Forgot your password?
typodupeerror
Security Software Transportation News

Ford Tests DIY Firmware Updates 164

Posted by Soulskill
from the what-could-possibly-go-wrong dept.
wiredmikey writes "This month, Ford is borrowing something from the software industry: updates. With a fleet of new cars using the sophisticated infotainment system they developed with Microsoft called SYNC, Ford has the need to update those vehicles — for both features and security reasons. But how do you update the software in thousands of cars? Traditionally, the automotive industry has resorted to automotive recalls. But now, Ford will be releasing thirty thousand USB sticks to Ford owners with the new SYNC infotainment system, although the update will also be available for online download. In preparing to update your car, Ford encourages users to have a unique USB for each Ford they own, and to have the USB drive empty and not password protected. In the future, updating our gadgets, large and small, will become routine. But for now, it's going to be really cumbersome and a little weird. Play this forward a bit. Image taking Patch Tuesday to a logical extreme, where you walk around your house or office to apply patches to many of the offline gadgets you own."
This discussion has been archived. No new comments can be posted.

Ford Tests DIY Firmware Updates

Comments Filter:
  • by fuzzyfuzzyfungus (1223518) on Thursday March 08, 2012 @05:29PM (#39293661) Journal
    Just leave at least one wireless interface active and I'll handle all the updates for you!

    Sincerely, B. Hat,
    Honest Gentleman
  • by LoudNoiseElitist (1016584) on Thursday March 08, 2012 @05:30PM (#39293673)

    "Play this forward a bit. Image taking Patch Tuesday to a logical extreme, where you walk around your house or office to apply patches to many of the offline gadgets you own."

    I'm assuming by the time we need to upgrade firmware or software on our refrigerators, toasters, coffee makers, and toilets that they'll all be sentient and just do it themselves.

    • by plover (150551) * on Thursday March 08, 2012 @05:36PM (#39293775) Homepage Journal

      Hey, I have a 10 year old ordinary Ford pickup, and I recently had to reboot it. The transmission wasn't leaving 2nd gear (a.k.a. the "safety" gear), so when I stopped at the next intersection, I shut the engine off, waited five seconds, then turned it back on. It was fine after that.

      I have no idea what went wrong, only that a reboot fixed it. I'm just glad I was able to choose the circumstances, rather than have the truck decide to update itself in the middle of the road because it forgot it wasn't in the garage.

      • Weird that you replied to my post with this problem. I have this same (or similar) problem with my Explorer. Did the OD light start blinking or stay on? Mine does this, and turning the truck off and back on fixes it. The bad part is that it only gets worse, and now I'm lucky to get to work without it kicking in. I've had it not want to shift out of second a few times, but usually it just doesn't want to downshift when accelerating, meaning you have to floor it just to get moving from a stop.

        It's appare

        • by geekoid (135745)

          Or the sensor is fine, it's just getting bad data from a faulty transmission.

        • by plover (150551) *

          I remember seeing the OD light being on unexpectedly recently, (probably in conjunction with this incident,) but I don't recall if it was blinking or not. It's only happened a few times, once about two months ago, and once about two weeks ago. (I refuse to believe that two points makes a trend.) And mine's a Ranger, which is built on the same frame as the Explorer.

          Your post just made me think of it, and that if the update software was of the same quality that it could just as easily have been so stupid a

          • by Ihmhi (1206036)

            I want you to explain this in an easily understandable way, but you can't use a car analogy because it's already about cars! I DON'T KNOW WHAT'S REAL ANYMORE!

            • by drfreak (303147)

              Easily solved. When things are backwards, start thinking backwards. I use computer analogies all the time when talking to gear-heads.

        • When my car decided to only do second gear, they replaced a speed sensor on the transmission. It looks kind of like a power cable to me. It fixed the problem. Unfortunately it's not considered part of the transmission so I had to pay for it even though the transmission had been installed probably less than a month before that, and was still under warranty. But the repair was less than $100 US I think.
      • My 2002 Buick Park Avenue does this too. It gets a rough shift when the transmission senses a problem with the shift solenoids, and it will shift roughly until you turn it off and turn it back on.
    • When is someone going to release a software package to handle a household's updates automatically? People aren't going to want to think about it.....

    • Great quote from an old Embedded Design Magazine: "I knew the world had fundamentally changed when I had to reboot my stove's exhaust fan"
    • by Compaqt (1758360)

      O for the day that cars were cars, toasters were toasters, and men were men ...

  • by 14erCleaner (745600) <FourteenerCleaner@yahoo.com> on Thursday March 08, 2012 @05:30PM (#39293677) Homepage Journal
    Since when does an automobile entertainment system need security updates? Oh, the wonders of Microsoft...
    • by toadlife (301863)

      Sync is a lot more than a fancy radio control interface.

      http://www.ford.com/technology/sync/features/ [ford.com]

      If think it's a bit naive to think that a piece of software could be written within typical commercial time and resource constraints and have no bugs.

      • by Inda (580031)
        When I left the industry in 2000, lead time time for a new car model was 18 months, down from 36 months when I joined in 1991.

        You can't write a piece of entertainment software in 18 months? Surely not.
    • my car crashed (Score:4, Insightful)

      by v1 (525388) on Thursday March 08, 2012 @05:37PM (#39293785) Homepage Journal

      no, really. no, not like that. I was just running this firmware update and now there's a note on the dash telling me there was a problem and I need to restart my car? but when I turn the key it won't start anymore?

      • Re: (Score:3, Funny)

        by Em Adespoton (792954)

        At least you didn't get the blue windscreen of death....

        • by v1 (525388)

          I consider myself lucky to have never bricked anything with a firmware update before. But can you just imagine bricking your CAR?

    • by Sir_Sri (199544)

      since you could try and buffer overflow an input?

      Even if the system is completely disconnected from everything else on the car, it would still be problematic to have your entertainment system crash constantly.

      Even if the system itself is read only (which has it's own problems) it could still crash if it tries to read in bad data.

      Whenever you use an existing platform you accept that there's going to be some problems, some fixable, some not, in an era of software you have no excuse for not fixing known proble

      • by X0563511 (793323)

        The real solution here is to make sure the entertainment system is totally decoupled (or read only enforced with hardware) the systems that operate the vehicle itself.

    • by mrquagmire (2326560) on Thursday March 08, 2012 @05:52PM (#39293995)
      It's not a security update. This update is more like a complete rewrite and has very little to do with Microsoft. You see, for their first attempt Ford decided to outsource the project to a company called BSQUARE who put the UI together using Adobe Flash Lite [tumblr.com]. For some reason, the results were slightly [consumerreports.org] less [autoblog.com] than [nytimes.com] stellar [fordedgeforum.com].

      Anyway, the preliminary reviews of the new version sound promising so I am at least a little hopeful. I am still quite frustrated, however, that I've had to deal with such awful software for well over a year on a brand new vehicle that cost almost $40k.
      • by gstoddart (321705)

        Anyway, the preliminary reviews of the new version sound promising so I am at least a little hopeful. I am still quite frustrated, however, that I've had to deal with such awful software for well over a year on a brand new vehicle that cost almost $40k.

        That, unfortunately, is a problem with being an early adopter.

        This strikes me as the kind of stuff you wait for version 3 before you buy it. Because if this is essentially a rewrite, it's likely still a Steaming Heap of Innovative Technology with an entirely

        • by LordLimecat (1103839) on Friday March 09, 2012 @03:46AM (#39298363)

          Maybe the problem is that touch screens are absolutely terrible in situations where you cant devote your whole attention to them. I can adjust basically everything in my '03 car without taking my eyes off of the road because of this fancy feature called "tactile feedback" which comes standard with all the knobs in my var.

          Try doing that with your fancy touch screen. Bonus points if its anywhere near as responsive as the knobs.

      • Shoulda had a V-Dub!

        The Fender stereo system in my wife's new Jetta is bitchin', and the software so far has performed flawlessly.


        Being rather old school myself (I drive a 1980's carburated truck), I typically lift my nose at any automotive technological gadgetry that doesn't increase the performance of the vehicle... however, I will begrudgingly admit it's pretty awesome to have my music stream jump from my phone to the car stereo with no manual intervention on my part (other than inserting the key).
    • Re: (Score:3, Interesting)

      by sparkyradar (908639)

      Well, the hardware was made by Sony, so "update" means:

      a) remove functionality
      b) rooting and snitching on your usage
      c) adding requirement for cryptic, lightning-fast keypresses to perform even the most-basic functions, like turning on
      c) new TOS to prevent suing

      I cannot think of a better Marriage Made in Hell than Sony and Microsoft. B*stards forever :-)

    • Re: (Score:2, Funny)

      by Anonymous Coward

      You mean putting a Bluetooth device running Windows on the same CANBus that runs your car's door locks, steering lock, ignition, fuel injection, electronic power steering, braking and throttle and etc. etc. etc. wasn't a good idea after all?

      Wow, who saw that one coming?!

      Remember, folks, CANBus does not have any authentication; any device on the bus can send arbitrary packets to anything else on the bus. Putting a wireless device on there is probably not a great idea.

    • by AmberBlackCat (829689) on Thursday March 08, 2012 @07:21PM (#39295245)
      It reminds me of years ago when my brother bought a Sharp Zaurus. It was our first experience with a Windows operating system on a handheld organizer, Windows CE. It was also the first time we saw a handheld organizer lock up. It's amazing how Microsoft can get car companies, who are trying to earn a reputation for quality and reliability, to put this software in their products.
      • by lwriemen (763666)

        Yes. The "fool me once" moment, WinCE, is shame on you, Microsoft! BUT .. the "fool me twice" moment is shame on [insert automotive company]!

  • ...well if they follow the "Web 2.0" model, then if their upgrade breaks your car, you won't be able to downgrade, and you'll just have to wait until the issue is fixed in the next upgrade.

    • In that case, you'd be better off with the Microsoft model. Providing, of course, you follow the time-honed tradition of postponing things until the release of the first service pack. Will it still fit on a USB stick, I wonder.

      Snarky comments aside, it would be interesting to see whether other manufacturers adopt anything similar for their products. If they don't, well, I don't have to get annoyed until 2:00 a.m some time this November.

  • by AuralityKev (1356747) on Thursday March 08, 2012 @05:33PM (#39293713)
    "Yeah, boss? I can't come into work today. My Ford Focus just BSOD'd in my driveway."
    • Re: (Score:2, Informative)

      by Anonymous Coward

      You joke, but the Ford Fusion at least has a "limp home mode" that recently required a visit to the stealership. The diagnosis: throttle body for $900. Had them just clear the code and the car has gone thousands of miles since. The actual cause? A dead battery. A dead battery is a common failure mode and should not throw spurious diagnostic codes that disable the vehicle until reset by the dealership.

      • by Tongo (644233)
        We have a 2011 Ford Explorer with Sync and Nav. It has a BSOD (Black Screen of Death). It also perform "System Maintenance", which is just a reboot, mid drive. The issue isn't necessarily the MS Software, but the flash based user interface designed by a third part. It was a giant piece of shit. Also, it's not 30k USB sticks, it's 300,000 USB sticks, plus SD cards for anyone with Nav.
  • by Torodung (31985) on Thursday March 08, 2012 @05:41PM (#39293843) Journal

    Goodbye Magnuson-Moss, it was nice knowing you! A service pack for your car. Good luck with that. What if it bricks your car? How much does a replacement dashboard computer cost after warranty, due to a faulty update? Who is liable for that if it happens?

    Has anyone seen the EULA for this thing? If it isn't significantly different from normal software EULAs, I'm avoiding this sort of technology like the plague.

  • by phonewebcam (446772) on Thursday March 08, 2012 @05:42PM (#39293853) Homepage

    ...in the JD Power IQS Customer Satisfaction Rankings [dailytech.com]:
    "Ford went from a fifth place ranking in the 2011 J.D. Power Initial Quality Study to a mediocre 23rd place showing this year. Sister-brand Lincoln took a similar nosedive, falling from eighth place all the way down to 17th place this year. ... Not surprisingly, MyFord Touch was the biggest contributor to Ford's fall from grace. "
    And who designed the MyFord touch? Give you one guess [wikipedia.org].

    • by UberOogie (464002) on Thursday March 08, 2012 @05:59PM (#39294109)
      Holy crap. I made a joke in my head about rebooting a car, but MS has again found a way to make truth stranger than fiction (from the wiki):

      "For new car owners whose MyFord Touch systems crash, both Ford dealerships and Ford-sponsored websites have been recommending that owners disconnect the black (negative) lead to the battery for several minutes, reconnect, then run the car for at least five minutes to reboot the MyFord Touch system. Owners have complained that this is extremely inconvenient, even dangerous in many situations, and should not be required of owners who have paid tens-of-thousands of dollars for their new cars."

      • Re: (Score:3, Informative)

        by Anonymous Coward

        Holy crap. I made a joke in my head about rebooting a car, but MS has again found a way to make truth stranger than fiction (from the wiki):

        "For new car owners whose MyFord Touch systems crash, both Ford dealerships and Ford-sponsored websites have been recommending that owners disconnect the black (negative) lead to the battery for several minutes, reconnect, then run the car for at least five minutes to reboot the MyFord Touch system. Owners have complained that this is extremely inconvenient, even dangerous in many situations, and should not be required of owners who have paid tens-of-thousands of dollars for their new cars."

        As mentioned in many other places, the User Interface software (Which is the crappy part) was written in Flash by a company called BSQUARED, and is pretty much unrelated to the Windows CE underpinning supplied by Microsoft, or the rest of the car designed by Ford...

        But hey, when has the truth ever stopped any Microsoft bashing around here?

      • "For new car owners whose MyFord Touch systems crash, both Ford dealerships and Ford-sponsored websites have been recommending that owners disconnect the black (negative) lead to the battery for several minutes, reconnect, then run the car for at least five minutes to reboot the MyFord Touch system

        As much as it chagrins me to jump to the defense of either company, I can tell you from professional experience that pulling the negative cable for 3-5 minutes has been a valid diagnostic tool/repair ever since they started putting computers in cars.

        Owners have complained that this is extremely inconvenient, even dangerous in many situations, and should not be required of owners who have paid tens-of-thousands of dollars for their new cars.

        No more dangerous than your typical 16-year-old.

        Idiot car owners are a lot like idiot users: They don't understand thing 1 about the system they're using, but they won't hesitate to jump your ass and bitch endlessly the first time it does something they don't

        • by Compaqt (1758360) on Friday March 09, 2012 @05:31AM (#39298829) Homepage

          Why should car owners have to understand anything (I'm not talking about the need to change the oil or keep up the tire pressure).

          Why should they have to understand the "need" for a reboot?

          Rebooting may well be a valid diagnostic technique, but it doesn't make it any more acceptable for the car manufacturer. Their anger was not directed at you as a mechanic. Their anger is directed toward the maker who can't get a car to run in the 21st century without "crashing".

    • by afidel (530433) on Thursday March 08, 2012 @06:20PM (#39294399)
      It's not Microsoft's fault. The OS is fine (Sync never had anywhere near the problems that Touch has had). The problem is the Flash based UI designed by outsourcing firm BSQUARE that was the major problem for Touch.
  • Okay, now I'll just wait for the cyanogen mod to be available for Sync before buying a Ford. I wonder how binary those firmware updates are . . .
  • is the next target for viruses.
    But this time the machine to crash won't be your PC.

  • From TFS: "Ford encourages users to have a...."

    Just cant get my mind around that yet. So now car companies will be referring to their customers as users instead of drivers. fun times ahead.

    • Just wait until they figure out they can tie use of all advanced features of the entertainment system to an account that they control.

      And require a fee to activate a car on your account.

      Same kind of bullshit they do with on-disc "DLC" or online play activation codes for the used video game market.

      Don't want to pay? Have fun with nothing but AM/FM radio.

      "But customers won't accept that!"

      Sure they will--just make the awesome entertainment system package free in new cars. Small cost to the manufacturer up fr

  • No way! (Score:4, Insightful)

    by miffo.swe (547642) <daniel.hedblom@P ... om minus painter> on Thursday March 08, 2012 @05:51PM (#39293981) Homepage Journal

    There is no friggin way i would let Microsoft anywhere near my car. They have a much too bad track record for that. This is something that makes me take two large steps away from any Ford car. I was entertaining getting a Ford but after having read this, no way in hell.

  • by Thelasko (1196535) on Thursday March 08, 2012 @05:56PM (#39294075) Journal
    Whoa guys! Ford has been allowing end user firmware upgrades since the SYNC system was rolled out. The salesman even told me how to do it when we bought my wife's car two years ago. I've even done it myself through the Ford website. [ford.com] Also note, that this upgrade does not change the ECU, only the SYNC system. Also note, that this mass USB stick mailing is for MyFordTouch, [ford.com] not SYNC (MyFordTouch is built on top of the SYNC system, but includes a touchscreen, and are commonly confused).

    In summary:
    User firmware upgrades !new
    User firmware upgrades !experimental
    Mass USB mailings !SYNC
    The only thing experimental is the mass mailing of USB sticks.
    • I have been doing user firmware and operating system / feature / Gracenote updates on my Mopar "MyGig/UConnect" infotainment system since 2008.

      I download a CD/DVD image, burn it, put it in my van and it reboots, installs/upgrades, then I am good to go.

      The only thing owners can't do (easily) is update the Navteq maps because they (Mopar) want like $200 for that (hello smartphone!).

  • . . . can we update and patch them as well?

    Mechanic: "I'm sorry, sir, but I need to replace the brick behind the wheel of your car to fix it . . . "

  • by Cro Magnon (467622) on Thursday March 08, 2012 @06:05PM (#39294171) Homepage Journal

    Either one is highly vulnerable to bad drivers.

  • When a vulnerability remains unpatched on your desktop or laptop OS, malware and viruses can cripple your computer and prevent you from using it to get online or do work.

    When a firmware update remains unpatched on your wireless-enabled car OS, someone breaks into your WAP/router at home, runs an attack on your car's firmware, and the next time you turn the car over the fuel/air mixture is so rich that the vehicle bursts into flames.

    Which is worse to you?

  • Circa the mid-nineties... the media was gushing over the latest trend, how great it was going to be, and how it was going to solve our update problems. One example would be this piece by Brian Livingston [google.com]. In the wondrous world of the future, "the user does little or no work, other than clicking a menu button to start the upgrade process. Sometimes not even that is necessary. The software dials up[sic] the vendor's BBS or the World Wide Web site automatically installs any components that are newer than the t

  • Do you know how to update the bluetooth drivers on a high end Kenwood head unit? The only way to do it is via Bluetooth. So if your BT isn't working correctly, you should have it connect to a bluetooth device and do an update. Update not work and your BT is no longer operational? Just update it by connecting to the...oh shit.

    I haven't had it fail, but damn it just seems ripe for problems. Of course, it's Kenwood, so nothing really works well.

  • I am very concerned about stability, as a matter of fact I dedicate myself to not crashing my vehicles. Installing Windows on my vehicle is an incredibly counter intuitive when it comes to achieving that goal. I would be like putting bricks and eggs in the same shipping container to protect the eggs from outside dangers.

  • I leave my car parked, top-down. Someone walks by, installs a patch that disables my brakes. So who's at fault? Me for not protecting my car, mazda for not key-protecting the upgrade system, the mazda software team for not password-protecting the upgrade system, or the someone who walked by and just plugged something in? Didn't steal anything, didn't take anything, didn't directly damage anything, just plugged a usb into a slot -- maybe not even his own usb. maybe it was my usb with an experimental pat

  • I think I read a similar story about Ford doing this and it's old fucking news. I have a 2008 Dodge Charger I'be been updating the Mygig software on since I bought it. Comes in the mail as a DVD or I can download an ISO from a fan site.
  • by brusk (135896) on Thursday March 08, 2012 @09:09PM (#39296221)
    ...will Brits have to retrunk them?
  • They're gotten to be almost as bad as Toyota, Honda, VW and MB.

  • With an 802.x wireless interface Ford could assume that people's home wireless network reaches their car or garage. Park within range and call up the in-car menu to start the update (and don't stall out!).

    And if it doesn't reach or if you don't have access to a parking place near your coffee shop that has free wi-fi, drive over to your Ford dealer and use theirs (or they can patch you when you go for service).

    I wish I had 802.x access to my car to update my music drive.

Any sufficiently advanced technology is indistinguishable from a rigged demo. - Andy Finkel, computer guy

Working...