With OTA updates, manufacturers are gradually shifting from the conventional practice of customers visiting dealerships for servicing to a remote service model employed by tech companies. This new approach carries potential safety-critical risks. Therefore, it’s essential for customers to trust that the updates are from a reliable source and not a malicious attack. To guarantee the installation of only legitimate software, the vehicle must be capable of verifying the authenticity and integrity of the update. Typically, tech companies use certifications to vouch for the authenticity of a software update.
Main Question
Is there a clear strategy to ensure that both the vehicle and the user know the update is authentic?
Sub-Questions
- Where applicable, are relevant standards (ISO/SAE 21434 (2021) , ISO 24089 (2023) etc.) followed?
- Are there adequate communication provided to the customers to inform of an upcoming update?
References
- ISO (2023) 24089: Road vehicles — Software update engineering. Available at: https://www.iso.org/standard/77796.html (Accessed: 21. May 2024)
- ISO/SAE (2021) 21434: Road vehicles – Cybersecurity engineering. Available at: https://www.iso.org/standard/70918.html (Accessed: 18 October 2023)