You're starting out with an assumption, that this is an OTA update for the infotainment system, and then conclude this incident shouldn't be possible. The problem is the assumption.
This is a OTA vehicle update. It has the ability to update the infotainment, ECU, ECM, TCM, and BCM. Multiple manufacturers have been able to release recalls that fix major vehicle defects (safety, reliability, and performance). That wouldn't be possible without OTA updates that update core vehicle computer systems.
Unclear where this idea that OTA = Infotainment came from. I'd go as far as to say that most manufacturers can do this in 2025.
> Unclear where this idea that OTA = Infotainment came from.
Because to some people, the idea of an OTA update being allowed to change mission critical parts of a machine automatically without a solid rollback system is absurd, and the best way to do that is to never do OTA updates of mission critical parts at all.
This is why OTA updates should simply be illegal/considered negligent engineering. If you want a convenient update, let people plug their phones or computers in via a USB port or something, or take it to a mechanic to do so. There shouldn't be security concerns with an appliance because it shouldn't be writable outside of an owner-intended maintenance mode, which should be impossible to activate wirelessly.
Wait until when fridge or TV will come with its own 5G chip and they will get bricked by remote update because it is time to buy a new one and there will be nothing you can do about it.
They don't have to do this. The cheap materials in the compressor or cheap capacitors used on the power supply board will just silently fall. And the cost to repair the problem, for the average person, will be slightly less than just buying a newer version of the crap that just broke.
My LG refrigerator recently stopped cooling. The error code suggested it was the defrost mechanism. It was more of a hassle of a repair than I wanted to take on so I found an authorized repair shop on the LG site and opted for their flat rate repair.
First trip the repairman replaced all of the defroster parts and sensors. It failed again with the same code 18 hours later. The second time he replaced the main board and at least one other part. It now works great and I have effectively a new fridge aside from the compressor for less than $400.
Compressor still has three years of warranty left and we expect to move before then. It can (hopefully) be someone else's problem.
This should be made illegal. It’s a massive national security threat. Imagine on the eve of a war, instead of Jeep 4xes, it’s every recent Ford or Toyota or GM car, and instead of a software update that can be rolled back, it wipes the flash completely, or reprograms the ECU to damage the engine or disable the brakes on the highway or something else to cause accidents.
Just wait until you hear how much of our country's critical infrastructure is hooked up to the Internet. Traffic lights, water treatment plants, power plants.
The infotainment system can be the gateway to the rest of the vehicle network. It makes sense to attach a 4G modem to the display head to do mapping, hands free calling or emergency response, you may as well use it to download ECU updates too.
"I'd go as far as to say that most manufacturers can do this in 2025."
What does that have to do with OP's comment? And their point is still valid, and OTA update should not be able to brick a vehicle, regardless of the system receiving the update. And regardless if "they all can do it".
Any update can brick your device if done poorly. This device just happens to be a car.
You misunderstood what OP was saying. They claimed that an update to the infotainment system shouldn’t be able to brick the other systems in the car. The response points out the car’s OTA update subroutine has access to update every critical system in the car by design. It’s flawed logic to assume that OTA updates only affect the infotainment system.
If OTA updates can update core vehicle computer systems, in ways that can correct safety, performance, and reliability problems then they can also brick that vehicle.
The manufacturer has the ability to push an update that reprograms computers that control how physical components behave in a vehicle. By the very nature of that; they can push good or evil updates.
Which is a reason the market for "dumb" cars is tightening up. Both my cars are "smart" and sometimes I wonder if I really own them. It bothers me that the maker can cause an update without my permission. (Yes, I know that's the world we've been living in for a while now.)
> This is a OTA vehicle update. It has the ability to update the infotainment, ECU, ECM, TCM, and BCM. Multiple manufacturers have been able to release recalls that fix major vehicle defects (safety, reliability, and performance). *That wouldn't be possible without OTA updates that update core vehicle computer systems.*
Why wouldn't it be possible without OTA? It would just require someone to go somewhere, or do something, to get this installed.
While their assumption is incorrect, your conclusion is incorrect.
> Multiple manufacturers have been able to release recalls that fix major vehicle defects (safety, reliability, and performance). That wouldn't be possible without OTA updates that update core vehicle computer systems.
Just like dosage can be the difference between medicine and poison, OTA updates that can fix major safety, reliability, and performance problems can also cause them. The power is too great, and simply shouldn’t be allowed.
most cars these days have GPS and return location and so on, why can't manufacturer run these updates only at night and when the car is parked at home? There should be no reason for any OTA update to happen while the vehicle is running (or on a trip etc.), downloading the OTA update, sure, but definitely not applying it. Also there should be a documented procedure to restore the previous in case an OTA update fails.
Because cost. Same reason why dash clusters and infotainment systems are now all monitors - its actually way cheaper to use those than analog gauges. The software is built on a famous bullshit paradigm of "never rewrite, always reuse", and as a result shit gets patched together without any concern of how everything cooperates.
Now with hybrid or electrical drives, a motor controller is basically a package that runs its own software, which then interfaces with the rest of the car. And OTA updates can overwrite its firmware.
The only manufacturer that has avoided most issues is Toyota, since they have been doing hybrids for quite some time. Other companies are just starting on this path and to catch up, they can't be bothered to do software deep dives and figure shit out.
As long as it exchanges information (mundane things like muting the music when parking sensors have to be heard, requesting battery/fuel status for advising the next fill stop etc) the isolation can't be entirely complete.
I wasn't really talking about galvanic isolation. And on modern vehicles instruments and infotainment tend to run hypervised on the same physical host. Thing is as long as you exchange information there's always potential for logic coupling allowing the trouble to cross the boundary. Not to mention the basic rate excess/denial of service situations.
I had an OTA update brick my Tahoe infotainment system. Now that backup cameras are standard requirements, those were all unusable. Also affected things like the clicking sound you hear when you use your turn signal. That was completely silent. Cost me ~$2k to get it fixed and wasn't covered under warranty. Good stuff. I've disable future "updates".
An FYI for the future, but backup cameras are considered a safety system and manufacturers are required to repair issues they've caused in safety systems regardless of warranty status. The appropriate escalation if the manufacturer doesn't recognize this is to get NHTSA involved with a safety complaint [0]. That's the main way recalls happen.
The infotainment system on my car can make changes to the suspension. Can change from street to track mode and even has a launch mode I can initiate for starting a timed 0-60, etc.
I can also put the car into valet mode so it won’t go fast. If I forget the valet mode password I am told I have to buy a very expensive replacement because it can’t be unlocked by a dealer.
It looks like there are two updates - the infotainment AND the other one .. firmware of some thingies. And the infotainment is a PREREQUISITE to the other one.
That is what I surmised from listening to the "don't do this until we fix it please" notice from Stellantis from this weekend.
it clicks a relay. Just like with ICE vehicles people usually use it to warm up their car in the winter.
Also, batteries may need to be preconditioned if too hot or cold. A lot of EVs let you set your ideal departure time in a widget as opposed to using a remote though.
This is a 4xe. It is a gas jeep with an overpriced, undersized battery and motor bolted on.
It can be started just like all the other gas cars.
Although even with full EVs, there's a reasonable concept of a "start". Some even let you essentially unlock and allow driving remotely, even if the local driver doesn't have a key. That's useful sometimes.
The article doesn't go into a lot of details, but it only says that the bug happens while in motion, not that the software update itself happened while in motion:
> The buggy update doesn't appear to brick the car immediately. Instead, the failure appears to occur while driving—a far more serious problem.
The problem is worse than "just don't update on the fly while driving". The update happened while not driving; the bug causing the failure mode of shutting down power and engine happened later while driving. There's nowhere to hide from these types of problems it seems.
The infotainment system should be completely isolated from the driving system.