, , ,

Learn datacenter principles from ISO 26262 standards for automotive safety engineering

Automotive ECU (engine control unit)

Automotive ECU (engine control unit)

In my everyday life, I trust that if I make a panic stop, my car’s antilock brake system will work. The hardware, software, and servos will work together to ensure that my wheels don’t lock up—helping me avoid an accident. If that’s not sufficient, I trust that the impact sensors embedded behind the front bumper will fire the airbag actuators with the correct force to protect me from harm, even though they’ve never been tested. I trust that the bolts holding the seat in its proper place won’t shear. I trust the seat belts will hold me tight, and that cargo in the trunk won’t smash through the rear seats into the passenger cabin.

Engineers working on nearly every automobile sold worldwide ensure that their work practices conform to ISO 26262. That standard describes how to manage the functional safety of the electrical and electronic systems in passenger cars. A significant portion of ISO 26262 involves ensuring that software embedded into cars—whether in the emissions system, the antilock braking systems, the security systems, or the entertainment system—is architected, coded, and tested to be as reliable as possible.

I’ve worked with ISO 26262 and related standards on a variety of automotive software security projects. Don’t worry, we’re not going to get into the hairy bits of those standards because unless you are personally designing embedded real-time software for use in automobile components, they don’t really apply. Also, ISO 26262 is focused on the real-world safety of two-ton machines hurtling at 60-plus miles per hour—that is, things that will kill or hurt people if they don’t work as expected.

Instead, here are five IT systems management ideas that are inspired by ISO 26262. We’ll help you ensure your systems are designed to be Reliable, with a capital R, and Safe, with a capital S.

Read the list, and more, in my article for HP Enterprise Insights, “5 lessons for data center pros, inspired by automotive engineering standards.”

,

Flat tire adventures with a Prius: Jacks and donuts spares

“The wheels on the Prius go flop flop flop….”

Sunday’s travels in our trusty 2005 Toyota Prius were marred only by a flat tire. I wish to share two hard-earned bits of wisdom with other Prius owners, and potentially with owners of other front-wheel drive vehicles.

1. Don’t trust the included tire-changing jack.

The crappy screw jack included with the Prius is useless. Literally. With the car on level ground, and with the parking brake set, the jack quickly tilted — and the car fell off the jack. Yes, the jack was set at the correct life point. On a second attempt, the car would have fallen again if we didn’t let it down quickly. In any case, the jack was extremely difficult to turn.

Fortunately, someone gave us a ride to an auto-parts store, where we purchased an inexpensive hydraulic floor jack. That made quick work of the task, and the new jack will live in back of the car from now on. If you have a flimsy screw jack with your car, you may wish to upgrade to something more solid.

2. Don’t put compact spares onto the front.

The flat was the front driver corner. Once the car was jacked up, it only took a few minutes to mount the compact donut spare. However, the car simply wouldn’t drive properly — the vehicle not only pulled to the left, but there were error lights flashing on the screen. Even with the pedal to the metal, the vehicle wouldn’t go over 30 mph, slowing to 15 mph going uphill. Uh oh!

Thinking the problem through, we realized that the donut was throwing off the traction control system (which can’t be switched off with that model year). So we pulled over, swapped the donut to the rear, and put the rear’s full-size wheel/tire on front. (Thank you, hydraulic jack!) The car immediately drove correctly, plenty of pep, no pulling, and no error lights. The lesson: On front-wheel drive cars, always put the donut on the rear, even if that makes the wheel-changing process a bit more complicated.

Note: There is nothing written about optimal placement of the compact spare in the car’s owners manual. So consider yourself advised on both fronts.

The good news is that we made it home just fine. The bad news is the tire has a cracked sidewall. Time to go tire shopping!

, ,

Running old software? It’s dangerous. Update or replace!

The WannaCry (WannaCrypt) malware attack spread through unpatched old software. Old software is the bane of the tech industry. Software vendors hate old software for many reasons. One, of course, is that the old software has vulnerabilities that must be patched. Another is that the support costs for older software keeps going and growing. Plus, of course, newer software has new features that can generate business. Meanwhile, of course, customers running old software aren’t generating much revenue.

Enterprises, too, hate old software. They don’t like the support costs, either, or the security vulnerabilities. However, there are huge costs in licensing and installing new software – which might require training users and IT staff, buying new hardware, updating templates, adjusting integrations, and so-on. Plus, old software has been tested and certified, and better the risk you know than the risk you don’t know. So, they keep using old software.

Think about a family that’s torn between keeping a paid-for 13-year-old car, like my 2004 BMW, instead of leasing a newer, safer, more reliable model. The decision about whether to upgrade or not upgrade is complicated. There’s no good answer, and in case of doubt, the best decision is to simply wait until next year’s budget.

However: What about a family that decides to go car-shopping after paying for a scary breakdown or an unexpectedly large repair bill? Similarly, companies are inspired to upgrade critical software after suffering a data breach or learning about irreparable vulnerabilities in the old code.

WannaCry might be that call to action for some organizations. Take Windows, for example – but let me be quick to stress that this issue isn’t entirely about Microsoft products. Smartphones running old versions of Android or Apple’s iOS, or old Mac laptops that can’t be moved to the latest edition of OS X, are just as vulnerable.

Okay, back to Windows and WannaCry. In its critical March 14, 2017, security update, Microsoft accurately identified a flaw in its Server Message Block (SMB) code that could be exploited; the flaw was disclosed in documents stolen by hackers from the U.S. security agencies. Given the massive severity of that flaw, Microsoft offered patches to old software including Windows Server 2008 and Windows Vista.

It’s important to note that customers who applied those patches were not affected by WannaCry. Microsoft fixed it. Many customers didn’t install the fix because they didn’t know about it, they couldn’t find the IT staff resources, or simply thought this vulnerability was no big deal. Well, some made the wrong bet, and paid for it.

What can you do?

Read more about this in my latest for Zonic News, “Old Software is Bad, Unsafe, Insecure Software.”

,

Flame decals add 20-25 whp to your car’s performance

It has been proven, beyond any doubt whatsoever, that flame decals add 20-25 whp (wheel horsepower) to your vehicle, and of course even more bhp (brake horsepower). I know it’s proven because I read it on the Internet, and everything we read on the Internet is true, not #fakenews. Where did I read it? This incredibly informative blog entry here.

Not sure about the acronyms?

  • whp is wheel horsepower, measured at (duh!) the wheels. It takes into account power lost in the drive train, including the transmission and differential, as well as the alternator, air conditioning compressor, wheel mass, etc. It is measured by spinning the wheels on a dynamometer (dyno). In other words, whp is what matters.
  • bhp is brake horsepower, measured at the engine crankshaft (not at the brakes). The “brake” part of the term refers to the Prony brake, an early device used to measure power output. The bhp value is always higher than the whp value, because it is only measures gross engine output. These days, the bhp value is usually quoted as SAE net horsepower. Knowing bhp allows you to evaluate engines and engine modifications — not whole-vehicle upgrades like performance clutches, underdrive pulleys, light-weight wheels, huge spoilers, and of course, flame decals.

Get yourself some flame decals and feel the burn!

, ,

Advocating for safer things: On the road, in the home, in business, everywhere

Think about alarm systems in cars. By default, many automobiles don’t come with an alarm system installed from the factory. That was for three main reasons: It lowered the base sticker price on the car; created a lucrative up-sell opportunity; and allowed for variations on alarms to suit local regulations.

My old 2004 BMW 3-series convertible (E46), for example, came pre-wired for an alarm. All the dealer had to do, upon request (and payment of $$$) was install a couple of sensors and activate the alarm in the car’s firmware. Voilà! Instant protection. Third-party auto supply houses and garages, too, were delighted that the car didn’t include the alarm, since that made it easier to sell one to worried customers, along with a great deal on a color-changing stereo head unit, megawatt amplifier and earth-shattering sub-woofer.

Let’s move from cars to cybersecurity. The dangers are real, and as an industry, it’s in our best interest to solve this problem, not by sticking our head in the sand, not by selling aftermarket products, but by a two-fold approach: 1) encouraging companies to make more secure products; and 2) encouraging customers to upgrade or replace vulnerable products — even if there’s not a dollar, pound, euro, yen or renminbi of profit in it for us:

  • If you’re a security hardware, software, or service company, the problem of malicious bits traveling over broadband, wireless and the Internet backbone is also not your problem. Rather, it’s an opportunity to sell products. Hurray for one-time sales, double hurray for recurring subscriptions.
  • If you’re a carrier, the argument goes, all you care about is the packets, and the reliability of your network. The service level agreement provided to consumers and enterprises talks about guaranteed bandwidth, up-time availability, and time to recover from failures; it certainly doesn’t promise that devices connected to your service will be free of malware or safe from hacking. Let customers buy firewalls and endpoint protection – and hey, if we offer that as a service, that’s a money-making opportunity.

Read more about this subject in my latest article for Pipeline Magazine, “An Advocate for Safer Things.”

,

A hit-and-run accident — literally

It was our first-ever perp walk! My wife and I were on the way home from a quick grocery errand, and we were witnesses to and first responders to a nasty car crash. A car ran a red light and hit a turning vehicle head-on.

As we pulled over to see if there were injuries, the young driver and passenger in the red-light runner got out of their vehicle… grabbed their backpacks… and ran. I got out our car and shouted at the kids to come back, and also managed to snap some quick cell-phone pictures.

We stayed behind at the accident scene to check out the victim (a nice but shaken woman). We also waited with her until the fire and then police arrived.

Other witnesses followed the perps, who ran into a supermarket and hid in the bathroom, and they called 9-1-1 about it. A few minutes later we learned “They got them!” — and the police officer at the accident scene asked us to drive to the supermarket parking lot and see if we could identify the runners.

So: I sat in the back of a car, and my wife hid behind a tree. The perps were taken one-at-a-time out of a patrol car to see if we could recognize them. The police were very careful to make sure the kids didn’t see us. They were indeed the runners — we could easily confirm that, and they clearly matched the photos on my phone.

After the ID, the police sent us home, with thanks. We’d like to commend Phoenix police and fire for their professionalism.

What a day, and what an adventure. While we hope that the kids had insurance (the woman’s car was totaled), we are especially grateful that nobody was injured, and that justice will be done.

And, I guess, once a first responder, always a first responder.

, ,

Spammers really want to give me a BMW, but aren’t sure of the year or model

bmw-530iMrs. Rachael Adams is back, and still wants to give me a fine Bavarian automobile. But is it a 7-series or a 5-series? Is it a 2015 or 2016 model? Doesn’t matter – it’s a scam. Just like the one a few weeks ago, also from Mrs. Adams, but at least that one was clearer about the vehicle. Hey, it’s the same reg code pin as last time, too. See “A free BMW 7-Series car – and a check for $1.5 million!

All these “you are a winner” lottery emails are scams. Don’t reply to them, simply delete them.

From: Mrs. Rachael Adams

Subject: BMW LOTTERY PROMOTIONS.

BMW LOTTERY DEPARTMENT
5070 WILSHIRE BLVD
LOS ANGELES. CA 90036
UNITED STATES OF AMERICA.

NOTE: If you received this message in your SPAM/BULK folder, that is because of the restrictions implemented by your Internet Service Provider, we (BMW) urge you to treat it genuinely.

Dear Winner,

This is to inform you that you have been selected for a prize of a brand new 2015/2016 Model BMW 7 Series Car and a Check of $1,500,000.00 USD from the international balloting programs held on the 2nd section in the UNITED STATE OF AMERICA.

Description of prize vehicle;

Model: 530iA Color (exterior): Metallic Silver Mileage: 5 Transmission: Automatic 6 Speed

Options: Cold weather package, premium package, fold down rear seats w/ski bag, am fm stereo with single in dash compact disc player.

The selection process was carried out through random selection in our computerized email selection system (ESS) from a database of over 250,000 email addresses drawn from all the continents of the world which you were selected.

The BMW Lottery is approved by the British Gaming Board and also Licensed by the International Association of Gaming Regulators (IAGR). To begin the processing of your prize you are to contact our fiduciary claims department for more information as regards procedures to the claim of your prize.

Name: Mr. David Mark
Email: [redacted]
Direct 24hours Security Line: [redacted] (Text Message Only)

Contact him by providing him with your Reg. pin code Number

255125HGDY03/23.

You are also advised to provide him with the under listed information as soon as possible:

  1. Name In Full :
  2. Residential Address :
  3. Nationality :
  4. Age :
  5. Sex
  6. Occupation :
  7. Direct Phone :
  8. Present Country :
  9. Email address :
  10. Reg pin code Number: 255125HGDY03/23

Please you are to provide him with the above listed details as soon as possible so he can begin with the processing of your prize winnings.

Congratulations from all our staffs and thank you for being part of our promotional program.

Mrs. Rachael Adams.

FROM THE DESK OF RACHAEL ADAMS,
THE DIRECTOR PROMOTIONS
BMW LOTTERY DEPARTMENT
UNITED STATES OF AMERICA

, , , ,

Driving risks out of embedded automotive software

can-busWhen it comes to cars, safety means more than strong brakes, good tires, a safety cage, and lots of airbags. It also means software that won’t betray you; software that doesn’t pose a risk to life and property; software that’s working for you, not for a hacker.

Please join me for this upcoming webinar, where I am presenting along with Arthur Hicken, the Code Curmudgeon and technology evangelist for Parasoft. It’s on Thursday, August 18. Arthur and I have been plotting and scheming, and there will be some excellent information presented. Don’t miss it! Click here to register.

Driving Risks out of Embedded Automotive Software

Automobiles are becoming the ultimate mobile computer. Popular models have as many as 100 Electronic Control Units (ECUs), while high-end models push 200 ECUs. Those processors run hundreds of millions of lines of code written by the OEMs’ teams and external contractors—often for black-box assemblies. Modern cars also have increasingly sophisticated high-bandwidth internal networks and unprecedented external connectivity. Considering that no code is 100% error-free, these factors point to an unprecedented need to manage the risks of failure—including protecting life and property, avoiding costly recalls, and reducing the risk of ruinous lawsuits.

This one-hour practical webinar will review the business risks of defective embedded software in today’s connected cars. Led by Arthur Hicken, Parasoft’s automotive technology expert and evangelist, and Alan Zeichick, an independent technology analyst and founding editor of Software Development Times, the webinar will also cover five practical techniques for driving the risks out of embedded automotive software, including:

• Policy enforcement
• Reducing defects during coding
• Effective techniques for acceptance testing
• Using metrics analytics to measure risk
• Converting SDLC analytics into specific tasks to focus on the riskiest software

You can apply the proven techniques you’ll learn to code written and tested by your teams, as well as code supplied by your vendors and contractors.

,

A free BMW 7-Series car – and a check for $1.5 million!

2016_BMW_7-Series_(G11)_sedan,_front_viewLook what I fished out of my spam folder this morning. This is a variation on the usual lottery scam, and more enjoyable than most. But really, a BMW 760Li? While the 6.6-litre twin-turbo Rolls Royce engine would be zippy on Phoenix-area highways, we certainly don’t need the cold-weather package here. Anyway, the M4 two-door coupé is more my style.

To be serious: When you get spam like this, simply delete the message. Don’t reply, don’t click any links, including unsubscribe links.

From: “Mrs Rachael Adams”
Subject: BMW LOTTERY DEPARTMENT

Date: July 21, 2016 at 1:51:03 PM MST
BMW LOTTERY DEPARTMENT
5070 WILSHIRE BLVD
LOS ANGELES. CA 90036
UNITED STATES OF AMERICA.

NOTE: If you received this message in your SPAM/JUNK folder, that is because of the restrictions implemented by your Internet Service Provider, we (BMW) urge you to treat it genuinely.

Dear Winner,

This is to inform you that you have been selected for a prize of a brand new 2015/2016 Model BMW 7 Series Car and a Cheque of $1,500,000.00 USD from the international balloting programs held on the 2nd section in the UNITED STATE OF AMERICA.

Description of prize vehicle; Model: 760Li Color (exterior): Metallic Silver Mileage: 5 Transmission: Automatic 6 Speed

Options: Cold weather package, premium package, fold down rear seats w/ski bag, am fm stereo with single in dash compact disc player.

The selection process was carried out through random selection in our computerized email selection system (ESS) from a database of over 250,000 email addresses drawn from all the continents of the world which you were selected.

The BMW Lottery is approved by the British Gaming Board and also licensed by the International Association of Gaming Regulators (IAGR).

To begin the processing of your prize you are to contact our fiduciary claims department for more information as regards procedures to claim your prize.

Fiduciary Agent: Mr.David Johnson
Contact Email:[redacted]

Contact him by providing him with your secret pin code Number BMW:255175HGDY03/23.As the subject of your email for swift response

You are also advised to provide him with the under listed information as soon as possible:

1. Name In Full :
2. Residential Address :
3. Nationality :
4. Age :
5. Sex
6. Occupation :
7. Direct Phone :
8. Present Country :
9. Email address :
10. pin code Number BMW:255175HGDY03/23

Note that you have to send email to Mr.David johnson .You are to provide him with the above listed details as soon as possible so he can begin with the processing of your prize winnings.

Mrs.Rachael Adams.
———————
THE DIRECTOR PROMOTIONS
BMW LOTTERY DEPARTMENT
UNITED STATES OF AMERICA

, , ,

Coding in the Fast Lane: The Multi-Threaded Multi-Core World of AMD64

ThrivingandSurvivinginaMulti-CoreWorld-1I wrote five contributions for an ebook from AMD Developer Central — and forgot entirely about it! The book, called “Surviving and Thriving in a Multi-Core World: Taking Advantage of Threads and Cores on AMD64,” popped up in this morning’s Google Alerts report. I have no idea why!

Here are the pieces that I wrote for the book, published in 2006. Darn, they still read well! Other contributors include my friends Anderson Bailey, Alexa Weber Morales and Larry O’Brien.

  • Driving in the Fast Lane: Multi-Core Computing for Programmers, Part 1 (page 5)
  • Driving in the Fast Lane: Multi-Core Computing for Programmers, Part 2 (page 8)
  • Coarse-Grained Vs. Fine-Grained Threading for Native Applications, Part 1 (p. 37)
  • Coarse-Grained Vs. Fine-Grained Threading for Native Applications, Part 2 (p. 40)
  • Device Driver & BIOS Development for AMD Systems (p. 87)

I am still obsessed with questionable automotive analogies. The first article begins with:

The main road near my house, called Skyline Drive, drives me nuts. For several miles, it’s a quasi-limited access highway. But for some inexplicable reason, it keeps alternating between one and two lanes in each direction. In the two-lane part, traffic moves along swiftly, even during rush hour. In the one-lane part, the traffic merges back together, and everything crawls to a standstill. When the next two-lane part appears, things speed up again.

Two lanes are better than one — and not just because they can accommodate twice as many cars. What makes the two-lane section better is that people can overtake. In the one-lane portion (which has a double-yellow line, so there’s no passing), traffic is limited to the slowest truck’s speed, or to little-old-man-peering-over-the-steering-wheel-of-his-Dodge-Dart speed. Wake me when we get there. But in the two-lane section, the traffic can sort itself out. Trucks move to the right, cars pass on the left. Police and other priority traffic weave in and out, using both lanes depending on which has more capacity at any particular moment. Delivery services with a convoy of trucks will exploit both lanes to improve throughput. The entire system becomes more efficient, and net flow of cars through those two-lane sections is considerably higher.

Okay, you’ve figured out that this is all about dual-core and multi-core computing, where cars are analogous to application threads, and the lanes are analogous to processor cores.

I’ll have to admit that my analogy is somewhat simplistic, and purists will say that it’s flawed, because an operating system has more flexibility to schedule tasks in a single-core environment under a preemptive multiprocessing environment. But that flexibility comes at a cost. Yes, if I were really modeling a microprocessor using Skyline Drive, cars would be able to pass each other in the single-lane section, but only if the car in front were to pull over and stop.

Okay, enough about cars. Let’s talk about dual-core and multi-core systems, why businesses are interested in buying them, and what implications all that should have for software developers like us.

Download and enjoy the book – it’s not gated and entirely free.

, , , ,

Beyond the fatal Tesla crash: Security and connected autonomous cars

Kitt-InteriorWas it a software failure? The recent fatal crash of a Tesla in Autopilot mode is worrisome, but it’s too soon to blame Tesla’s software. According to Tesla on June 30, here’s what happened:

What we know is that the vehicle was on a divided highway with Autopilot engaged when a tractor trailer drove across the highway perpendicular to the Model S. Neither Autopilot nor the driver noticed the white side of the tractor trailer against a brightly lit sky, so the brake was not applied. The high ride height of the trailer combined with its positioning across the road and the extremely rare circumstances of the impact caused the Model S to pass under the trailer, with the bottom of the trailer impacting the windshield of the Model S. Had the Model S impacted the front or rear of the trailer, even at high speed, its advanced crash safety system would likely have prevented serious injury as it has in numerous other similar incidents.

We shall have to await the results of the NHTSA investigation to learn more. Even if it does prove to be a software failure, at least the software can be improved to try to avoid similar incidents in the future.

By coincidence, a story that I wrote about the security issues related to advanced vehicles,Connected and Autonomous Cars Are Wonderful and a Safety-Critical Security Nightmare,” was published today, July 1, on CIO Story. The piece was written several weeks ago, and said,

The good news is that government and industry standards are attempting to address the security issues with connected cars. The bad new is that those standards don’t address security directly; rather, they merely prescribe good software-development practices that should result in secure code. That’s not enough, because those processes don’t address security-related flaws in the design of vehicle systems. Worse, those standards are a hodge-podge of different regulations in different countries, and they don’t address the complexity of autonomous, self-driving vehicles.

Today, commercially available autonomous vehicles can parallel park by themselves. Tomorrow, they may be able to drive completely hands-free on highways, or drive themselves to parking lots without any human on board. The security issues, the hackability issues, are incredibly frightening. Meanwhile, companies as diverse as BMW, General Motors, Google, Mercedes, Tesla and Uber are investing billions of dollars into autonomous, self-driving car technologies.

Please read the whole story here.

, , , ,

Quantify the risk of automotive software failures: The SRR Warranty and Recall Report

Summary of Recall Trends. Source: SRR.

Summary of Recall Trends. Source: SRR.

The costs of an automobile recall can be immense for an OEM automobile or light truck manufacturer – and potentially ruinous for a member of the industry’s supply chain. Think about the ongoing Takata airbag scandal, which Bloomberg says could cost US$24 billion. General Motors’ ignition locks recall may have reached $4.1 billion. In 2001, the exploding Firestone tires on the Ford Explorer cost $3 billion to recall. The list goes on and on. That’s all about hardware problems. What about bits and bytes?

Until now, it’s been difficult to quantify the impact of software defects on the automotive industry. Thanks to a new analysis from SRR called “Industry Insights for the Road Ahead: Automotive Warranty and Recall Report 2016,” we have a good handle on this elusive area.

According to the report, there were 63 software- related vehicle recalls from late 2012 to June 2015. That’s based on data from the United States’ National Highway Traffic Safety Administration (NHTSA). The SRR report derived that count of 63 software-related recalls using this methodology (p. 22),

To classify a recall as a software component recall, SRR searched the “Defect Summary” and “Corrective Action” fields of NHTSA’s Recall flat file for the term “software.” SRR’s inquiry captured descriptions of software-related defects identified specifically as such, as well as defects that were to be fixed by updating or changing a vehicle’s software.

That led to this analysis (p. 22),

Since the end of 2012, there has been a marked increase in recall activity due to software issues. For the primary light vehicle makes and models we studied, 32 unique software-related recalls affected about 3.6 million vehicles from 2005–2012. However, in a much shorter time period from the end of 2012 to June 2015, there were 63 software-related recalls affecting 6.4 million more vehicles.

And continuing (p. 23),

From less than 5 percent of all recalls in 2011, software-related recalls have risen to almost 15 percent in 2015. Overall, the amount of unique campaigns involving software has climbed dramatically, with nine times as many in 2015 than in 2011…

No surprises there given the dramatically increased complexity of today’s connected vehicles, with sophisticated internal networks, dozens of ECUs (electronic control units with microprocessors, memory, software and network connections), and extensive remote connectivity.

These software defects are not occurring only in systems where one expects to find sophisticated microprocessors and software, such as engine management controls and Internet-connected entertainment platforms. Microprocessors are being used to analyze everything from the driver’s position and stage of alert, to road hazards, to lane changes — and offer advanced features such as automatic parallel parking.

Where in the car are the software-related vehicle recalls? Since 2006, says the report, recalls have been prompted by defects in areas as diverse as locks/latches, power train, fuel system, vehicle speed control, air bags, electrical systems, engine and engine cooling, exterior lighting, steering, hybrid propulsion – and even the parking brake system.

That’s not all — because not every software defect results in a public and costly recall. That’s the last resort, from the OEM’s perspective. Whenever possible, the defects are either ignored by the vehicle manufacturer, or quietly addressed by a software update next time the car visits a dealer. (If the car doesn’t visit an official dealer for service, the owner may never know that a software update is available.) Says the report (p. 25),

In addition, SRR noted an increase in software-related Technical Service Bulletins (TSB), which identify issues with specific components, yet stop short of a recall. TSBs are issued when manufacturers provide recommended procedures to dealerships’ service departments for fixing problematic components.

A major role of the NHTSA is to record and analyze vehicle failures, and attempt to determine the cause. Not all failures result in a recall, or even in a TSB. However, they are tracked by the agency via Early Warning Reporting (EWR). Explains the report (p. 26),

In 2015, three new software-related categories reported data for the first time:

• Automatic Braking, listed on 21 EWR reports, resulting in 26 injuries and 1 fatality

• Electronic Stability, listed on 6 EWR reports, resulting in 7 injuries and 1 fatality

• Forward Collision Avoidance, listed in 1 EWR report, resulting in 1 injury and no fatalities

The bottom line here, beyond protecting life and property, is the bottom line for the automobile and its supply chain. As the report says in its conclusion (p. 33),

Suppliers that help OEMs get the newest software-aided components to market should be prepared for the increased financial exposure they could face if these parts fail.

About the Report

Industry Insights for the Road Ahead: Automotive Warranty and Recall Report 2016” was published by SRR: Stout, Risius Ross, which offers global financial advisory services. SRR has been in the automotive industry for 25 years, and says, “SRR professionals have more automotive experience in these service areas than any other advisory firm, period.”

This brilliant report — which is free to download in its entirety — was written by Neil Steinkamp, a Managing Director at SRR. He has extensive experience in providing a broad range of business and financial advice to corporate executives, risk managers, in-house counsel and trial lawyers. Mr. Steinkamp has provided consulting services and has been engaged as an expert in numerous matters involving automotive warranty and recall costs. His practice also includes consulting services for automotive OEMs, suppliers and their advisors regarding valuation, transactions and disputes.

, ,

Remote exploits are coming to a car, truck or other vehicle near you

5D3_5453Connected cars are vulnerable due to the radios that link them to the outside world. For example, consider cellular data links, such as the one in the Mercedes M-class SUV that my family owned for a while, allow for remote access to more than diagnostics: Using the system, called mbrace, an authorized M-B support center can unlock the doors via that link. Owners can use the M-B mobile app to

Start your vehicle from anywhere, and heat or cool the interior of your vehicle to the last set temperature. You can also remotely lock or unlock, sound the horn or find your vehicle via the Mobile App or website.

Nearly all high-end car manufacturers offer remote access systems, also referred to as telematics. Other popular systems with door-unlock capability include General Motors’ OnStar, BMW’s Assist, Hyundai’s BlueLink and Infiniti’s Connection. Each represents a potential attack vector, as do after-market add-ons.

In a blog post on Car & Driver, Bob Sorokanich writes,

It’s been a busy summer for automotive hackers, and the latest development is bad news for luxury-car owners: Good-guy digital security researcher Samy Kamkar just revealed that BMW, Mercedes-Benz, Chrysler, and aftermarket Viper connected-car systems are all theoretically vulnerable to the same hack that allowed him to remotely control functions in OnStar-equipped vehicles.

Consider yourself warned. The Federal Bureau of Investigation released a public service announcement, “Motor Vehicles Increasing Vulnerable to Remote Exploits.” The PSA says:

Vulnerabilities may exist within a vehicle’s wireless communication functions, within a mobile device – such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth, or Wi-Fi – or within a third-party device connected through a vehicle diagnostic port. In these cases, it may be possible for an attacker to remotely exploit these vulnerabilities and gain access to the vehicle’s controller network or to data stored on the vehicle. Although vulnerabilities may not always result in an attacker being able to access all parts of the system, the safety risk to consumers could increase significantly if the access involves the ability to manipulate critical vehicle control systems.

The PSA continues,

Over the past year, researchers identified a number of vulnerabilities in the radio module of a MY2014 passenger vehicle and reported its detailed findings in a whitepaper published in August 2015. The vehicle studied was unaltered and purchased directly from a dealer. In this study, which was conducted over a period of several months, researchers developed exploits targeting the active cellular wireless and optionally user-enabled Wi-Fi hotspot communication functions. Attacks on the vehicle that were conducted over Wi-Fi were limited to a distance of less than about 100 feet from the vehicle. However, an attacker making a cellular connection to the vehicle’s cellular carrier – from anywhere on the carrier’s nationwide network – could communicate with and perform exploits on the vehicle via an Internet Protocol (IP) address.

In the aforementioned case, the radio module contained multiple wireless communication and entertainment functions and was connected to two controller area network (CAN) buses in the vehicle. Following are some of the vehicle function manipulations that researchers were able to accomplish.

In a target vehicle, at low speeds (5-10 mph):

  • Engine shutdown
  • Disable brakes
  • Steering

In a target vehicle, at any speed:

  • Door locks
  • Turn signal
  • Tachometer
  • Radio, HVAC, GPS

(The whitepaper referenced above is “Remote Exploitation of an Unaltered Passenger Vehicle,” by IOActive Security Services.)

How can you protect yourself — and your vehicle? The FBI offers four excellent suggestions – read the PSA for more details on them:

  1. Ensure your vehicle software is up to date
  1. Be careful when making any modifications to vehicle software
  1. Maintain awareness and exercise discretion when connecting third-party devices to your vehicle
  1. Be aware of who has physical access to your vehicle

To those I would add: Choose security over convenience, and if possible, disable the remote-access capabilities of your vehicle. You may not be able to prevent every possible attack — some of those systems can’t be turned off, and if a hacker is able to get physical access to the vehicle’s ODB-II diagnostics port or other electronics, all bets are off. You can live without being able to use a mobile app to start your car, or without the manufacturer preforming remote engine diagnostics. Heck, our ’91 Honda doesn’t even have a clicker, we have to open the door with a key. Be safe!

, , , ,

A Seven-Point Plan for Automotive Cybersecurity

code-curmudgeon2I am hoovering directly from the blog of my friend Arthur Hicken, the Code Curmudgeon:

Last week with Alan Zeichick and I did a webinar for Parasoft on automotive cybersecurity. Now Alan thinks that cybersecurity is an odd term, especially as it applies to automotive and I mostly agree with him. But appsec is also pretty poorly fitted to automotive so maybe we should be calling it AutoSec. Feel free to chime-in using the comments below or on twitter.

I guess the point is that as cars get more complicated and get more “smart” parts and get more connected (The connected car) as part of the “internet of things”, you will start to see more and more automotive security breaches occurring. From taking over the car to stealing data to triggering airbags we’ve already had several high-profile incidents which you can see in my IoT Hall-of-Shame.

To help out we’ve put together a high-level overview of a 7-point plan to get you started. In the near future we’ll be diving into detail on each of these topics, including how standards can help you not only get quality but safety and security, the role of black-box, pen-test, and DAST as well as how to get ahead of the curve and harden your vehicle software using (SAST) and hybrid testing (IAST).

The webinar was recorded for your convenience, so be sure and check it out. If you have automotive software topics that are near and dear to your heart, but sure to let me know in the comments or on Twitter or Facebook.

Okay, the webinar was back in February, but the info didn’t appear on my blog then. Here it is now. My apologies for the oversight. Watch and enjoy the webinar!

, , , , , ,

The future of computing: Android Everywhere

googletvGOOGLE I/O 2004, SAN FRANCISCO — What is Android? It’s hard to know these days, and I’m not sure if that’s good or not. We all know what happened when Microsoft began seeing Windows as a common operating system for everything from embedded systems to desktops to phones to servers. By trying to be reasonably good at everything, Windows lost its way and ceased being the best platform for anything.

Once upon a time, Android was a free operating system for smartphones, conceived of as a rival for Symbian and (believe it or not) Windows Mobile. Google purchased Android Inc. in 2005; the Open Handset Alliance launched in 2007; and the first smartphone running Android appeared in 2008. Today, Android-based phones dominate the market, with the most visible handset makers being Samsung and LG. Some estimates show that at the end of 2013, more than 81% of all smartphones were running Android.

From its origins in smartphones, it was natural that Android would expand to tablets. Although no Android tablet has emerged as a clear market leader, there are many manufacturers, from Samsung to Amazon to Google to Asus. While Android has decisively eclipsed Apple’s iPhone in the smartphone market, the iPad still defines tablets.

What else? Android is now an operating system for head-mounted displays, smartwatches, wearables, televisions and automotive entertainment systems.

We’re all familiar with Google Glass, which is based on Android. The company is working hard to recruit developers to build Glassware. This spring, Android announced Android Wear, which is described as “your key to a multiscreen world,” especially if one of those screens will be a smart watch. A few companies, including LG, Samsung and Motorola, have announced watches.

Remember Google TV? It was not a success in the market. The replacement, announced this week here at the annual Google I/O developer conference, is called Android TV. According to Google, “Thousands of apps in the Google Play Store are already optimized for TVs.”

Google is clearly interested in cars, and not only because it wants to build self-driving vehicles. A few aftermarket audio system makers have used off-the-shelf Android as the driver in replacement automotive head units. This week, Google announced Android Autoas a competitor to Apple’s iOS-focused CarPlay. As with smartphones, Google set up a vendor alliance — in this case, the Open Automotive Alliance — to developer industry specifications and to drive alliances with car manufacturers.

From the looks of things, Android is now intended to become a general-purpose operating system. Good for embedded, small-footprint, app-based, highly connected devices.

Google’s emphasis, though, isn’t on the hardware, but on that increasingly multiscreen world. With screens spanning the wrist, phone, tablet, head-mounted displays and televisions, Android looks to be everywhere. And that means that Google Play will be everywhere. Thus Google advertisements everywhere too. I mean, duh.

I guess that’s the future of computing: Android Everywhere.

, ,

Daily miracles and surviving in the desert

This is one of a series of articles I wrote for the monthly Bulletin of Peninsula Temple Sholom in Burlingame, Calif.

We were in trouble, and for a short time I thought my family’s lives were in danger. It was August 2004, and Carole, Michael, and I were on vacation in Palm Springs. With the temperature north of 110 degrees, we decided to skip the hotel’s swimming pool and take our 10-year-old son on a drive through nearby Joshua Tree National Park.

All went well until our car stalled and wouldn’t restart. What had been an Ultimate Driving Machine was now 3,500 pounds of inert steel. There wasn’t much shade, and of course we hadn’t brought nearly enough water with us.

Within a couple of hours, we were rescued by a AAA tow truck, and by the next day, our car was repaired. We were safe… but those hours in a rapidly heating metal box exchanged my trust in precision German engineering for appreciation of the awesome power of the Mohave Desert sun.

A car that runs. An air conditioner that blows cold air. A cell phone battery that is charged. Those are daily miracles that we take for granted… and we only notice them when we have a car that doesn’t work, an air conditioner that blows hot air, or a cell phone that has no charge or signal.

No cell signal? That’s a first-world problem. But our friends, family, and colleagues on the East Coast learned an even more important lesson about daily miracles after Hurricane Sandy. Power? Shelter? Heating? Phone? Broadband? A roof over your head? Some families couldn’t take those essentials for granted for days or weeks. Some families in New York and New Jersey still aren’t back in their homes.

Jewish values remind us of daily miracles, and implore us not to take them for granted. Many of us have been slightly grossed out during the Umafli La’asot prayer, the one that says, “With divine wisdom You have made our bodies, combining veins, arteries, and vital organs into a finely balanced network…”

When we get sick – when our vital organs don’t work right – we appreciate the daily miracles of our own existence.

We know that we have to maintain our cars, service our air conditioner, charge our phone batteries (and pay the wireless bill), eat healthfully, and visit our doctors.

Our synagogue is another daily miracle oft taken for granted. Too many of us, in today’s modern time, see Peninsula Temple Sholom as a place for adult ed. lectures, for b’nai mitzvah lessons, for hanging out with friends, for coming by on a Friday night for the yahrzeit of a loved one. When we need the shul, we come. When we don’t, those lovely buildings on Sebastian Drive don’t even enter our thoughts.

That’s too bad. Our synagogue is more than a place for drop-in programs and worship services. PTS is the moral center of our Judaism, the place for expressing our values, the heart of our community. Sure, we come by for a wedding, the Second Night Seder, to catch John Rothmann, or to educate our children – but the synagogue, and our hard-working clergy, staff, teachers, and volunteers have a bigger mission than to be a place for nice “Jewishy” programs.

Let me suggest that PTS is the AAA tow truck for our Jewish souls. When you need PTS, we are there for you. When you don’t need PTS, we are there for your friends and neighbors and our whole community. Believe me, there is no shortage of needs. And when you need PTS again, PTS is still there for you. Always.

That is why we need your support every year to sustain Peninsula Temple Sholom. In a typical year, the Temple has a budget of about $3.2 million. Where does that money come from? About $1.2 million comes from member dues, $1.3 million from Preschool tuition, and $200,000 from Religious School fees. That leaves about half a million dollars from sundry fees, building rentals… and mostly donations from you, our members.

Let’s talk about donations. Each fall, there is the High Holy Day Appeal. Thank you to all who contributed. Each spring, the fundraiser may take different forms. Last year, you may recall, we held the wonderful Erev Comedia with Rabbi Bob Alper. (This event not only supported the Temple, but I never laughed so hard in my life.)

This year, we are doing something new: an “unevent,” which is a straight-up request for donations dressed up like a party invitation. However, there’s no party, no raffle tickets, no silent auction, no live auction. This is a simple, no-gimmicks request for your financial support. Watch your mail for the “invitation,” laugh at the jokes – and please response to our appeal.

A beautiful prayer in Mishkan T’filah reads, “May the door of this synagogue be wide enough to receive all who hunger for love, all who are lonely for friendship. May it welcome all who have cares to unburden, thanks to express, hopes to nurture… May this synagogue be, for all who enter, the doorway to a richer and more meaningful life.”

, , , ,

From Apple to Microsoft to Tesla, rumors abound

teslaIf there’s no news… well, let’s make some up. That’s my thought upon reading all the stories about Apple’s forthcoming iWatch – a product that, as far as anyone knows, doesn’t exist.

That hasn’t stopped everyone from Forbes to CNN to the New York Times from jumping in with breathless analysis of the rumor.

Turn the page.

More breathless analysis focused on why Microsoft’s stores and retail partners didn’t have enough stock of the Surface Pro tablet. Was this intentional, some wondered, part of a scheme to make the device appear more popular?

My friend John P. Mello Jr. had solid analysis in his article for PC World, “Microsoft Surface Pro sell-out flap: Is the tablet really that popular?

I think the real reason is that Microsoft isn’t very good at sales estimation or manufacturing logistics. Companies like Apple and HP have dominated, in large part, because of their master of the supply chain. Despite its success with the Xbox consoles, Microsoft is a hardware newbie. I think the inventory shortfall was a screw-up, but an honest one.

After all, when Apple or Samsung run out of hot items, nobody says “It’s a trick.”

Can’t leave the conversation about rumors without mentioning the kerfuffle with the New York Times’s story, “Stalled Out on Tesla’s Electric Highway.” In short: Times columnist John M. Broder claims that the Tesla Model S electric car doesn’t live up to its claimed 265-mile estimated range. Tesla founder Elon Musk tweeted “NYTimes article about Tesla range in cold is fake.”

Everyone loves a good twitter-fight. Dozens of pundits, and gazillions of clicks, are keeping this story in the news.

, , ,

The joy of being a geek: 60-core chips, self-driving cars

So much I could write about today. The U.S. presidential elections. Intel’s new 60-core PCIX-based coprocessor chip. The sudden departure of Steven Sinofsky from Microsoft, after three years as president of the Windows Division. The Android 4.2 upgrade that unexpectedly changed the user experience on my Nexus phone. All were candidates.

Nah. All those ideas are off the table. Today, let’s bask in the warm geekiness of the Google Self-Driving Car. The vehicle, an extensively modified Lexus RH450h hybrid sport utility, lives here in Silicon Valley. The cars are frequently sighted on the highways around here, and in fact my wife Carole saw one in Mountain View last week.

Until today, I had never seen one in action, but at lunchtime, the Self-Driving Car played with me on I-280. If you’re not familiar with the Google Self-Driving Car, here’s a great story in the New York Times about one of the small fleet, “Yes, Driverless Cars Know the Way to San Jose.”

I encountered the Google car going northbound on I-280, and passed it carefully. Many cars lengths ahead, I carefully changed into its lane and slowed down slightly — and waited to see what the self-driving car would do.

The Google car approached slowly, signaled, moved into the next lane, and passed me. I was taking pictures out the window — and the Google engineer sitting in the passenger seat smiled and waved. It was just another day for the experimental hardware, software and cloud-based services.

Yet, why do I have the feeling of having a Star Trek-style First Contact with an alien artificial life form? It is wonderful living in Silicon Valley and being a participant in the evolution of modern technology – both at the IDE and behind the wheel.

, , , ,

Fast cars! Fast phones! And a new developer conference!

Toys, toys, toys. I love to read about new toys, especially sleek sports cars and nifty computerized gadgets. This week has been a bonanza – from two different directions.
You might think my focus would be on the big annual Consumer Electronics Show in Las Vegas. Actually, I’ve been more keenly following the happenings at the North American International Auto Show, which kicked off January 9.
Dozens of exciting cars and concept vehicles were introduced at the NAIAS, which is also known as the Detroit Auto Show. They include a smokin’ hot Acura NSX super car (pictured), the futuristic Lexus LF-LC, a new Mini Roadster, the four-door Porsche Panamera Turbo R, the fast-looking Mercedes SL550, the BMW i8 electric car… the list goes on and on.
A big part of the news from Detroit overlapped what was also talked about at the Consumer Electronics Show. Sure, CES features lot of “ultrabook” lightweight notebook computers, incredibly thin televisions, high-definition digital cameras, three-dimensional printers, even electric razors. But automotive computers were very much front and center.
There’s a lot more to computerized cars than iPod jacks or even streaming Pandora on a 28-speaker Bose sound system. Companies like BMW, Ford and Mercedes-Benz are integrating phone applications with vehicles’ onboard computers. The smartphone sends the car email and text messages. The car sends back real-time diagnostics. I’m told you can even make phone calls!
Soon, you will update your car’s firmware as often as you update your smartphone’s apps.
To change the subject only slightly: Let’s talk about developing smartphone software. You know that BZ Media – the company behind SD Times and News on Monday – produces developer conferences for Android and iPhone/iPad developers. We are proud to announce support for another platform at WPDevCon: The Windows Phone Developer Conference.
WPDevCon is coming to the San Francisco Bay Area from Oct. 22-24, 2012. We are currently assembling a full slate of workshops and technical classes, and the program will be ready in early March. However, we invite you to check out the website, www.wpdevcon.net, and of course, mark your calendar if you or your colleagues are interested in attending.
Want to propose a class? See the Call for Speakers and then drop me a line. Interested in exhibiting? Contact my colleague email hidden; JavaScript is required.
Which is more interesting to you, the latest cars at the Detroit Auto Show or the snazzy gadgets at the Consumer Electronics Show?
, ,

What color is your automobile? Silver, perhaps?

According to this article by the Evening Times, silver is the most popular color for cars. It shows a desire to be seen as having wealth and prestige. What does your car color say about you?

My wife and I have only purchased one silver car, a Ford Tempo. At the time, we weren’t seeking to flaunt wealth or prestige. Just the contrary: We were getting a bargain on a left-over.

Our current fleet (pictured) consists of my Titanium Gray Mazda3 hatchback and my wife’s Deep Green Pearl Acura TSX sedan.

According to the story, gray is a sign of stability and reliability. Green is for those who are conscientious and try to smooth over tense situations. Works for me.

, , , ,

Greetings, Earthlings and Script Kiddies

cobra wheelWelcome to my blog. It has to start somewhere, and this is where it starts. And the trek had to start sometime; it should have started a long time ago, but it didn’t, so here we are.

This blog will be a spot to discuss topics of professional and personal interest to me, mainly focused on the realm of information technology, focusing on software development, security, enterprise computing, and the like.

Let me start with a story software hacking that begins, oddly enough, with an automotive service experience.

Earlier this week, I took my beloved 1993 Mustang GT to the Ford dealer for a routine maintenance, which includes a tire rotation. At about 11:00 am, I got a call from the service advisor: “Mr. Zeichick, I can’t find the key for your wheel locks. Where is it?”

I drove back to the shop, we searched high and we searched low. We couldn’t find the special key, so we skipped that part of the service.

But now I’ve got my mighty steed parked in the driveway, with a missing wheel lock key. What if I get a flat? I need to get those locks off pronto!

Wheel locks are a nuisance. However, I have expensive Ford Cobra rims, the dealer advised that their TTL (time to live) without locks would be less than a week. Ever since, I assumed that the wheel locks would do a decent job protecting the vehicle. How can I get them off without damaging the wheels? Gosh, this is going to be hard.

Time to ask an expert. I went to my local Sears hardware store with a spare lug nut, and asked my favorite salesman if he knew how to jury-rig sockets, wrenches, pry bars and other implements to get the wheel locks off. “Relax,” he laughed, and referred me to the “SK 2-Piece 1/2-Inch Drive Wheel Removal Kit” designed expressly for removing damaged lug nuts and wheel locks.

Five minutes after getting home, the lock nuts were removed, without damaging the wheels or bolts. And three of those five minutes were spent finding the half-inch socket set.

My confidence in Sears went up – while my confidence in wheels locks went down. If I could buy this tool “over the counter” at my local hardware store, then presumably anyone who wanted to lift wheels would already have one. Bottom line: those wheel locks wouldn’t have even slowed a thief down. Ignorance was bliss. My ignorance could have cost me, big-time, especially if those had been really expensive rims, or if the car was routinely parked on the street, instead of in my garage.

When it comes to people who want to break into your system, there are two types: technical experts, who will use their superior knowledge and experience to find and exploit your Web site or application vulnerabilities – and “script kiddies,” who will simply apply pre-existing hack techniques and use tools created by other people. Just like any petty thief could buy the wheel-lock removal kit at Sears, so any script kiddie can download hacking tools for free.

Now I’m hunting for a better grade of wheel lock… and you should be making sure that your own app-security measures won’t fall to the first script kiddie who decides to target your applications and data with an over-the-counter tool.