Automotive Firmware updates - who does them?

Status
Not open for further replies.

OVERKILL

$100 Site Donor 2021
Joined
Apr 28, 2008
Messages
57,846
Location
Ontario, Canada
A new feature (to me) with the '14 SRT-8 was the ability to update the firmware on the UConnect system (the software that runs the infotainment, navigation...etc) via a USB key. This became relevant when the OTA Jeep hack was discovered, which we've discussed in the past. A quick recap: The embedded systems which should be isolated/protected were not and subsequently the system was able to be accessed remotely via the 3G interface and a modified firmware image written to the UConnect system that allowed it to send commands to other components/systems on the network, having a potentially catastrophic impact on the function (or malfunction) of the vehicle.

The original article from Wired here:
http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

Originally Posted By: wired
All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won’t identify until their Black Hat talk, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country. “From an attacker’s perspective, it’s a super nice vulnerability,” Miller says.

From that entry point, Miller and Valasek’s attack pivots to an adjacent chip in the car’s head unit—the hardware for its entertainment system—silently rewriting the chip’s firmware to plant their code. That rewritten firmware is capable of sending commands through the car’s internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They’ve only tested their full set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, though they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit.


Since I have access to WiTech through my dealer, I did the full suite of updates for the various embedded systems on my wife's '06 shortly after we bought it. This included updated firmware for things as simple as the amplifier controller to reduce distortion on bass-heavy music and updated PCM software that dealt with a bug relative to the EGR. All of the fixes/tweaks are present in the release notes for the respective updates for each system. There was also a firmware update for the sunroof controller, which had a bug that would cause it to hang open.

Some of the fixes are for issues most people will never experience and subsequently they are part of a TSB for a specific complaint. Others are of course more important and deal with issues like the one mentioned at the beginning. This could also be updated via WiTech, but the new feature, of being able to update it yourself, as an end-user, is what I found interesting. I would posit that it may not be in the too distant future that manufacturers will push out OTA updates like we have for smartphones.

Anybody in the IT field is pretty familiar with doing these updates anyways. Firmware updates for routers, switches, hard drives, optical drives, tape backups, BIOS; software that ranges in function from dealing with low-level commands/interfaces to operating as a full-blown embedded OS. However, historically this has not overlapped into the automotive side of things with updates only being available for specific systems (PCM/TCM primarily) and the manufacturers not being very open about what is fixed/modified nor forthcoming in implementing the updated software unless requested to do so.

With the advent of these "connected" systems and the various systems themselves being more autonomous the firmware that these components operate on becomes more of interest. With each little embedded device governing its own little section of the car and reporting back to the others, the possibility for bugs becomes higher (more pieces of software, a higher potential for bugs) and the implementation of the various methods of connectivity like WiFi, 3G, USB....etc opens a door for easier access to adding features with new firmware releases or patches for bug fixes.

So, all that being said, I'm pretty familiar with the process for Chrysler products at this point. Does anybody do this kind of stuff for other marques and what is your experience? What's the quality of the errata? Ease of updates?
 
OT but we were thrilled to receive a USB in the mail to update our 2014 RAM due precisely to the potential issues you mention. Talk about easy! Plugged it in and watched in fascination as the touch screen went crazy. Took over 20 minutes...
 
The downside to all this is that all support seems to vanish a few years after a model is produced. My 2012 Challenger hasn't had any Uconnect updates available since late 2013, and I bet never will have any more at all.
 
Originally Posted By: 440Magnum
The downside to all this is that all support seems to vanish a few years after a model is produced. My 2012 Challenger hasn't had any Uconnect updates available since late 2013, and I bet never will have any more at all.



No different than with computer stuff really. If they aren't adding features they tend to get most of the bugs worked out and then that release becomes "final". As these infotainment systems evolve we may see more attention to updates or more frequent ones that may bring with them feature additions/changes but support will eventually stop just like it does with smartphones IMHO. Just ask all the folks left on Android 2.xx for example
wink.gif
 
Originally Posted By: SteveSRT8
OT but we were thrilled to receive a USB in the mail to update our 2014 RAM due precisely to the potential issues you mention. Talk about easy! Plugged it in and watched in fascination as the touch screen went crazy. Took over 20 minutes...


Yup. And this approach makes perfect sense as it saves people having to go to the dealer and get hooked up to WiTech, which takes time for the techs and takes up shop time in general.

Just imagine if they could just send that update to your car via OTA or WiFi like you can do with your iPhone or Android device. That's, as I mentioned, where I see this heading.
 
Originally Posted By: OVERKILL
Originally Posted By: SteveSRT8
OT but we were thrilled to receive a USB in the mail to update our 2014 RAM due precisely to the potential issues you mention. Talk about easy! Plugged it in and watched in fascination as the touch screen went crazy. Took over 20 minutes...


Yup. And this approach makes perfect sense as it saves people having to go to the dealer and get hooked up to WiTech, which takes time for the techs and takes up shop time in general.

Just imagine if they could just send that update to your car via OTA or WiFi like you can do with your iPhone or Android device. That's, as I mentioned, where I see this heading.


From what I have researched that is how Tesla does software updates. They tell the owner to park the car outside and it downloads the update via satellite uplink.

I was lucky, I was able to use the IDS on a Saturday to do my updates on my Mustang. Saturdays are a lot quicker since not as many dealers are open and accessing the network.
 
The CAN bus mentioned in the article you pasted is the protocol used by OBD2-compliant devices. It's from the 80s. And it still works.

In the last few years there has been a lot of progress in the convenience of updating devices with intermitent connectivity in a standard way. That convenience relies on a full-fledged OS (Android or iOS) running a version management system (app store) with or without user's involvment.

Given that all software applications on a given device have to use the same languiage and libraries, they can all be deployed and updated consistently the same way via the app store hooks when connectivity is available.

Being able to "push" updates when needed limits the need for software developers to spend resources on supporting older versions (some businesses used to spend over 50% of revenue on legacy support) and they can focus on new things instead.

On embedded systems such as in modern cars there are a variety (sometimes hunders) of architectures / OS / processors combinations and this makes the task more complicated because things are not as consistent. And this complexity opens loopholes for hackers too.

While someone hacking an android device can cause inconvenience, hacking 1 or 1,000,000 cars OS can cause great bodily harm. So you'll understand that manufacturer prefer keeping the process hush and updating firmwares at the dealership.
 
What did you have to do to update the '06 Charger? My '05 300 has the sunroof bug you mentioned and it drives me nuts sometimes and I would love to be able to update it.
 
Originally Posted By: DrRoughneck


While someone hacking an android device can cause inconvenience, hacking 1 or 1,000,000 cars OS can cause great bodily harm. So you'll understand that manufacturer prefer keeping the process hush and updating firmwares at the dealership.


Agreed, but that secrecy didn't seem to help with the Jeep exploit mentioned
smile.gif
Also, as Steve mentioned, Chrysler shipped him a USB key so even they seem to be loosening up a bit on having user-installed updates if they are important (like this security update).

I don't see them going to OTA updates immediately or anything, but if what bdcardinal has mentioned is they way Tesla has gone, then it sounds like this train is already in motion.

Your point about complexity I agree with completely, and the more complex and the more embedded components that are present not only are there more things to hack but there are also more bugs to deal with, which in turn of course means more updates.

I'm interested to see what happens in the next two or three years, as I think that's when we'll be able to see the direction this is headed and how well it will go. JMHO of course.
 
Originally Posted By: anonobomber
What did you have to do to update the '06 Charger? My '05 300 has the sunroof bug you mentioned and it drives me nuts sometimes and I would love to be able to update it.


Just plugged the car into WiTech. It gives you a lovely diagram of the bus network on the vehicle as well as all the individual modules and their firmware versions. It tells you which ones have updates available for them and what the update(s) fix.

You just need a friend at a dealer that has access to it
smile.gif
 
In 2012 my 2002 Ranger had all available updates done, thanks to Roadkingnc. It was done via a laptop plugged into the OBDII port and didn't take long at all.

I don't think there is any such thing as updating my 1994 Ranger. It's from the era of calibration codes.
 
I had the local indie do a "health check" on my parent's Prius while it was getting some brake work done, Toyota's TIS Techstream will do any applicable PCM/ECM updates if they are found. When I was at Honda, I had access to the HDS - but I only used it for trivial things on a Civic that was mine to maintain.
 
New update for the 2014 6.4 LC/LD/LX cars (Challenger/Charger/300) as of August 12th. This is a PCM code update which brings you to version 05035868AF.

- Fixes issue with cluster in metric and cruise control speed increase/decrease not functioning properly
- Fixes potential gear-hunting issue during cruise operation at lower speeds (40-64Km/h; 25-40Mph)
- MIL illumination due to a myriad of false codes

Bulletin number is 18-094-16
 
I need to plug my Mustang and my mom's Fusion into an IDS at work and update everything. I updated all the modules on my Mustang a few months after buying it and noticed the radio worked a lot better. Have to do it on a Saturday so not every other dealer in the country is trying to access the server at the same time.
 
Originally Posted By: 01rangerxl
In 2012 my 2002 Ranger had all available updates done, thanks to Roadkingnc. It was done via a laptop plugged into the OBDII port and didn't take long at all.

I don't think there is any such thing as updating my 1994 Ranger. It's from the era of calibration codes.


Ford still uses calibration codes. I was told that those codes exist because sometimes Ford makes changes within the model year.

Anyway, the reason your 1994 Ranger might not get updates is because before OBDII, most programming was permanent. After OBDII, the ability to reprogram through flash memory was required. Some cars did get flash memory before OBDII, but it wasn't mandatory until OBDII was introduced.

Before OBDII, if there was reprogramming that needed to be done, it usually involved physically removing a chip with data from the computer module and installing a different one. Other times the entire module gets replaced.

Anyway, I had firmware updates done in my 2003 Saturn ION and 2010 Mistubishi Lancer. Sometimes when those updates are performed, the dealer and manufacturer warranty out the computer module.
 
Status
Not open for further replies.
Back
Top