Implementing OTA Updates for Vehicles Is Hard

In the 17 years since Apple introduced the iPhone, most people have become accustomed to a regular cadence of over-the-air (OTA) software updates to their mobile and computing devices. These OTA updates often bring new features and functionality, as well as bug fixes and mitigations for security vulnerabilities. In 2012, Tesla began doing essentially the same in the auto industry, and other automakers have slowly been catching up ever since. However, deploying OTA updates to vehicles hasn’t been a smooth ride for much of the industry.

Implementing OTA updates for vehicles is not as simple as sending a file to each car on the road. First and foremost, unlike most of the devices we’re used to getting updates for, safety must be paramount for a vehicle. If a smartphone gets disabled or goes into an infinite reboot loop because of a defective update, it’s certainly annoying, but it doesn’t typically have life-threatening consequences. A vehicle has multiple safety-critical systems such as steering, braking, propulsion, and restraints, and if any of these are inadvertently disabled, it could lead to crashes with potential injuries or deaths.

Implementing an OTA update system on vehicles is further complicated by legacy electrical and electronic (E/E) architectures that have widely distributed computing units, often powered by low power microcontrollers and connected by slow controller area networks, or CANs. Cost is also a key consideration, with most automakers running at much slimmer margins than typical technology companies.

The remarkable durability of most modern vehicles has made them very long-life products; the average age of vehicles in the US is now 12.6 years, and 20-30-year-old vehicles are not at all uncommon. Consumer mobile devices rarely last 5 years and often less before they break or become obsolete.

All of this tends to lead legacy automakers to avoid fixing what isn’t broken. So despite the existence of much more modern E/E architectures with centralized and zonal computing and high performance systems on a chip (SoCs), most new cars are still built with architectures that would have been familiar decades ago. Even with E/E architectures more suited to remote updates, a suitable software architecture is also required, as well as a fast in-vehicle network and robust wireless connectivity to deliver the update files.

There remains a lack of consensus among many automakers about the most reliable ways to deliver updates to customers that also minimize the bill of materials costs for the vehicle so that it can be sold profitably and affordably for consumers.

A new Guidehouse Insights white paper published with Aurora Labs examines 5 Preconceptions about OTA Updates. In it we look at some of the issues that the automotive industry is grappling with in deploying OTA updates, such as file sizes, double-banking of storage, what data pathways to use for update delivery, reversing broken or corrupted updates, and dealing with a heterogeneous compute environment. The free white paper is available to download from Aurora Labs, along with many others.