What Are Over-the-Air (OTA) Car Updates and Why Are They Important to Security?

Just like how IT software and operating systems receive regular updates from their vendors, vehicles receive software updates from their manufacturers. Software updates are an integral part of the overall user experience as they contain important feature enhancements and crucial security patches. Traditionally, software updates are performed in person at service centers. But as cars become increasingly connected today, OEMs are trying a new approach by sending and installing software updates over the air (the Internet) to the cars directly—the same way that smartphones and computers receive updates. Such software updates are called Over-the-Air (OTA) Car Updates.

The Software-Oriented Car: Skyrocketing Software Compliants and Recalls

Many car owners tend to believe that software only exists in a car’s infotainment system and thus downplay the importance of software maintenance. This might have been the case a few decades ago, but a modern vehicle today contains many more software components than it seems. With more than a hundred electronic control units (ECU) equipped in an average car, almost every function is either controlled or monitored by software. For instance, ECUs are built into the powertrain to run features like advanced driver-assistance systems (ADAS) and to monitor turning angles and road conditions to allow for on-demand all-wheel drive and traction control.

Having more software means more software issues. In the mid-2010s, OEMs saw a drastic increase in the number of emergency recalls with regards to software flaws and errors, with the percentage of software-related recalls reaching 46% in 2016. Timely recall is especially important for software parts that are crucial to safety. For example, Mercedes-Benz USA recalled 41,838 of its SUVs in the North American market in early 2021 due to a software error in its Electronic Stability Program, a feature that applies a twisting force to one of the car’s front wheels so that the car pulls itself towards the turning direction during sharp turns to maintain stability and comfort. Clearly, a malfunction in this feature could lead to an unexpected twisting force and potentially cause crashes.

The Growing Importance of OTA Car Updates

Even without major flaws or errors, both hardware and software components need to be maintained and updated regularly during a car’s lifespan. Normally, car owners visit the service center at least once a year to get their scheduled hardware maintenance and software updates. However, as software features become increasingly sophisticated, more frequent updates are required. Having to install software updates at service centers is not only inconvenient for the owners, but also highly costly for the OEMs due to the tremendous labour needed. Additionally, many car owners neglect software updates altogether and put themselves in the danger of outdated software that is not just slow and inefficient, but also prone to cyberattacks.

OTA car updates solve all the above problems by eliminating the need for software-related recalls and make software updates easy and seamless. OEMs simply send the updates and patches over the internet so that the cars can download and install them on their own.

OTA car updates are commonly applied to two major types of systems within a vehicle: drive control and infotainment. Updates in drive control systems include feature upgrades and security patches related to the ADAS, powertrain, and chassis. Updates in the infotainment system include map updates and application enhancements. Even though the infotainment system does not directly affect driving, it is still a crucial component that must be updated and secured as it contains sensitive personal data.

Another important role of OTA updates is that they keep vehicles from depreciating. Since modern vehicles are essentially computers on wheels, they depreciate much faster than conventional vehicles. Without regular updates, software-enabled features can deteriorate and become slow and unusable after a few years. OTA updates prevent this from happening and keep the onboard experience new and fresh.

How Do OTA Updates Work?

To enable OTA updates, cars must be equipped with a telematics control unit (TCU), which is a piece of hardware that contains a mobile communication interface (e.g., LTE, 5G) and a memory to store driving and vehicle data. The TCU must also be able to recover data in case if an update needs to be removed. Whenever an update is available, the OEM delivers the software package to its vehicles from a cloud-based server.

The first OEM to successfully perform OTA updates was Tesla. Other manufacturers like GM and Ford quickly followed. Being able to deliver OTA updates is especially crucial for electric vehicle manufacturers because it allows them to introduce their vehicles to the market as early as possible to gain an early advantage, while working on quality assurance and improvements after they are sold.

How Secure Are OTA Updates?

We now know that OTA updates are essential to keeping vehicle software up-to-date and secure, but the next question to consider is—are OTA updates secure? Giving vehicles wireless internet connectivity has a lot of benefits, but also creates a new world of opportunities for hackers. Attackers could attempt to corrupt the software update kits with malware and enter the vehicle system to steal personal data or even take physical control.

To prevent this risk, not only must OEMs make sure that their vehicle connections are secured, but more and more regulatory bodies are mandating vehicular cybersecurity. Recent releases of the WP.29 regulation now require cybersecurity type approval for all new connected vehicles.

To fill in this gap, AutoCrypt IVS provides an in-vehicle security solution that protects the vehicle’s internal systems from cyber threats, enabling secure communication between the vehicle’s onboard units and the cloud. With AutoCrypt IVS, both OEMs and car owners can rest assured that their OTA updates are original and protected. Apart from blocking malicious traffic from entering the vehicle, it constantly monitors communications within the vehicle for any abnormal activities.

To stay informed with the latest news on mobility tech and automotive cybersecurity, subscribe to AUTOCRYPT’s monthly newsletter.

Related Articles