Ensuring the Most Relevant In-vehicle Software Functionality through OTA Updates
August 13, 2020
Over-the-air updates (OTA) are a reliable, convenient and secure way to update vehicle software. Having administered updates to more than 35 million vehicles on the road today, HARMAN leads this space, allowing OEMs and Tier-1 suppliers to adapt to an evolving market landscape by securely managing all in-vehicle software components anywhere and at any time–whether on the production line, at dealer lots or in car owners’ driveways.
Hadas Topor Cohen, Senior Director, Head of Products & Business Development, OTA & Cybersecurity at HARMAN, leads a team of experts focused on ensuring the most relevant in-vehicle software functionality for customers. Here Hadas answers questions she’s commonly asked about OTA updates.
What is automotive OTA and why is it needed? How does HARMAN OTA compare to other industry solutions?
Hadas: According to the GSMA (an industry organization that represents the interests of mobile network operators worldwide), all new cars will be connected by 2025 and will have a growing number of in-vehicle systems that are dependent on software. On average, there are more than 100 ECUs in a vehicle and more than 100 million lines of code. Additionally, there is an inherent complexity in the automotive supply chain, with lack of visibility to third-party source code, software bugs, and vulnerabilities. HARMAN OTA is the industry-leading solution for managing full-vehicle software and keeping it up-to-date despite all of this complexity.
How long does it usually take to update a vehicle over-the-air?
Hadas: The OTA update time varies and is dependent on several factors, some of which include:
- Update size; if an in-vehicle network is slow, transmitting the full update to the ECU can prolong the update time
- How many ECUs are being updated at the same time
- Which part of the update process requires downtime of the vehicle
- Type of ECU; with dual partition or without
- Capabilities of the vehicle end-to-end architecture and OTA system to parallelize the update
In your opinion, how do you optimize the OTA update process?
Hadas: To improve the update time and provide a good user experience, OEMs can use advanced OTA capabilities, such as:
- Smart Delta updates to reduce the time to transfer the update package to the vehicle, and to the ECU, and reduce the re-flash time on the ECU
- Parallel installation can be used to reduce the overall time of the update
- Using a dual partition ECU can reduce the downtime as well
If new faults/errors occur after a vehicle OTA update, it can lead to customer dissatisfaction. Why do faults occur at this stage? How does HARMAN deal with it?
Hadas: When new faults are introduced after a successful OTA update, it might disappoint and confuse the customer. HARMAN OTA allows the OEM to execute a validity check after every update to verify that it was applied correctly in the vehicle and ran as expected. In case this fails, HARMAN OTA will initiate rollback to the relevant software to its previous version. This post-update check helps the OEM maintain the vehicle in a safe and functioning state after each update. The customer will be notified about next steps immediately when this occurs.
When implementing an OTA rollback, how is the HARMAN solution optimized towards energy consumption and/or update duration for both, BEVs (battery electric vehicles) and ICEs (internal combustion engine vehicles)?
Hadas: HARMAN optimizes the update to prevent excessive energy consumption by:
- Using a Smart Delta update that, given its size, shortens the download time to the vehicle, distribution within the vehicle, and its installation time overall
- Having a “rule engine” capability that allows condition checks in various places within the flow, allowing detection/decision making and continuous monitoring of problems, such as battery level monitoring
- Having a client that consumes very low resources, and by default it is in the “idle state”
- Allowing parallel installation of multiple ECUs also reduces energy consumption
What is the maximum software volume (embedded ECUs & double bank ECUs) that can be handled by HARMAN OTA?
Hadas: Limitations are usually raised by the platform (such as storage limitations, OS limitations) and not by the OTA process itself. Therefore, it all depends on the vehicle(s) that are being updated. Currently we have OEMs that updating up to 50 ECUs in the same vehicle.
One of the biggest concerns today is cybersecurity or protecting your personal and vehicle information. How can you guarantee information security when doing remote vehicle updates by OTA? What is HARMAN’s solution strategy?
Hadas: Security is one of the fundamental requirements to safe and secure OTA. OEMs must verify their OTA updates are secure. HARMAN secures its OTA process starting from the design phase and coding standards and static and dynamic code analysis all based on SSDLC. In addition, we execute threat analysis on OTA processes and develop a mechanism to secure the process end-to-end, from uploading the new software version to the server until it is downloaded and re-flashed on the ECU and reports back the status of the update to the vehicle. To verify all mechanisms developed as designed, we run penetration tests by external experts to verify that the solution is as secure as we expect it to be. OTA updates are critical to the OEM and act as security remediation tool and therefore must be secured.
Why should companies choose to work with HARMAN for OTA updates?
Hadas: There are many reasons to use HARMAN for OTA updates. I will mention the top reasons. HARMAN OTA is a trusted solution and is being used by more than 40 global vehicle manufacturers and it is already deployed on 38 million vehicles worldwide. Additionally, HARMAN is contracted to update 350 million vehicles worldwide in the years to come. HARMAN OTA is Automotive Grade A-Spice Level 3 certified and we belong to many standards bodies that focus on OTA in the automotive industry such as:
- UPTANE – active member, participate in working groups
- OMA-DM – active member
- GENIVI – active member
- AUTO ISAC – active member
- ISO24089 - Road vehicles — active member, software update engineering
- ISO/TC 22/SC 32 — active member in Technical Committee: Electrical and electronic components and general system aspects (WG 12)
Additionally, HARMAN (formerly Red Bend) has been delivering OTA solutions since 1999 meaning we are the longest standing provider of OTA services in the automotive industry. We have gained the trust of our customers by providing a reliable solution through the years.