Software rollback

Software rollback

I was recently thinking that the Model S is a big computer with a motor. That got me thinking about issues I have with my home computer. Someone has already posted about virus protection, but what about the ability to roll back the software. If an update gets installed and turns out to be problematic, do owners have a procedure for performing a rollback to the prior version until a fixed version becomes available?

suegie | 17 November, 2012

Pure speculation, but if there were a problem, I'm guessing that Tesla would auto-roll back the software while you're charging the car overnight. This is new territory isn't it!??

dubaty | 17 November, 2012

You may be right, but if the problem is discovered on the road, it would be nice to be able to pull over and do a rollback. You're also right about the new territory. I never thought I would be having this conversation about a car or anticipating owning one!

Vawlkus | 19 November, 2012

I'd be more comfortable with Tesla doing that, but then I'm an ex-IT tech, so I have a low opinion of the technical abilities of the general populace :P

David Trushin | 19 November, 2012

I am somewhat computer savvy and I hate to have to deal with an update that needs to be rolled back. And that's in the comfort of my own home. Imagine the nightmare of taking your Model S from 60 to complete computer crash while on the rode. Even pulled over on the side.

David Trushin | 19 November, 2012

rode = road

jerry3 | 23 November, 2012


The computers in a car are unlike a desktop computer (with the exception of the Tesla displays). All the ECUs that have to do with driving the car are firmware only and there is one or more for each function (I don't know how many the Model S has, but the Prius has 13 or 14 depending upon the options installed). They query each other to determine if there is a fault (among other things) and they are quite robust--all modern cars use them. The displays are totally separate from the ECUs and can be rebooted while driving. This is really a non-issue.

dubaty | 23 November, 2012

If this is truly a non-issue, that would be very comforting. I am certainly not techy enough to know for sure and would rely on assurances from others (preferably from TM itself). This might be something worth going on the new bulletin board.

Brian H | 23 November, 2012

Supposedly there are 22 computers in the MS.

Stark | 23 November, 2012

I do computer security for a living. As I understand it from a bit a research I've previously done, no manufacturer currently has a vehicle setup with ECUs that control critical features of the car (brakes, airbags etc) remotely accessible from outside of the vehicle. The only way to interface with these systems is through the dedicated port within the vehicle. Tesla has stated that the computer that controls the 17 inch screen and infotainment system is segregated from the ECU computers and that the vehicle can function completely without it. So while it may be possible for the infotainment system to get a virus or be compromised in another way, it should have no impact on the critical ECUs that actually control the car.

jerry3 | 23 November, 2012


That is my understanding as well.

jerry3 | 23 November, 2012


To rollback one of the ECUs (which are basically EPROMs) you just flash it again. It is possible to get and EPROM in such a state that it won't flash but because you can't flash and drive, it won't compromise safety.

Jolinar | 23 November, 2012

You can see rebooting car while driving in this video (0:35)

Volker.Berlin | 24 November, 2012

Stark, I agree with that idea. However, they did add creep via wireless update. Assuming creep was built in from the beginning (e.g, max power output without the driver touching the accelerator) and they just added the UI for it -- everything fine. But if they did add the functionality itself via wireless update -- quite scary.

jerry3 | 24 November, 2012


Watching Cinergi's "Software Upgrade" video where the car shuts down and restarts a couple of times it appears that they can flash the EPROMs over the air. It's only scary if their protocols for upgrading are insecure. And it appears to be far less scary than having the Toyota dealer flash the Prius.

jerry3 | 24 November, 2012

I ought to add that because of the way the ECUs communicate with each other, you couldn't just hack one ECU, you'd have to hack all the ones that talked to that ECU or the others that check it's functionality would just shut it down.

Volker.Berlin | 24 November, 2012

It's only scary if their protocols for upgrading are insecure. (jerry3)

No doubt it is secure. WEP was also secure when WLAN was new. What I want to say: It has better be state-of-the-art secure, and yet I wouldn't trust my life to it. It will be hacked sooner or later, that's a given.

DouglasR | 24 November, 2012

If they can add creep remotely, maybe they can open your garage door and have your car creep over to a waiting car thief.

VB, "It HAD better be state-of-the-art secure,"

Brian H | 24 November, 2012

that kind of "rebooting the car" doesn't touch the ECUs. Just the main screen.

I presume the security protocols themselves can be revised and upgraded from time to time. Without notice or comment, presumably and preferably!

Volker.Berlin | 25 November, 2012

DouglasR, thanks. In that case it was actually a tpyo. Honestly! :-)

Brian H, security by obscurity? Is an illusion, IMO.

Brian H | 26 November, 2012

No, just invalidate the "work" done to that point by hackers by changing coding and codes (internal). Nothing protects against fob spoofing, of course.

Volker.Berlin | 13 December, 2012

First time I hear or read anything about security/integrity in Tesla's automatic update. It's a relative broad and unspecific statement, but as far as it goes, it's what you'd expect:

More than 25 internal computers benefit from this 4.0 release, and Tesla is adamant that security and integrity are of the utmost importance. The download takes place over a VPN, the firmware bundle is signed by Tesla, and private and public keys validate its authenticity. So no, don’t expect Cyanogenmod-style firmware hacks to happen anytime soon.