Modern Cars Are An Intelligent Nightmare
The modern car is a marvel of intelligence, design, and flash features; is modern manufacturing all that it seems?
The software industry holds a great many trade secrets. Not least of which is that so many of the systems, programs, and mobile apps we depend on in everyday life look like a fragile mess of bad practice and worse code under the hood.
Building complex, robust, and secure software packages is a difficult, time-consuming business and commercial software is ludicrously expensive as a result. Programmers are lazy, product managers are demanding, testing is expensive, and deadlines are tight. Worse still, software—when working at its best—is often invisible.
Going cheap on computer code is easy. You can't advertise that your product is going to do what it's supposed to; who makes a sale by promising the bare minimum? Even if the bare minimum is what many packages fail to reach.
There are large parts of commercial software that does things the customer will never even see. When deadlines come to the crunch and budget is getting tight these features, such as security and reliability, are often the first parts to be left on the drawing board. After-all, with a bit of luck and enough glittery features who will even know the difference?
No industry is isolated from cutting costs and maximising profits. In the automotive world this typically means excluding luxury trim and small features; in software, it first means missing out tests and relaxing a little on security. Even the most profitable software productions on the planet, AAA computer games, are broken, filled with unintended bugs, and in need of drastic last-minute repair on the day of release.
In-car software from major manufacturers, even when it works, has rarely ever been good. Automotive companies have historically preferred to sink budgets into tactile and quality improvements such as sound dampening, fabrics, and leathers before the vehicle's interface. On-board systems have been something of an afterthought since they started creeping into cars bit by bit.
Photo by Kenny Luo on Unsplash
A conflict between the physical and the digital can only last so long in any industry. Drivers today are so much more tech-savvy than they were two decades ago. They now expect, at the very minimum, a standard of software which is at least comparable between their £20,000 car to their £400 smartphone.
These overly reasonable demands appear to be creating major issues for cash-strapped carmakers. The vast expense of on-board software in these complex machines is creating major headaches in a field where the price of failure is unacceptably high.
Inside the brand new car, there's an ever-growing array of onboard radios to power Bluetooth, Wi-Fi, mobile data, remote entry, emergency assistance, and any number of new ways to communicate with the vehicle. Every single one adds yet more ways for attackers with ill-intent to access your car.
Not only are new ways to get in being added every year, but the number of systems and controls operated by computer are growing at similar rates too. The car is no longer just a luxury go-kart, it's now a semi-intelligent machine capable of sensing its environment and reacting to it without user input.
In an ideal world, the rise of ever more capable onboard systems and ever more capable driver assistance would be entirely separated. If we know anything at all from previous driving experience, it's that the automotive software world is far from ideal.
Security researchers Charlie Miller and Chris Valasek showed in their analysis of 2014 model vehicles that a little less than half of the vehicles studied connected safety-critical mechanisms to readily exploitable systems.
Parts of the car the average consumer might expect to be separated entirely were readily accessible to the vehicle's onboard network. The same corner-cutting engineering which built unusable menus and unstable features is creating something which can become genuinely life-threatening further down the line.
Of course, adding more features doesn't necessarily mean adding more failure and less reliability. There are entire industries centred around creating software which is secure, reliable, and does exactly what it has do. It runs aircraft, controls medical devices, space rockets, weapons and power plants too.
Safety-critical software is built to internationally recognised standards that guarantee rates of failure to be so acceptably low as to be non-existent. It's already present in vehicle's today. Some parts, such as ABS, are safety-critical and computer controlled. The reason it doesn't spread further afield? It's unbelievably expensive.
A system which meets design integrity levels can easily cost 10x more than one which 'only' passes every test you can throw at it. To apply the same level across every component of the car is not only time, consuming and expensive. It's impossible.
Drivers today demand interconnected devices, remote access, intelligent adjustments, and all the other modern bells and whistles that have become part of driving. Many of these systems simply can't be built to be perfectly safe while retaining the functionality which makes them worthwhile.
So while the brakes themselves may be utterly fail-safe and guaranteed to work, they're massively undermined by hackers which can connect to them as if they're Bluetooth devices.
Research papers as early as 2010 showed hackers could gain control of a car's brakes, throttle, and steering with a few inexpensive parts and a laptop computer. Researchers demonstrated that they could crash a car on-demand due to lax to non-existent security on several brands of car.
Further work since has shown the same kind of attacks are possible remotely by connecting at a distance using the inbuilt radios and dashboard entertainment systems which make it even easier than ever before.
The issues researchers have managed to exploit is primarily one of poor architecture and awful design. The mode of thinking car manufacturers seem to love, the kind which saves twenty cents on plastic trim, is problematic when it comes to software.
Good software is made more affordable by building it well (and expensively) once, testing to within an inch of its life and reusing it until both consumers and programmers can't stand it anymore.
It's a model which just doesn't seem to fit the automotive world. Carmakers appear to favour the new and the flash, more bells and whistles than the competitor's dash. Even if the true cost is unacceptably high.
Many don't even share the same internal systems through every car in their own range. While mechanical components in new models are often shared hand me downs from past productions, software architecture and design looks to be the same work done over and over again for no practical purpose.
While assembly line manufacturing is more than a century old, software production at the modern scale is brand new in comparison. The time it takes to make it just as efficient and just as effective is going to come with an uncomfortable price tag.
Past experience of smartphones, online systems, and social networks shows that consumers don't exactly value tight security and reliable systems either. It wouldn't take a great many public failures or high-profile incidents for things to change though. Toyota and more recently Tesla have both flirted too close to just such media incidents.
It's far from every modern car which suffers from the issues described. Some carmakers have been shown to employ excellent design standards and sensible security protocols in at least some of their vehicles. At a bare minimum, they segregate entertainment systems from the sensor and control systems. It's not a universal problem, even within one single brand, but it's also far more common than you might reasonably expect.
The inconsistency which leads you to wonder whether your car is in the list of problematic vehicles is precisely one of the industry's most major issues. The modern car is a black box of mysterious functionality and interconnected systems affecting everything from the radio station to high-speed car control.
Driving a brand new car is an exercise in trust as much as anything else. Part of the driving experience is putting your faith in designers and architects building a system which is, hopefully, roughly in-line with what a driver expects.
Auto braking, lane assist, speed controls, and auto-pilot systems act semi-autonomously in the background meaning you never know precisely what the machine is 'thinking' at any given point in time.
Illuminated Decision Making
Machines have evolved into an age where they can make decisions of their own. Decisions which may or may not be entirely sound. The best we can do is watch what happened and guess about what the simple machine got stuck on, tripped up over, or spotted well ahead of us.
In software, this type of decision making or device is a black box. You know the input, observe the output, but what goes on in-between is anyone's guess. It's an acceptable way to run a dating app or computer game AI, but a bizarre way to construct a car.
Photo by DAVID COHEN on Unsplash
One of the crowning features of the car industry is the development of rating systems which put scores on, and regulate, every aspect of a car's mechanical safety. It's never been easier to find out precisely how your car crumples, rolls, crashes, and falls apart mid-way through an accident. You can probably watch it online too, if you'd like. But you can find little, if anything, about the invisible systems in constant operation every day leading up to the crash.
There's no rating system which tells you how reliable a car's computers are, how dependable its software, or how maintainable its sensors. There are no stars awarded for how many times out of 100 a car is capable of avoiding an accident. Or how many times it causes one. There's nothing at all which rates, evaluates, or puts a score on the brains of a car. Yet, at this point, new cars seem to be equal parts computer wizardry as mechanical construction.
If things have changed since initial security studies in 2010, and they may well have, there's little evidence to suggest it so far. Follow up studies in 2015 showed that security measures to prevent unauthorised access were still highly inconsistent and haphazard across various manufacturers.
Carmakers, despite being capable of compiling detailed metrics on driving history, location, economy, mileage, use, style, and driving time; often claim a complete inability to view, learn from, or act on known incidents of automotive hacking.
Researches in 2015 published a rough rundown of several dozen cars they could get their hands on to evaluate. An effort which needs consistent funding, standards, regulations, and regular publication to have any noticeable impact at all.
It would be a great shame if such features were only established in the aftermath of a major incident or series of high-profile failures.
If your new car has an impressive collection of abilities, features, and intelligence you'd be well within your rights to have many questions about how they operate. When is the auto-braking liable to fail? Do the radars falter at speed? When does lane-assist no longer work to keep me on the road? How easy is it for hackers to gain control with a simply executed and well-published Bluetooth attack?
For the time being, we're stuck in the dark.