Those Pesky Software Updates Now Coming to a Car Near You

Could Your Car Be Hacked?
  • Over-the-air downloads make boosted security a must-have
  • Hackers target vehicles as they become connected, add software

You hate them on your phone and dread them on your computer -- now, those pesky software updates are coming to your car.

Carmakers led by Tesla Motors Inc. are pushing over-the-air Wi-Fi and 3G or 4G wireless downloads to add functions such as self-parking and to upgrade performances of their vehicles. It’s prompting suppliers like NXP Semiconductors NV, Ericsson AB and Gemalto NV to celebrate as car builders fight to keep hackers out.

“As soon as you connect anything to the Internet, there’s a hacking risk,” said Jonathan Olsson, a security expert at Ericsson, which sells wireless networks to clients from mobile carriers to carmakers like Volvo AB. “We protect the software that’s sent to a vehicle and make sure it hasn’t been tampered with, while policing who connects to the car.”

Tesla this month rolled out new software that will let its Model S and Model X electric sedans park in a garage or in perpendicular spaces without a driver behind the wheel. The average update takes 45 minutes. It’s typically aimed at boosting anything from engine performance to the car’s speed and electric battery usage.

200 Million Lines of Code

As software gains ground and controls additional features in vehicles, such as self-driving capabilities or integrating with services like Spotify, cars will require regular updates, just like Apple Inc. pushed modifications to its iPhone software about 10 times last year. Many updates will be aimed at fixing software bugs -- there are typically 200 million lines of code in a car, which means it’s unlikely to be bug-proof from day one, Ericsson’s Olsson said.

The learning curve has proved messy for some carmakers so far, spurring demand for expert suppliers. Toyota Motor Corp., the world’s largest automaker, in 2014 had to recall more than half of the Prius vehicles ever sold to fix a software bug that could slow down or bring the car to a halt.

“The car is being converted into a self-driving robot,” said Lars Reger, chief technology officer of chipmaker NXP’s automotive division. “Because of that, software is becoming far more important than it was 10 years ago.” NXP’s chips can be found in cars from manufacturers including Tesla, Audi, BMW and Mercedes.

The practice of updating a car’s software is due to grow at least tenfold in the coming six years as vehicles become increasingly connected, researcher IHS Automotive forecast in a report. About 4.6 million cars got over-the-air updates for telematics applications last year, compared to 43 million units expected worldwide by 2022, it said. Maps, infotainment and core auto functions will also spur updates, IHS said.

Flawed Older Models

It’s inevitable that carmakers will go through the same motions as banks or retailers did in the past years, bulking up their security spending to avoid breaches that would hurt consumer confidence, said Olivier Piou, CEO of cybersecurity company Gemalto, which has Audi among its customers. “Companies who have a reputation to protect can’t afford not to think about security,” Piou said.

There will be 150 million connected cars circulating globally in 2016 and more than 800 million by 2023, according to predictions by Analysis Mason.

As software innovation continues to evolve quickly around a network of connected objects, from refrigerators to drones, how long carmakers can upkeep older vehicles will be key in avoiding future threats from hackers and cybercriminals. Lessons from the computer software world show Microsoft Corp. had to extend support for its Windows XP operating system, including security patches, beyond the initially projected 10-year mark because too many people were still using the old software.

“Some carmakers are ahead of others” already, said Jerome Robert, chief marketing officer at Lexsi, a security company that banks to governments hire to attack their systems in order to help identify vulnerabilities. “Security is as good as it gets in recent all-electric models, but in older cars, the ones with electronics here and there, it’s not great.”

For suppliers, competition is tough. Software for cars is attracting resources from companies as varied as Google Inc. and Jerusalem-based Mobileye NV. Ericsson says it can transpose decades of developing network-security technology for mobile carriers. Meanwhile, NXP and Gemalto have built a reputation by helping secure banking transactions, mobile phones and electronic passports.

(In a previous version of this story, the spelling of Olsson’s name was corrected.)

Before it's here, it's on the Bloomberg Terminal. LEARN MORE