Photo: Euro NCAP/GreenTheOnly/edited by autoevolution
You will certainly remember how safety tests used to be about checking how a vehicle’s body would protect its passengers in crashes at certain speeds. At some point, pedestrians became a concern as well. Passively protecting them was not enough. With the development of electronics, systems like automatic emergency braking (AEB) started being evaluated. However, a recent situation with Tesla shows that software also has to be under scrutiny from now on.
The white-hat hacker GreenTheOnly discovered that the Tesla code has support for the evaluations of advanced driver assistance systems (ADAS). He also found that “100% of observed crash/ADAS tested cars in EU/US have one-off builds on specially provisioned computers.” In other words, the hardware was also different than that in regular production vehicles.
GreenTheOnly noticed support in the code for at least four testing procedures: Euro NCAP, Korean NCAP, I VISTA (the Chinese testing grounds), and ANCAP. According to the white-hat hacker, the vehicles evaluated have “Autopilot code that's aware of different ADAS testing protocols.”
I tried to contact both Euro NCAP and ANCAP during the weekend but have not received any answer from the two safety organizations so far. When I hear back from them, I’ll clarify if this was something these testing entities asked Tesla to provide – as Tesla investors are trying to argue – or if they did not know about these software support lines. Anyway, this is not the discussion I intend to propose here.
Regardless of the purpose the support in the Tesla code has, it is clear that no traffic safety organization can ignore software or the hardware to run it in cars anymore. If they can dictate how a car behaves, anyone seriously wanting to test the safety level offered by these vehicles has to make sure they are the same ones present in a production car.
Dealing with new cars as if they were still analogical machines is an even bigger mistake with over-the-air (OTA) updates. If testing organizations do not develop the skills to evaluate which software the “computers on wheels” are running, it will be effortless to deceive them the same way Volkswagen deceived emission tests with Dieselgate.
Just remember how the German company did that. The EA-189 ECU had cheating software that could detect testing conditions and change the engine parameters for the NOx emissions to comply with the regulations. At the time, nobody knew how Volkswagen was able to meet the emission regulations with that engine, but many suspected there was something fishy about it.
It took the International Council on Clean Transportation (ICCT) and West Virginia University researchers to discover the ECU had a specially-written engine-management-unit firmware. It detected "the position of the steering wheel, vehicle speed, the duration of the engine's operation, and barometric pressure” to determine if it was being regularly driven or in a testing facility. When that was the case, the software would make the engine run in a way that respected the regulations. In regular use, the car would use less diesel but also emit up to 40 times more nitrogen oxides (NOx) than it was supposed to do.
Mind you: we are talking about vehicles that did not have OTA update capabilities. In other words, the cheating device was in the car for anyone to see but people never thought about looking for an explanation in the software. If these vehicles could be updated, Volkswagen or any other automaker using the cheat could simply update its computers and remove the evidence from them.
What matters here is not what each automaker is willing to do to escape regulations and perform better in tests than its production vehicles would. Unfortunately, we have enough examples that doing the right thing is not always their choice. The point is that OTA update capability allows them to change whatever they want in the car: all it takes is an internet connection.
By coincidence, when I was writing this article, Bloomberg published in Hyperdrive that the future National Highway Traffic Safety Administration (NHTSA) should be “well-versed in automation and the safety issues surrounding human-machine interaction.” In other words, anyone ruling the safety regulator should understand the impact software can have on a vehicle.
David Zipper wrote to The Verge that the traffic safety issue in the U.S. may be even more profound. Instead of the self-certification model followed in the country for years, he suggests that the government should move to a type approval model. That could prevent automakers from simply putting new technologies on the roads without testing them well enough.
In Europe, Zipper said that the pre-approval model requires that vehicles with new safety systems can prove at least as safe as the ones without them. For him, this is the reason for Full Self-Driving (FSD) to be illegal in Europe. The pre-approval process allegedly includes software and OTA updates.
It is not clear if European governments have software specialists that are able to verify the impacts some codes can have on electric cars. The truth is that they must develop this expertise. Traffic safety organizations such as the NCAPs and others must do the same. It seems that Pete Buttigieg is well aware of that.
In a recent interview with Yahoo Finance, the U.S. Secretary of Transportation said that “so many of our regulations to keep cars safe are based on how cars always used to be.” The problem is that “we need to make sure that they’re based on how cars are going to be.” Indeed: that includes being able to evaluate software and the hardware needed to run it as much as the car body’s resistance and respect for the human body’s biomechanics. And we are already late in making that happen, as GreenTheOnly helped us see.
GreenTheOnly noticed support in the code for at least four testing procedures: Euro NCAP, Korean NCAP, I VISTA (the Chinese testing grounds), and ANCAP. According to the white-hat hacker, the vehicles evaluated have “Autopilot code that's aware of different ADAS testing protocols.”
I tried to contact both Euro NCAP and ANCAP during the weekend but have not received any answer from the two safety organizations so far. When I hear back from them, I’ll clarify if this was something these testing entities asked Tesla to provide – as Tesla investors are trying to argue – or if they did not know about these software support lines. Anyway, this is not the discussion I intend to propose here.
Regardless of the purpose the support in the Tesla code has, it is clear that no traffic safety organization can ignore software or the hardware to run it in cars anymore. If they can dictate how a car behaves, anyone seriously wanting to test the safety level offered by these vehicles has to make sure they are the same ones present in a production car.
Dealing with new cars as if they were still analogical machines is an even bigger mistake with over-the-air (OTA) updates. If testing organizations do not develop the skills to evaluate which software the “computers on wheels” are running, it will be effortless to deceive them the same way Volkswagen deceived emission tests with Dieselgate.
Just remember how the German company did that. The EA-189 ECU had cheating software that could detect testing conditions and change the engine parameters for the NOx emissions to comply with the regulations. At the time, nobody knew how Volkswagen was able to meet the emission regulations with that engine, but many suspected there was something fishy about it.
It took the International Council on Clean Transportation (ICCT) and West Virginia University researchers to discover the ECU had a specially-written engine-management-unit firmware. It detected "the position of the steering wheel, vehicle speed, the duration of the engine's operation, and barometric pressure” to determine if it was being regularly driven or in a testing facility. When that was the case, the software would make the engine run in a way that respected the regulations. In regular use, the car would use less diesel but also emit up to 40 times more nitrogen oxides (NOx) than it was supposed to do.
Mind you: we are talking about vehicles that did not have OTA update capabilities. In other words, the cheating device was in the car for anyone to see but people never thought about looking for an explanation in the software. If these vehicles could be updated, Volkswagen or any other automaker using the cheat could simply update its computers and remove the evidence from them.
What matters here is not what each automaker is willing to do to escape regulations and perform better in tests than its production vehicles would. Unfortunately, we have enough examples that doing the right thing is not always their choice. The point is that OTA update capability allows them to change whatever they want in the car: all it takes is an internet connection.
By coincidence, when I was writing this article, Bloomberg published in Hyperdrive that the future National Highway Traffic Safety Administration (NHTSA) should be “well-versed in automation and the safety issues surrounding human-machine interaction.” In other words, anyone ruling the safety regulator should understand the impact software can have on a vehicle.
David Zipper wrote to The Verge that the traffic safety issue in the U.S. may be even more profound. Instead of the self-certification model followed in the country for years, he suggests that the government should move to a type approval model. That could prevent automakers from simply putting new technologies on the roads without testing them well enough.
In Europe, Zipper said that the pre-approval model requires that vehicles with new safety systems can prove at least as safe as the ones without them. For him, this is the reason for Full Self-Driving (FSD) to be illegal in Europe. The pre-approval process allegedly includes software and OTA updates.
It is not clear if European governments have software specialists that are able to verify the impacts some codes can have on electric cars. The truth is that they must develop this expertise. Traffic safety organizations such as the NCAPs and others must do the same. It seems that Pete Buttigieg is well aware of that.
In a recent interview with Yahoo Finance, the U.S. Secretary of Transportation said that “so many of our regulations to keep cars safe are based on how cars always used to be.” The problem is that “we need to make sure that they’re based on how cars are going to be.” Indeed: that includes being able to evaluate software and the hardware needed to run it as much as the car body’s resistance and respect for the human body’s biomechanics. And we are already late in making that happen, as GreenTheOnly helped us see.
Google News