The Path to the Future of Connected Cars: Over the Air and Through the Phone
<The Path to the Future of Connected Cars: Over the Air and Through the Phone>
Thanks to the proliferation of mobile phones, connected consumer electronics devices and cloud-based software, consumers have come to expect automatic, seamless over-the-air (OTA) updates that don’t disrupt their device usage. As today’s cars become more and more technologically advanced, rolling off the line with up to 100 computers and millions of lines of code, it is now possible to update vehicles the same way we update our phones. For car makers, the ability to push out OTA updates to their customers decreases maintenance, saves money by reducing recalls and increases customer satisfaction. Despite these advantages, most cars on the road today don’t yet have this capability, and drivers who want to update their automotive software have to either bring their vehicle into the dealership or download software to a thumb drive. The high-end models (led by Tesla) that do come with OTA capabilities use built-in modems, adding hardware and on-going cellular data expense to the vehicle. While it may seem that the majority of drivers on the road will miss out on seamless OTA updates in the short-term unless they upgrade to the latest and greatest luxury sedan, there is in fact a simple and elegant solution that doesn’t require a built-in device, a solution that every driver already carries around in their hand everyday: the ubiquitous and versatile smartphone.
<A Modem in Every Car?>
Before examining how auto makers can leverage smartphones for OTA updates, it is worth exploring the modem solution a little further. Though in-car modems have been slow to roll-out across the industry, many predict that it’s just a matter of time. Assuming that is true, simply installing a modem in the car doesn’t solve the problem. For one thing, a data plan of some sort is required to make that modem useful, and somebody must pay for that. Will oversubscribed, tech-fatigued consumers really welcome yet another monthly cost when they already have a powerful, always-on device in their pocket? Surely some automakers will offer a free tier of connectivity that can be used for OTA updates, but that pipe would likely be narrow, allowing essential updates but not larger files and databases that could improve the telematics experience.
Additionally, the modem itself risks obsolescence as cellular technology evolves over the life of the car. Today’s sparkling and shiny 4G modem will quickly lose its luster when 5G becomes the new standard, not to mention 6G and 7G and on and on ad infinitum. So, while there are obvious advantages to the in-car modem solution, there are no shortage of drawbacks as well.
<Phone to the Rescue>
Alternatively, OTA updates can be enabled today using smartphones that drivers already own, leveraging existing data plans that will incur no additional costs. Most new vehicles already support some form of smartphone connectivity solution (e.g. Bluetooth, CarPlay, Android Auto, SDL, WebLink, etc.) and that capability can easily be extended to deliver OTA updates.
Digging a little deeper, OTA updates via smartphone can work in one of two modes:
In this mode, the head-unit connects to the secure OTA cloud to download the latest firmware. The phone acts as an internet gateway that forwards data traffic to and from the head-unit and the internet. Essentially, the phone turns into an external modem that the user brings into the car every time they use the vehicle.
This mode has few disadvantages:
- Downloading large amounts of data can quickly use up the smartphone data plan. This might be not be the case for small files, but large files like on-board map databases can be very large. This can be mitigated using the Store and Forward mode described below.
- When the car is moving the phone might not have predictable connectivity and could be cutting in and out of coverage. The same problem exists with the built-in modem, but with the phone as “brought-in modem” the problem is exacerbated by the fact that the user essentially disconnects from the system when leaving the car, interrupting the connection and delaying the download of larger files.
<Store and Forward>
In this mode, the user is given an option to download the firmware files to the phone first using their home WiFi network, saving valuable data. Then, when the user enters the vehicle, the firmware files are downloaded to the head-unit quickly and seamlessly.
The Store and Forward approach requires a companion application running on the phone and typically provides notifications to prompt the user when a firmware is available. That additional communication channel is beneficial to the automaker, as it creates another platform to interact with the car owner to promote additional services and strengthen the connection to the brand.
While the Store and Forward approach has some clear advantages, problems arise when it comes to security. As many industry experts have observed, today’s computerized vehicles are becoming attractive targets for hackers. While this vulnerability makes an even stronger argument for OTA update capabilities in the long-run, giving automakers the ability to react quickly to any threats, it does create some problems for the Store and Forward mode. A smartphone based OTA channel can open the car up to additional hacks, and if a hacker injects malicious code in the firmware update file and then this code gets installed in the car, the entire vehicle could be compromised.
Existing in-vehicle systems do have a mechanism to check the integrity and validity of a firmware file using asymmetric keys, digital signatures and other industry standard practices. However, for a completely disconnected systems or systems with delayed connection (e.g. Store and Forward only mode) there is a risk of a hacker tampering with the firmware in a way the in-vehicle system may not be able to detect. For added security, the vehicle should be able to check the integrity of downloaded software in real-time with the OTA back-end, then acquire special decryption keys and validate their authenticity. This can be done via the smartphone (when it plays a direct gateway role) by opening a secure end-to-end connection to the OTA cloud.
Given those security concerns, the best approach to smartphone based OTA updates should use Store and Forward mode for the actual files while Direct Gateway should be used by the head-unit to check the integrity of the firmware before it is installed. The direct connection can also be used to report the results of the firmware installation to the OTA cloud.
That is precisely the approach taken by SmartLink, Abalta’s smartphone connectivity solution for in-vehicle systems that supports OTA updates via the user’s smartphone. By using both Store and Forward and Direct Gatewaymodes, SmartLink allows the head-unit to establish a secure connection to the cloud. Even if the phone is hacked, the communication is encrypted and never exposed on the phone side.
SmartLink works with multiple transport mechanisms, such as Bluetooth (SPP), USB or WiFi. It will switch between the available modes and can be configured to prefer the fastest mode possible. For example, when the driver goes into the car, SmartLink might initially connect to the head-unit over Bluetooth, and any available firmware files will start downloading to the head-unit immediately. If the driver then plugs the phone into the USB port, SmartLink will switch to the faster channel and the transfer will continue over USB. If the user then unplugs the phone, SmartLink will switch back to Bluetooth.
Furthermore, if the update is large and cannot be completed in one session, SmartLink supports interruptible transfers. It will continue downloading the files from the point where the last download stopped and will check the file integrity at the end. This way a large firmware file can be downloaded from the phone to the head-unit in multiple sessions, completely transparent to the end-user.
Given the relatively small number of cars with built-in modems and the potential challenges of that model going forward, it seems clear that the common smartphone is the best option for valuable OTA updates, at least for the foreseeable future. While the smartphone approach comes with its own share of challenges, an intelligent combination of different approaches can address those concerns while opening up a new communication channel between automaker and car owner. And everybody knows the quickest way to the heart these days is through an app on the home screen.