IoT & Embedded Technology Blog

Proceed with Caution: The Need for Careful Automotive OTA Update Management

by Brendan Bradley | 1/24/2024

Initially adopted within the mobile phone industry and spreading across the consumer electronics market, over-the-air (OTA) updates have emerged as an effective solution to maintaining IoT systems and devices in the field, enabling the remote deployment of feature enhancements and patches to device firmware, software, configuration, and operating system (OS).

For decades, the automakers leaned on physical recalls as the primary method of rolling out fixes to fleets of vehicles and performing necessary recalls, presenting a costly and logistical mess for manufacturers. The automotive industry first adopted OTA just over a decade ago, with Tesla viewed as the original adopter of the technology for its 2012 launch of the Model S. Since then, nearly all major OEMs across every major automotive market have integrated OTA updates into their maintenance programs, allowing them to remotely fix issues ranging from simple bugs within navigation units, to critical issues with braking systems. Furthermore, OTA updates have enabled automakers to continually deliver increased value to their customers through the remote delivery of features such as enhancements to vehicle performance and infotainment systems all through a relatively low-cost, low-effort channel.

Despite the embrace within the automotive industry and the wider IoT market, OTA updates introduce levels of risk to embedded systems. If poorly managed, faulty updates can be deployed to devices in the field, causing significant disruptions to user experience and potentially introducing complications and damage that may require further updates and/or physical maintenance. In November 2023, Rivian (NASDAQ: RIVN) mistakenly deployed the incorrect OTA update to its fleet of vehicles, temporarily disabling the infotainment and instrument displays of many customers’ vehicles. While the issue was ultimately addressed within 36 hours by deploying a corrective OTA update, the “fat-finger” error left many customers with diminished use of their vehicles and fear of a physical recall.

The alleged mismanaged use of OTA updates has led to multiple lawsuits in recent years, each focused on the degradation of consumer products due to the continuous automatic updating of systems. In January 2021, Porsche (FWB: P911) agreed to settle a lawsuit for a whopping $10 million after delivering a faulty OTA update to approximately 200,000 vehicles, causing infotainment systems to malfunction and batteries to drain. Notably, the judge refused to dismiss the defendant’s claims for violation of the Computer Fraud and Abuse Act (CFAA), hinting towards future legislative and judicial classifications of software-defined vehicles (SDVs). In July 2021, Tesla (NASDAQ: TSLA) settled a lawsuit for $1.9 million, or $625 per affected driver, after a software update allegedly inadvertently led to a temporary reduction in battery range for thousands of drivers. The company now faces new opposition with the May 2023 filing of a proposed class-action lawsuit against Tesla, citing that the company’s reliance on constant automatic OTA updates has resulted in poorly written software being sent to vehicles without proper user authorization. Like the prior complaint, this software has allegedly led to constant temporary decreases in battery capacity and functionality. Perhaps following the precedent set in the Porsche case, defendants in this lawsuit claim that their Tesla vehicles are “protected computers” under the CFAA.

The genesis of OTA updates within the IoT may be a contributing factor towards the seeming overeager deployment of OTA updates within these more safety-critical industries – devices like mobile phones and other consumer electronics have far shorter device lifespans, oftentimes developed with built-in planned obsolescence. On the other hand, automobiles are expected to operate in the field for far longer periods of times, with the US automotive stock recently hitting record levels of age. Furthermore, despite the widespread use of OTA updates within the automotive market, the industry has yet to establish a common framework for delivery of these updates, nor a universally standardized vehicle architecture designed for receiving OTA updates.

Going forward, automakers must show increased levels of awareness and strategic thinking in how they develop, plan, deploy, and monitor their OTA update campaigns. OTA solutions such as Wind River Studio combine their update campaign management with robust monitoring capabilities, allowing operators to glean real-time data and analytics from their devices as updates are performed and use this information to better inform future update campaigns. Had the previously mentioned automakers had the campaign management infrastructure in place to monitor the effect of their updates on their customers’ vehicles, they likely would have been able to quarantine the issues more effectively. Further capabilities such as the Studio Virtual Lab enable end-users to deploy their OTA updates to virtual devices, thoroughly testing their impacts and identifying any potential complications. Here, automakers can test the effect of updates on factors such as battery performance and infotainment functionality. Other automotive-centric vendors such as Samsung’s Harman offer capabilities for automatic rollbacks if issues are identified during the deployment of updates.

To learn more about the trends and factors impacting the commercial market for OTA update services, check out VDC’s report covering Software Deployment, Maintenance & OTA Solutions for IoT Systems.