In order to enhance customer experience [5] and to reduce time to market, the manufacturers are constantly in need of being able to update software/firmware of the Electronic Control units (ECU) when the vehicle is in field operations. The updates could be a bug fix or a new feature release. Until the recent years, the updation of software/firmware used to be done using a physical hardwired connection to the Vehicle in a workshop. However, with the element of connectivity being added to the vehicle, the updation of software can be done remotely and wirelessly over the air using a feature called Flash over the air (FOTA) [2] and Software over the air (SOTA) [2].
In order to safeguard the telematics [3] ECU from tampering or hacking, the manufacturers are doing away with the ports on the underlying hardware through which manual flashing used to be done. This means that, the only option available to flash or update the ECU is using FOTA/SOTA. Owing to this, FOTA/SOTA acts as an umbilical cord connecting the ECU. If FOTA/SOTA fails then there is no way that the ECU can be contacted back and that is when the device is bricked [5]. The flashware or software to be flashed is stored and managed using an IoT cloud platform. Telematics ECUs have a plastic or embedded sim that employ mobile network operators’ spectrum to communicate with the cloud using wireless cellular protocols [6]. Not only is the cellular signal varying when the vehicle is in motion, but also these cellular protocols are prone to network latency that can affect the functioning of FOTA/SOTA. When FOTA/SOTA is in operation, the interruption of the supply power to the telematics ECU can also lead to unexpected behavior. Since the risk factors that FOTA/SOTA is exposed to when this feature is introduced in a vehicle are many, hence it demands multipronged strategy to mitigate it.
This paper discusses the challenges associated with testing FOTA/SOTA in a real dynamic environment and distributed reliability test strategies employed to uncover the risks.