Editing Over-the-air update (section)

=== Automotive ===
Cars can support OTA updates to their [[in-car entertainment]] system, navigation map, [[telematic control unit]], or their [[electronic control unit]]s (the onboard computers responsible for most of the car's operation).<ref name="Halder2020" /> In cars, the telematic control unit is in charge of downloading and installing updates,<ref name=":0" /> and OTA updates are downloaded through cellular networks, like smartphones. Cars cannot be driven while an OTA update is being installed. Before an update, the car checks that the update is genuine, and after the update completes, it verifies the integrity of all affected systems.<ref name="Halder2020">{{Cite journal |last1=Halder |first1=Subir |last2=Ghosal |first2=Amrita |last3=Conti |first3=Mauro |date=2020-09-04 |title=Secure over-the-air software updates in connected vehicles: A survey |url=https://www.sciencedirect.com/science/article/pii/S1389128619314963 |journal=Computer Networks |language=en |volume=178 |pages=107343 |doi=10.1016/j.comnet.2020.107343 |issn=1389-1286|url-access=subscription }}</ref>

OTA updates provide several benefits. In the past, Volkswagen had to recall 11 million vehicles to fix an issue with its cars' emissions control software, and other manufacturers have instituted recalls due to software bugs affecting the brakes, or the airbags, requiring all affected customers to travel to dealership to receive updates. OTA updates would have removed the need to go through dealerships, leading to lower warranty costs for manufacturers and lower downtime for customers.  OTA updates also allow manufacturers to [[Software deployment|deploy]] potential new features and bug fixes more quickly, making their cars more competitive in the market, and resulting in an increased pace of product improvements for consumers. For example, OTA updates can deliver improvements to a car's [[Advanced driver-assistance system|driver assistance systems]] and improve the car's safety.<ref name=":4" />{{Rp|page=|pages=138-139}}<ref name="Halder2020" />

However, OTA updates can also present a new [[attack vector]] for hackers, since security vulnerabilities in the update process could be used by hackers to remotely take control of cars. Hackers have discovered such vulnerabilities in the past, and many car manufacturers have responded by instituting vulnerability disclosure programs ({{Aka}} [[Bug bounty program|bug bounty programs]]).<ref name="Halder2020" /><ref>{{cite web |last1=Gitlin |first1=Jonathan M. |title=Hackers discover that vulnerabilities are rife in the auto industry |url=https://arstechnica.com/cars/2023/01/hackers-discover-that-vulnerabilities-are-rife-in-the-auto-industry/ |website=Ars Technica |language=en-us |date=11 January 2023}}</ref> Attack vectors specific to OTA updates include "[[Spoofing attack|spoofing]], tampering, repudiation [attacks], [[information leakage]], [[Denial-of-service attack|denial-of-service]]," [[Replay attack|replay attacks]], and [[privilege escalation]] attacks. Example scenarios include a hacker successfully interrupting an ongoing update (deemed a "flashing fail"), which may corrupt the car's computer systems and make the car malfunction later on; another scenario is "arbitrary flashings", in which hackers trick the car into installing a malicious OTA update.<ref name=":4" />{{Rp|pages=141-142}}