IoT-connected devices are notoriously unsecure, and cars are no exception.
Sure, hackers can exploit webcams to mount a DDoS (distributed denial of service) attack. That’s bad. But, if a car is compromised, it can be turned into a deadly 2-ton missile traveling at triple-digit speeds.
Critical controls in modern cars such as the throttle, steering and brakes are either entirely fly-by-wire or controlled in some way by the car’s computer. For example, in most of today’s cars, there’s no mechanical linkage between the gas pedal and the engine’s throttle body. There’s just a sensor connected to the pedal and a small motor that operates the throttle butterfly with the computer interpreting the signal.
The same thing applies with many automatic shifters. This is great for packaging because wires are the only things running between points A and B. The computer also has full control of systems that do have mechanical connections such as brakes and steering, overseeing things such as traction control, lane holding, brake assist and semi-autonomous driving modes.
This technology makes cars safer and has the needed gee-whiz appeal. It also makes every system of the car exploitable through physically accessing vehicle systems via the OBDII port or remotely when the car is connected to a network. Vehicle systems are highly interconnected, so any outside exploit eventually can give you access to all systems.
Two years ago, white-hat hackers remotely gained control of a Jeep through its infotainment system and shut it down on the highway.
Indirect exploits like the one on the Jeep are possible, but not simple. Automakers are concerned that by adding over-the-air (OTA) update capabilities to cars, they may unintentionally give the bad guys direct access to vehicle control systems. This can leave cars vulnerable to everything from ransomware to terrorist attacks.
Automakers already have direct and remote access to a wealth of vehicle data. A car capable of OTA updates has at least a perception of a constant connection to the mothership. Consumers have been wary of sharing car-related data, but the tides are turning.
According to a 2016 McKinsey study, about 59% of U.S. consumers are now willing to share personal data for predictive maintenance – a number that jumps up to 90% in China.
Even more encouraging for automakers, consumers surveyed expressed willingness to pay for numerous data-enabled features. Even in data-sensitive America, 73% would pay for usage-monitoring services, 72% for networked parking and 71%for predictive maintenance instead of selecting free ad-supported versions. When there is apparent value, people are more willing to share data; but an opt-in approach still should be used to protect the privacy rights of consumers.
Dealing with the Dealer Network
Visiting the dealership ranks right between root canals and being poked with hot sticks. It’s an experience that just doesn’t jibe with today’s customer-centric, digital consumer culture. But, it’s as hard to change as it is unpleasant.
Today, 48 states have laws that limit or ban manufacturers from selling vehicles directly to consumers. Tesla has faced suits from dealer associations in multiple states blocking its direct-to-consumer model to avoid seeing their businesses disrupted by a new distribution model. In Virginia and Texas, courts sided with the dealers. Dealer networks and their powerful lobbies are fighting for their lives, and that fight includes OTA updates.
Dealers have a lot to lose from OTA updates. As it stands now, when your car needs a software update, you must take it to the dealer where they physically access systems through the OBDII port and make the fix. If it’s under warranty, they get paid by the manufacturer to do it. If not, it comes out of the pocket of the customer. Either way, it’s a revenue stream that soon will disappear.
I know you are thinking it, so I’m just going to say it: Yes, Tesla already is doing it and it can for a few reasons. First, Tesla customers are more likely to be fanatical technologists and more willing to accept some bugs as an ultra-early adopter’s price of entry. Secondly, Tesla doesn’t have a dealer network to contend with. Third, it’s been a part of Telsa’s technology stack since day one.
How much of a difference does OTA make for consumers and manufacturers? In 2014, both General Motors and Tesla faced fire-related recalls that were caused by software bugs. Tesla did a quick OTA fix on 30,000 cars the same day the recall was issued.
General Motors and the owners of 370,000 of its pickups were not as lucky. They had to service all of them at the dealer, which cost the automaker millions. If OTA were available, the fix would have been cheap and painless.
OTA Updates Coming
Despite these challenges, OTA updates are inevitable. Automakers are taking a cautious approach, but ever-increasing dependence on software and in-car tech will require easy updates for safety, security and satisfaction to tech-savvy customers that demand a hassle-free ownership experience.
By 2022, there will be 203 million vehicles on the road that can receive software and over-the-air upgrades. At least 22 million also will be able to get firmware upgrades, according to a new report by ABI Research.
Savings related to enabling OTA updates could reach $45 billion by 2022, says researchers IHS Automotive.
“(Carmakers) really cannot build OTA platforms fast enough,” says Egil Juliussen, research director at IHS.
I couldn’t agree more.
Brendan O’Brien, chief innovation officer and co-founder, Aria Systems