The IT Nerd

These days many cars allow you to access all sorts of information remotely and even do things like unlock doors and flash the lights. You might even be able to find its location on a map. That all sounds cool. But what happens to that access when you sell the car. Well, if you have a VW, you may still have access based on this article in The Verge:

Last December, Ashley Sehatti sold her 2015 Jetta back to a local Volkswagen dealership in California. So when the calendar turned over, she didn’t understand why she was still getting sent monthly reports about the car’s health. After another one came in April, she finally logged on to VW’s online portal for Car-Net, the telematics system that runs in many of the company’s modern cars.

To her surprise, Sehatti saw the location of her old Jetta on a map, up-to-date mileage, and the status of the car’s locks and lights. It had been resold, and yet she still had access to some of the car’s systems. “There was nothing in place to stop me from accessing the full UI,” she says over email.

That’s kind of disturbing. But when The Verge dug into this, they found that this is what truly is disturbing. It’s up to the customer to disable these services before they sell the car. And that is usually buried in the terms of service…. Which customers never read. That seems to be the case with VW and with other carmakers:

Other automakers that offer telematics services similar to Car-Net, like GM (OnStar) or Volvo (On Call), also tend to put the burden on the customer to disable subscriptions to these services in their terms of service (TOS) agreements. But these automakers also say they have backstops in place that help make sure customers who forget to discontinue these subscriptions (or who, like many, never read the TOS agreements in the first place) don’t retain access to the telematics systems when the car changes hands.

But specifically in the case of VW, if you don’t do this, you’ll be on the hook for anything that happens. At least the other car companies mentioned in The Verge story had some sort of backup plan in case a customer didn’t do this. But these only work if you sell your car back to a dealer. If you sell it privately, all bets are off.

So the take home message is that if you sell your car, you have to treat it like a smartphone that you’re selling on Craigslist. You have wipe the infotainment system before you sell it and disconnect your access to it. Otherwise bad things can happen.

First off, let me explain what AEB is. The acronym AEB stands for Autonomous Emergency Braking. In other words, a car equipped with this system can stop itself if it feels it needs to. Systems like these will be standard in cars by 2022 now that automakers (numbering 20 in total) have signed on:

Automakers making the commitment are Audi, BMW, FCA US LLC, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Kia, Maserati, Mazda, Mercedes-Benz, Mitsubishi Motors, Nissan, Porsche, Subaru, Tesla Motors Inc., Toyota, Volkswagen and Volvo Car USA. The unprecedented commitment means that this important safety technology will be available to more consumers more quickly than would be possible through the regulatory process.

Now this announcement is strictly an agreement, not a rule. But that’s good as this gets AEB into cars way faster than the government forcing carmakers to do it. What’s also interesting is that Consumer Reports has been selected to monitor the deployment of the technology. That’s an interesting use of private resources to monitor a public deal brokered between private companies.

Now my first exposure to AEB was in the Volvo S60 a few years ago. While it was kind of freaky to have a car stop itself while I was driving it, I could see how a system like this could save lives and reduce injuries. Thus I welcome this announcement and I think it will make roads safer when it is fully implemented.

I am old enough to have been required to take auto shop class in school. Back in those days, all you had to focus on is the mechanical aspects of the car. These days that’s not the case as there are a number of computers in a modern car that control everything from the engine, the transmission, as well as keep you safe by running key features such as  traction control and stability control. But recent events had made me wonder if owners need some sort of “Patch Tuesday” to ensure that bugs in those computers are addressed before they become major problems.

Now for those of you who don’t know what “Patch Tuesday” is, it’s the second Tuesday of every month where Microsoft releases security patches to address security issues in their operating systems and applications. They do it this way because they want everybody to have some degree of certainty when it comes to these issues being addressed and get into the habit of patching their software when the patches become available. The car industry doesn’t have anything like this, but there have been a couple of recalls for software issues that makes me think that they do need something like this. The first is the recall of 625,000 Toyota Prius cars because of bugs in the software that runs the hybrid system:

The current software for the motor/generator control and hybrid control ECUs can cause high heat to develop around some transistors and damage them. If this happens, lights on the dashboard would warn drivers. However, in some instances the problem could result in a failure of the hybrid system.

Dealers will upgrade the software for both ECUs to fix the issue, and Toyota will notify owners in the US by mail about scheduling repairs. According to Reuters, there are also 340,000 vehicles in Japan and 160,000 in Europe that need this, as well.

The second is Ford recalling over 400,000 cars because of a software bug that keeps the engines from turning off:

The affected models include some 2015 Focus, C-MAX, and Escape vehicles. If you’re unlucky, turning the ignition key to the off position and removing the key, or pressing the engine stop button, will not actually stop the engine, which will keep running thanks to a flaw in the body control module software.

The final example is Jaguar Land Rover recalling 65,000 vehicles because of a very interesting bug:

Over 65,000 Range Rover and Range Rover Sport SUVs being recalled because of a bug that unlocks car doors without notifying drivers, making the vehicles more prone to break-ins from thieves.

The glitch affects Range Rover and Range Rover Sport vehicles manufactured after 2013.

All of these were in the month of July. That doesn’t count anything that gets “slipped in” during scheduled maintenance at your dealer. In my case, there have been a few occasions where some piece of software has been updated as part of the scheduled maintenance of my car and I only found out about it after the fact when I noticed something amiss such as the radio being reset or the car behaving slightly differently and I called the dealer on it. That implies that bugs are discovered by car companies and they’re either quietly remedied or you get a recall notice if it is serious enough. Thus I believe that the car industry needs to take a page from the software industry and disclose issues in a regular and timely manner regardless of how serious it is or isn’t. But make it clear to the consumer how serious it might be (Example: Critical, Major, Serious, Minor) so that the consumer can decide how to take action. This should be very easy to find and provide full details on the bug and the changes to remedy it (AKA: a change log or release notes) so that all consumers can be properly informed. Car companies should also install these updates at no charge to the consumer and do so upon request. Now, if you want an example of how this sort of thing is done right, take a look at Tesla who not only provides over the air software updates for their cars, but provide full release notes. Clearly they get it and I think it’s time the rest of the car industry gets on that bandwagon as well.  After all, it’s in the car companies interests to make sure that their products are up to date which makes them safer. That in turn, makes us all safer.

Yesterday, I got the opportunity to interview Doug Newcomb who is an Automotive Technology Expert and the Chair and Co-producer of the upcoming Connected Car Conference (C3) at CE Week. The event that brings together relevant stakeholders and thought leaders from all industries involved with development of the connected car.

My first question was about hacking. Specifically, is there a legitimate fear that cars can be hacked and that would be dangerous for drivers. What Newcomb correctly points out is that while there will always be those who can and will hack a car to prove that it can be done, for most this will be nothing to worry about due to the fact that a lot of hackers are driven by a financial incentive. Thus there should be no worries about some hacker from Eastern Europe hacking your car. Having said that, there’s really noting that you can do to protect yourself from anyone who may be inclined to hack your car. At least not at the moment.

The next question revolved around privacy. There have been examples of companies like Tom Tom getting caught selling user data, GM collecting data from owners of OnStar equipped cars that didn’t subscribe to the service, or a Ford exec saying that his company knew when you were breaking the law (and later backtracking on that). Newcomb said that this is a legitimate concern and there needs to be clear privacy policies from car makers that describe what data a car company collects. Usually it’s in the form of some very fine print someplace where most people don’t look or it isn’t readily provided to owners. Car owners should also ask car companies and dealers for this information as well. Finally, they should read the owners manual as this info is likely buried in there some place. In terms of protecting your privacy, Newcomb’s advice is kind of old school. Erase your personal information before you sell the car. That includes the phonebook that your car downloads from your phone or the favourite places in the navigation system for example.

When it comes to security, Newcomb’s cynical journalist side thinks that car companies aren’t doing enough to ensure the security of cars. But the reality is likely that they’re doing just enough to make sure their products are secure. Though it would be nice if we as the general public could get a better idea about that instead of car companies tend to avoid answering the question directly and using the excuse that revealing their security plans would tip off the hackers as to what the are doing.

My final question was about whether there was one car company that was ahead of the rest in terms of making cars part of the Internet of things. The answer from Newcomb was Tesla. The electric car torchbearers can push software updates over the air to address issues on an as needed basis. That included ones to adjust the ride height of the car to address the issue where Teslas would catch fire if they hit an object on the road which would then puncture the battery. If all car companies could do that, many issues could be addressed without requiring the owner to bring the car in for service. What’s likely stopping that from happening is the fact there are laws in the US (and perhaps this would be true of other countries) that prevent an automaker from directly servicing a car without having a local dealer involved.

Clearly the issues surrounding the connected car as ones worth discussing. If you’re in the NYC area on June 24th, you might want to drop into the Connected Car Conference as these along with other topics relating to the connected car are sure to be discussed.