OTA challenges for automakers

April 24, 2015 OpenSystems Media

Today’s smartphones have remote software update capabilities, called over-the-air (OTA) updating. All major phone companies utilize OTA, performing more than 100 million updates per year to provide new features, patch bugs, and improve performance. These updates avoid product recalls and reduce customer support costs.

Modern automobiles can have as many as 100 microprocessors/microcontrollers running up to 100 million lines of code. Car makers could clearly benefit from being able to update all of this code. The most important benefit is recall avoidance. Today, drivers need to bring their cars to a dealership to have new software installed, which is inconvenient and has its own difficulties, including:

  • Distributing software updates to a vast dealer network takes time and resources
  • Every car owner needs to be notified, usually via snail mail (some can be missed, some won’t bring it in)
  • Dealers need to maintain a software version library, which can lead to errors
  • Customers don’t like to have to bring their vehicles in (which annoys the customer base and leads to a perception of lack of product quality)

OTA would solve those issues, but introduce a new, more complex set of challenges, such as:

  • Keeping the code size of the updates small; only the changes are sent, not the entire package
  • The need to protect against unauthorized software changes and against firmware alterations
  • Keeping owners from downloading apps and customizing their cars, giving hackers a gateway to manipulate internal car systems through malware or “man-in-the-middle” attacks
  • Reprogramming in an uncontrolled environment
  • Ensuring that the vehicle remains stationary during the update
  • Preventing a mis-programmed controller from compromising the driver’s safety
  • Maintaining a consistent Internet connection and power to the processors that are being updated
  • The need to direct specific updates to specific models, which may depend on purchased options. Some vehicles may have aftermarket equipment installed, which could change the required updates

Bear in mind that cars aren’t disposable like cell phones. They are designed years in advance and need to be supported for at least a decade.

Despite all of these changes, at least five automakers – BMW, Hyundai, Ford, Toyota, and Mercedes-Benz – offer OTA software updates, according to Mark Boyadjis, an analyst for IHS Automotive. Others are likely to join in over the next year or two. There are recent cases of OTA being employed by automakers, including:

  • Tesla’s founder Elon Musk, who promised an auto-steering update that will be sent over-the-air, enabling cars to drive unassisted “from parking lot to parking lot.”
  • Ford announced that it will be making wireless updates available through its connected car platform (MyFord), which is supported by Microsoft Azure’s cloud.

Recently, a potential security breach was identified that could expose over 2.2 million BMW vehicles to a potential hack. BMW fixed the problem through an OTA software update, without the knowledge of its customers.

A new car purchased today will be on the road, on average, for more than 10 years. Trying to protect against an attacker 10 years from now means you either need to plan now to protect against a threat that may not exist today, or you must have a way to adapt to future attacks. Those attacks could include taking control of steering, forcing spam advertisements onto infotainment screens, or just unlocking and stealing cars. While the type of attack is unknown, it’s fairly obvious that automakers really must have OTA to address these issues. They just need to implement it in a safe and secure way so as not to introduce more problems than they’re solving.

For the past two years, Gene Carter has been the Director of Product Management for the Embedded Security Business Unit at Security Innovation. Carter has spent the past 20 years in embedded and automotive product management roles for NXP Semiconductors, Philips Semiconductors, and Coto Technology. He holds an MBA from the University of Southern California’s Marshall School of Business and a BSc in Electrical Engineering from Tufts University.

Gene Carter, Security Innovation
Previous Article
Privacy in V2V communications: Is somebody watching you?

In an earlier blog, I discussed the many safety benefits of vehicle-to-vehicle (V2V) communications, which ...

Next Article
Automotive threat modeling

In my last blog, I discussed how vehicle-to-vehicle (V2V) technology could make our cars safer. Here, I'm l...

×

Follow our coverage of automotive-related design topics with the Automotive edition of our Embedded Daily newsletter.

Subscribed! Look for 1st copy soon.
Error - something went wrong!