Dec 14, 2018 - Technology

The hidden risks of remote software updates

Illustration of a car with loading symbols instead of wheels

Illustration: Rebecca Zisser/Axios

To get a car with the latest automated driving features all it takes in some cases is a couple of software updates — a growing trend with potential safety and cybersecurity risks.

Why it matters: Using a built-in wireless connection to fix a bug or add new functions can be a welcome convenience that can also prompt people to make needed repairs. But if it means instantly handing over more of the driving task to your vehicle, you could be putting yourself at risk if the new software is glitchy or you don't understand and misuse the car's new capabilities.

Background: Except for the occasional map or infotainment update, most cars are frozen in time when they leave the lot, requiring a trip to the dealership for software-related recalls or updates.

  • That results in higher warranty costs for automakers and a hassle for car owners.
  • Tesla pioneered the concept of making cars more capable over time, pushing out hundreds of over-the-air (OTA) updates to things like steering, braking and windshield wipers since introducing its Model S in 2012.
  • Following the 2015 debut of Autopilot, Tesla has regularly used OTA updates to add more advanced driver-assist features like automatic lane changes.

What's happening: Following Tesla's lead, automakers are beginning to embrace the idea of OTA software updates, whether to handle recalls or add new driving features.

  • GM and Ford say they'll enable OTA updates by 2020.
  • Legacy automakers must first design new vehicle electrical architectures that can accept flash updates; Tesla's cars were designed like smartphones to do that from the start.
  • Tesla's other advantage: it has an in-house team of software developers that can push out updates quickly, notes Gartner Group analyst Mike Ramsey.

Yes, but: Cars are becoming more automated overnight, gaining new superpowers they didn't possess the day before.

  • Precautions are needed to ensure drivers fully understand and are comfortable with their car's new capabilities — and that remote software updates were completed properly and securely.
  • Remote updates create potential opportunities for malicious hackers to intercept and replace legitimate software with malware that could affect the car's performance.
  • Updates can be tricky: Sometimes they've inadvertently disabled other systems.
  • Tesla customers receive detailed release notes explaining every software update and can watch videos or visit a Tesla store to learn how new features work, but it's optional.

The bottom line: It's not enough. Some people already mistakenly believe their car can drive itself. Adding more automation could lead to further confusion.

  • Some experts suggest requiring a brief check by a dealership technician and a mandatory tutorial before more advanced automated-driving software can be activated.
  • In setting policies on autonomous vehicles, regulators could also consider how to address OTA updates that progressively add new layers of automation.
Go deeper