Fixing or modifying a car doesn’t always require the vehicle to be brought in to a workshop anymore. Today, certain tweaks and even major updates can be carried out over-the-air (OTA), just like a smartphone. Functions can be revised or introduced with ease, and across entire fleets even while their owners may be sleeping or at work.
The appeal is clear for both parties, but just like any service, these updates need to be reliable, validated and scalable. They also need to be convenient. Handling this new dynamic presents a challenge for automakers, which have grown accustomed to a hands-on approach to servicing that cuts the consumer out of the equation; work can be carried out at the workshop without interruption, and at any time of the day. With OTA, that update may now impact the driver’s experience.
Consider the smartphone today, which can be updated at whim, and without a technician raising a finger. However, if something within that OTA update causes an error or does not function as intended, these ‘bugs’ can hinder the performance of the device. This is rarely more than an inconvenience to most consumers, and can be quickly remedied with another update. But in a vehicle that is becoming ever more reliant on software to operate critical driving functions such as steering and braking, automakers need to be certain that updates will not have dangerous ramifications.
“Even with the most intelligent software management systems in place, OTA software updates may fail for several reasons,” said Peer Sterner, Product Manager Connected Car at Elektrobit. “As the updates will be executed directly at the end customer, there will be no expert in place to resolve issues like today, where repairs are carried out at the workshop.”
Speaking in a recent Greenstreetsoftware.info webinar, he elaborated that an OTA update solution must be “robust against failures, and support failover strategies.” Throw in the potential for updates to be hacked and manipulated before the vehicle has even received the software, and the challenge only intensifies. “An end-to-end system for OTA updates must be robust against all known attacks at the time of deployment, and be able to be updated against future threats as well,” Sterner explained.
While the automotive industry’s approach to OTA is in its infancy today, it is by no means brand new.
Tesla has championed its OTA software updates for years now, and recently launched ‘Version 9’, which will initially roll out to cars across North America, and globally in the coming weeks. Newer models with Hardware 2.5 allow the front-facing camera to double up as a ‘dash cam’ to record driving footage, for example, and a handful of retro video games can be accessed whilst the car is parked. All features are enabled by downloading new software directly to the vehicle.
Other players have been getting in on the act too. Ford and General Motors have offered OTA updates for Sync and OnStar services, respectively, for a few years, but new plans are in place post 2020. In a call to analysts in July 2017, GM’s Mary Barra advised that a new electrical architecture would bring more advanced OTA updates “before 2020.” Speaking at Morgan Stanley’s Sixth Annual Laguna Conference in September 2018, Sunny Madra, Vice President of Ford X (a division within Ford Smart Mobility), pointed out that OTA software updates simply “make [connectivity] better, because we can enable more features over time.”
On 8 October 2018, Nissan launched its new NissanConnect infotainment system that will allow for map and software updates to be carried out wirelessly. Drivers have the choice to download these OTA updates as they wish.
During a March 2018 earnings call, PSA Chief Executive Carlos Tavares said that OTA software updates would gradually be introduced to cars in the group’s portfolio up until 2021. This may allow the automaker to expand the functionality and design of its digital i-Cockpit in coming years.
A conflict of interests
The next challenge lies in making the update process as efficient as possible. How can automakers ensure that OTA updates do not render a vehicle out of action, or slow down the performance of other connected services?
“The common requirement is that such updates do not bother the end user. But depending on how updates are executed, we cannot always carry out updates during driving,” explained Elektrobit’s Sterner. “We have to make sure that certain updates are only carried out when the car is in a safe condition, which is usually when the car is parked.”
Sterner suggests that certain updates could be ‘postponed’, but this would prevent the driver from using the car for a period of time. In April 2018, Consumer Reports noted that Tesla’s software updates “often take from 20 to 90 minutes to complete,” and that drivers are effectively powerless during that time.
Like many smartphone users today, drivers may decide that updates are carried out overnight whilst the car is not being used. On the other hand, there may be critical updates that need to be enforced immediately for the vehicle’s safety or security. Say a driver postpones such an update three times in a row, the vehicle may be forced to override the driver’s decision and enter ‘update mode’ at the next safest point. This ultimately depends on the automaker’s strategy, and how the brand wants to engage with its customers. What’s worse: delaying an update so as to not annoy the driver, or enforce an update to avoid a potential crash or breach in data security?
The best-case scenario, says Sterner, is that updates can be carried out in the background whilst driving, and without any impact on driving functions. Some video game consoles allow this today, with users able to play whilst software updates download out of sight. “With this approach, the driver would not even realise that an update was executed at all,” concluded Sterner.