1y ago

Tesla recalls all 3,878 Cybertrucks over faulty accelerator pedal - The Verge

www.theverge.com

Tesla recalls all 3,878 Cybertrucks over faulty accelerator pedal

113 comments

Tesla fans have taken issue with the word “recall” in the past when the company has proven adept at fixing its problems through over-the-air software updates. But they likely will have to admit that, in this case, the terminology applies.
Even if Tesla sucks super hard, I agree with these complaints. I immediately checked to see if this was a "real" recall or a software one. Since they all need some physical work on them it definitely applies, but I really wish they used a different term for software update "recalls". It's confusing word choice.
- Software updates should absolutely be recalls. Ship a complete vehicle or don’t. I absolutely do not want cars to turn in what games are today. I do not want hotfixes on my car because they didn’t test. Fuck an OTA update too, I don’t want that either, if they need an update it’s a recall and the cars have to go back to the shop. I want it to hurt and appropriately damage the company’s reputation.
  
  In my opinion it points to a more dangerous thing, “continuous delivery” software mindset seeping into safety critical systems.
  It’s fine, good even, that web developers can push updates to “prod” in minutes. But imagine if some dork could push largely untested control system updates to your car’s ECU… it’s one thing for a website site to get a couple errors, but it’s a very bad thing if it makes your steering wheel stop working.
  Unfinished products make more money, and it’s high time a consumer protection law clamped down on this.
  
  I agree I mean how many times in the past couple of years have large sites or services gone down because an update was pushed through. Most recently I can think of teams going down earlier this year.
  Should be protocols put into place for cars that need to be followed for a software update.
  
  Should be protocols put into place for cars that need to be followed for a software update.
  Protocols are in place. We can argue over wether or not those are good enough, but the car industry is incredibly heavily regulated.
  Those protocols include certain systems being designated as "critical" and significantly more testing is required to change them. Some changes can only be made after an entire year of testing by a third party auditor including crash tests, emissions tests, etc.
  Updating the map to inform the driver that a police officer is standing around the next corner with a radar gun? That can be done OTA with zero testing (and yes, my car does that). That's not a critical system, it's an important safety feature. If the car ahead of me is going to slam on the brakes the moment they see the officer... I want to know it's likely to happen ahead of time - might even slow down myself. ;-)
  
  Oh yeah don't stop.
  
  This operates under the assumption that cars produced before the era of OTA updates could not have been improved by OTA updates. I’ve used a few of them, and that doesn’t seem to be the case.
  But imagine if some dork could push largely untested control system updates to your car’s ECU…
  While I can’t deny that this isn’t categorically impossible, it seems incredibly unlikely. At the very least, I don’t think we’ve seen this happen yet, and OTA updates have been around for a while now.
  
  I dont disagree with anything you said, I just think there should be a different, but equally severe term for clarity. It's not hurting Tesla so much as devaluing the word "recall". Make it hurt, Tesla is reckless with the way they ship unfinished products, but as I said before, I wasn't even sure what "recall" meant in this sense.
  
  I’m saying upgrade what it’s considered to recall. No OTA hot fix, car goes back to the shop. A proper recall just like any other recall. A software issue is just as dangerous as a hardware issue for something like an accelerator pedal. To be clear, this isn’t Tesla hate, this is modern “sell unfinished products” hate. I’d say the same thing for any other manufacturer.
  If the blinker pattern needs to be updated, that’s fine for OTA in my opinion, and shouldn’t be a recall. Problems with the accelerator, brakes, steering, anything safety critical - nah. Recall for that, proper recall.
  
  Recalls still require the customer to take action. They're much less likely to go into the shop to have it fixed than press a button on their phone and have the car fix itself overnight.
  Your suggestion for not allowing safety software fixes OTA is dangerous.
  
  Other way around. Unsupervised OTA updates are dangerous.
  First: A car is a piece of safety-critical equipment. It has a skilled operator who has familiarized themselves with its operation. Any change to its operation, without the operator being aware that a change was made, puts the operator and other people at risk. If the operator takes the car into the shop for a documented recall, they know that something is being changed. An unsupervised OTA update can (and will) alter the behavior of safety-critical equipment without the operator's knowledge.
  Second: Any facility for OTA updates is an attack vector. If a car can receive OTA updates from the manufacturer, then it can receive harmful OTA updates from an attacker who has compromised the car's update mechanism or the manufacturer. Because the car is safety-critical equipment — unlike your phone, it can kill people — it is unreasonable to expose it to these attacks.
  Driving is literally the most deadly thing that most people do every day. It is unreasonable to make driving even more dangerous by allowing car manufacturers — or attackers — to change the behavior of cars without the operator being fully aware that a change is being made.
  This is not a matter of "it's my property, you need my consent" that can be whitewashed with a contract provision. This is a matter of life safety.
  
  If a car can receive OTA updates from the manufacturer, then it can receive harmful OTA updates from an attacker who has compromised the car’s update mechanism or the manufacturer.
  There's potential for a very dystopian future where we see people assassinated, not via car bomb but via the their cars being hacked to remove braking functionality (or something similar). And then a constant game of security whack-a-mole like we see with anti-virus software. And then some brilliant entrepreneur will start selling firewalls for cars. And then it'll be passed into law that it's illegal to use a vehicle that doesn't have an active firewall/anti-virus subscription.
  It almost feels like the obvious path things will go down. Yay, capitalism...
  I'm not totally opposed to software being used in cars (as long as it's tested and can be trusted to the degree mechanical components are) but yeah, OTA updates just seem like a terrible idea just for a little convenience. I'd rather see updates delivered via plugging the car in (and not via the charging port - it would need to be a specific data transfer port for security reasons). Alert people when there's an update, and even allow the car to "refuse to boot" if it detects it's not on the latest version. But updates should absolutely be done manually and securely.
  
  Cutting someone's brake lines has been a means of assassination for a while. What's new here is that it could potentially be done remotely, e.g. an attacker in Bucharest targeting a victim in Seattle on behalf of a payer in Moscow.