ability to push an update that reprograms computers that control how physical components behave in a vehicle. By the very nature of that; they can push good or evil updates.
Which is a reason the market for "dumb" cars is tightening up. Both my cars are "smart" and sometimes I wonder if I really own them. It bothers me that the maker can cause an update without my permission. (Yes, I know that's the world we've been living in for a while now.)
most cars these days have GPS and return location and so on, why can't manufacturer run these updates only at night and when the car is parked at home? There should be no reason for any OTA update to happen while the vehicle is running (or on a trip etc.), downloading the OTA update, sure, but definitely not applying it. Also there should be a documented procedure to restore the previous in case an OTA update fails.
Why didn't the vehicle manufacturers robustly test their software systems on their vehicle's hardware before releasing the product to the public?
Because cost. Same reason why dash clusters and infotainment systems are now all monitors - its actually way cheaper to use those than analog gauges. The software is built on a famous bullshit paradigm of "never rewrite, always reuse", and as a result shit gets patched together without any concern of how everything cooperates.
Now with hybrid or electrical drives, a motor controller is basically a package that runs its own software, which then interfaces with the rest of the car. And OTA updates can overwrite its firmware.
The only manufacturer that has avoided most issues is Toyota, since they have been doing hybrids for quite some time. Other companies are just starting on this path and to catch up, they can't be bothered to do software deep dives and figure shit out.
I wasn't really talking about galvanic isolation. And on modern vehicles instruments and infotainment tend to run hypervised on the same physical host. Thing is as long as you exchange information there's always potential for logic coupling allowing the trouble to cross the boundary. Not to mention the basic rate excess/denial of service situations.
I had an OTA update brick my Tahoe infotainment system. Now that backup cameras are standard requirements, those were all unusable. Also affected things like the clicking sound you hear when you use your turn signal. That was completely silent. Cost me ~$2k to get it fixed and wasn't covered under warranty. Good stuff. I've disable future "updates".
An FYI for the future, but backup cameras are considered a safety system and manufacturers are required to repair issues they've caused in safety systems regardless of warranty status. The appropriate escalation if the manufacturer doesn't recognize this is to get NHTSA involved with a safety complaint [0]. That's the main way recalls happen.
it clicks a relay. Just like with ICE vehicles people usually use it to warm up their car in the winter.
Also, batteries may need to be preconditioned if too hot or cold. A lot of EVs let you set your ideal departure time in a widget as opposed to using a remote though.
This is a 4xe. It is a gas jeep with an overpriced, undersized battery and motor bolted on.
It can be started just like all the other gas cars.
Although even with full EVs, there's a reasonable concept of a "start". Some even let you essentially unlock and allow driving remotely, even if the local driver doesn't have a key. That's useful sometimes.
Pre-warm the battery, pre-heat or cool the interior, enable the defrosters.
The article doesn't go into a lot of details, but it only says that the bug happens while in motion, not that the software update itself happened while in motion:
> The buggy update doesn't appear to brick the car immediately. Instead, the failure appears to occur while driving—a far more serious problem.
The problem is worse than "just don't update on the fly while driving". The update happened while not driving; the bug causing the failure mode of shutting down power and engine happened later while driving. There's nowhere to hide from these types of problems it seems.
The infotainment system on my car can make changes to the suspension. Can change from street to track mode and even has a launch mode I can initiate for starting a timed 0-60, etc.
I can also put the car into valet mode so it won’t go fast. If I forget the valet mode password I am told I have to buy a very expensive replacement because it can’t be unlocked by a dealer.
I’ve noticed that newer cars seem to get updates that affect performance. Things like how they shift gears.
You're starting out with an assumption, that this is an OTA update for the infotainment system, and then conclude this incident shouldn't be possible. The problem is the assumption.
This is a OTA vehicle update. It has the ability to update the infotainment, ECU, ECM, TCM, and BCM. Multiple manufacturers have been able to release recalls that fix major vehicle defects (safety, reliability, and performance). That wouldn't be possible without OTA updates that update core vehicle computer systems.
Unclear where this idea that OTA = Infotainment came from. I'd go as far as to say that most manufacturers can do this in 2025.