Today’s cars are essentially networks on wheels, with computers and sophisticated on-board electronic devices running complex software to keep their occupants safe, comfortable, and entertained. Present-day cars each contain more than 50 electronic devices, from multiple vendors, running a mix of operating systems and using several network protocols.
The resulting complexity has an unfortunate downside: Software-related recalls are becoming increasingly problematic, costing the auto industry billions.
For instance, in August, Honda had to recall 608,000 vans and SUVs in the U.S. market in order to update faulty software that was causing instrument panels not to show speed and other important information, including the rear-view camera image. There are many more similar examples of software issues requiring expensive and inconvenient recalls.
To mitigate these costs, automakers are increasingly turning to over-the-air (OTA) updates as the primary solution. OTA updates enable a vehicle’s software to be remotely updated, without requiring the vehicle to be physically present at the dealer’s garage. In theory, the practice solves the software recall issue, but it creates a new dilemma: Tier 1 suppliers and carmakers need a way to manage the complexity of multiple in-vehicle devices remotely.
Adding to the complexity, though, is the fragmented nature of the auto industry. Several automotive software vendors are pushing their own proprietary OTA-update technologies, as are several Tier 1 suppliers and a number of major automakers. Indeed, there are now more than 30 different solutions for OTA updates and remote data gathering among the top 50 Tier 1 suppliers and 30 major OEMs.
Not surprisingly, this has caused severe headaches for designers trying to ensure compatibility as they integrate their devices and software into a working whole. Development costs, time to market, and the risk of errors have all risen in unison.
This situation is unsustainable, and a standardized approach for OTA updates is gaining urgency. What is needed is a single industry-wide platform that defines the OTA-related behavior of each device, together with standardized message formats and response protocols.
Today, Tier 1 vendors that sell to multiple OEMs are forced to reengineer their products for different OTA technologies — a slow and expensive proposition. A standardized platform would greatly simplify development by eliminating this complex and onerous task, saving time and costs. The time saved could then be redirected toward creating new features they could offer to their automaker customers, enabling such as better efficiency, custom lighting, or entertainment or convenience features.
Furthermore, standardization would allow all stakeholders to benefit from common development and test tools.
While cars have been outfitted with many new features for comfort and infotainment, the most important role of in-vehicle software is safety. ABS braking, lane departure, and other driver assistance systems are helping to make driving safer — with the caveat that they are vitally dependent on up-to-date, error-free software.
The current state of the technology is such that software in the safety domain is often unable to be updated over the air. To ensure reliable operation, OEMs spend a lot of time and effort on quality assurance and testing — primarily to ensure that their particular combination of devices in the car is compatible, reliable and safe.
Updating safety-related software requires the ability to move from a verified, fully tested combination of software across multiple devices to the next fully tested combination, with confidence that all devices will update successfully. Ensuring against an incomplete update requires additional OTA-update safeguards and policies that can manage the entire process from start to finish, including rolling back to a known-good combination if any one device does not update properly. Safety also demands control and management of when updates occur — for example, allowing braking-system updates to take place only when the car is stationary and its engine is turned off.
With zero room for error in an environment requiring the management of multiple devices from many suppliers, standardization can play a critical role in ensuring car safety.
A single OTA pipeline
This article has focused first and foremost on the important role of OTA software updates, but there is also substantial secondary value to be gained from building a secure bidirectional pipeline: real-time, real-world data gathering from the vehicle. With a continuous stream of detailed information flowing from devices in each vehicle, automakers have the opportunity to manage the mechanical health of a vehicle throughout its life cycle and to apply predictive analytics for spotting faults before they happen. A bidirectional pipeline also enables the collection of data from entire fleets of vehicles, ensuring the anonymity of individual drivers while still providing real-world insight into driving behavior and car usage patterns.
There are strong arguments in favor of OTA updates and data gathering sharing a single pipeline, avoiding a second, separate connection for data collection purposes. Cost savings are but one factor. Perhaps more important is that each additional access point to a vehicle represents an additional security weak point for potential hackers. Fewer connections simply mean fewer potential problems.
Standardization: The way forward
The arguments presented here make it clear that the automotive industry would greatly benefit from a single standard for OTA updates and data collection running on a single, bidirectional data pipeline for all the various devices in the vehicle.
The eSync Alliance has been formed to meet this important objective and is working on developing and promoting a standardized data pipeline. With big-player members such as Alps Alpine, Faurecia, HELLA, Molex, and ZF, the alliance has the scale and resources to deliver the standardization that the industry needs.
Mike Gardner is Executive Director at eSync Alliance.
>> This article was originally published on our sister site, EE Times Europe.
- Addressing the challenge of automotive OTA update
- The changing face of automotive software
- Anticipating need for Automotive Grade Linux expertise
- A ‘diff’ approach for automotive OTA updates
- Enhancing security in automotive systems
For more Embedded, subscribe to Embedded’s weekly email newsletter.