
Benz remotely controlled vehicle stuck in cruise control mode for 1h at 120km/h - LiweiZ
https://www.facebook.com/PeoplesDaily/videos/1864757720242703/
======
djrogers
Nothing about this story makes sense, and it's so sketchily sourced I'm
surprised to see it here on HN.

For starters if the problem was with cruise control, how would opening the
drivers side door 'slightly' slow the car to half it's speed? Setting aside
the physics here, cruise control would simply increase the throttle until it
got back to it's set speed.

Also questionable is the idea that MB would be able to remotely control the
vehicle when _every system_ other than the throttle had failed. Brakes failed,
ignition failed, transmission failed, but the throttle and cruise control were
still hunky-dory? That sounds a lot more like either a complete fabrication or
someone who screwed up while trying to hack their car's CAN-BUS...

~~~
lfowles
Cruise control on both of my cars is closer to "set throttle" than "set
speed". Neither will increase throttle to keep speed when going up a hill for
example.

~~~
endianswap
That's not typical for cruise control; even cars in the 80s with cruise
control would increase throttle uphills.

~~~
matt_wulfeck
Which is and always has been a downright awful and dangerous feature. Going up
a steep hill? Put the pedal to the metal so we can fly past other cars at 65
MPH.

~~~
mulmen
Or would be a lot safer and more efficient if everyone just went a constant
speed on the freeways. My cruise control also operates he brakes so my set
speed is held going up and down hills.

------
matthewmacleod
So I'd be really interested in knowing how a failure like this happens in a
human-safety-critical application.

I assume every software engineer under the age of ~50 would have learned about
events like the Therac-25 incidents during their education. Is there genuinely
no robust software quality regime in place for critical systems like this in
vehicles?

There are so many worrying things here: such a bad failure occurring in the
first place; the lack of any physical fallback or failsafe; the _ability of
the dealer to remotely control the car 's operation_ (!!) – any of these by
themselves fills me with dread.

~~~
jandrese
Or the owner attempted to flash his own ECU and messed it up. Granted, this is
more common in the rice-burning crowd than the Benz driving crowd, but there
is still some overlap.

Edit: Just saw that the driver was an "amateur car racer", which exponentially
increases the chances that he re-flashed his ECU.

~~~
matthewmacleod
That's interesting, in the sense that it might explain a software failure, but
it doesn't really explain why this wasn't failsafe anyway (given the
possibility of a non-flashed ECU failing) nor why remote access was possible.
I guess something doesn't add up here.

~~~
jandrese
It's possibly Benz went to the trouble of doing a rigorous analysis of their
ECU to verify that there were no faulting conditions that would impact safety
and thus decided to use it as the backstop. The safety guarantee from the
software could be compromised by an unauthorized modification.

Personally I don't like trusting safety systems entirely to software, but I
could see it being a decision a big corporation makes to simplify
manufacturing (cut costs).

------
thesumofall
Feels difficult to believe. He reduced speed by 60kmh by opening a door
“slightly”? Why did the cruise control not compensate for it? Both brake
systems failed at the same time? In addition, the automatic gearbox was
somehow stuck in D? Sorry, but I’m sure it’s either human error or a publicity
stunt

Edit: I didn’t know the C class has any remote control capabilities. Does
anyone know more?

------
vinay427
This is a somewhat misleading title. The car was intentionally set to cruise
control by the owner, but the cruise control could not be turned off until
Mercedes remotely found a way to disable it about 100km later.

~~~
programbreeding
Personally that's exactly what I got from the title; it says it was stuck in
cruise control. To me that indicates cruise control had been enabled, and then
became stuck on.

~~~
vinay427
I believe I was misled by "remotely controlled vehicle stuck in cruise
control," which (to me) implies that the remote control feature was somehow
relevant to not being able to disable the cruise control. The article did not
talk about remote control until it mentioned using it to disable the cruise
control.

------
maxxxxx
That headline is misleading. I read it as them controlling it for 1 hour which
wasn't the case.

I am a little surprised that the brakes didn't work. Are brakes "fly-by-wire"
now? Otherwise you should be able to slam the brakes even if the car is full
throttle. I have tried this with several cars and the brakes we always
stronger than the engine.

~~~
kirillseva
Brakes are fly-by-wire on new cars because slamming the brake is not the most
optimal strategy for stopping the car as fast as you can. And it can also
damage the car.

~~~
antris
I'd choose damaging the car over this scenario any day.

~~~
maxxxxx
I also don't know how braking hard would damage the car.

------
martimarkov
I'm not sure how much i believe a post from facebook from "People's Daily,
China". The video can for sure be named: "Police high speed chase through toll
booth"

~~~
vegardx
Lots of stuff is completely off with this. If you're stuck in cruise control
at 120km/h for an hour you will drive 120km, not 100km.

Also, what about just turning the engine off? Or... break.

~~~
ceejayoz
> Also, what about just turning the engine off? Or... break.

It says the brakes didn't work, and push-button start cars don't have an easy
way to "just turn the engine off".

~~~
theothertom
Mine has a "hold button for 5 seconds" type override - don't know if that's
universal though.

~~~
Piskvorrr
Don't tell me it's the ACPI hard shutdown signal, that would be scary.

------
Johnny555
I'm skeptical:

 _During a tense time of waiting and praying, Xue, an amateur car racer
himself, tried opening the car door slightly to help slow the car down, which
slowed to 60km /h, but nothing else could be done_

If the car was trying to maintain 120kph, I'm skeptical that opening a door
partially (or even all the way) slowed it to 60kph.

------
Yetanfou
While this newish whiz-bang Mercedes Benz might be too modern to have a
physical ignition lock these stories always make me wonder: why do all these
people who are confronted with runaway vehicles forget the simple solution of
switching off the engine? Just turn the key in the lock to the 'off' position
but don't remove it, the engine will switch off and the car or motorbike will
come to a halt. I've done this several times with my motorbike when one of the
Bowden cables between the throttle grip and a carburetor froze during travel
(as in 'water in cable freezes to ice', I ride the thing in wintertime here in
Sweden). By switching the lock between 'on' and 'off' I've used it in a
similar way as the 'blip switch' in early airplanes with rotary engines which
lacked an adjustable throttle, they were either 'on' or 'off' and could be
pulsed on landing by using the 'blip switch'.

When I mention this people often start about losing power steering but that is
of no concern, power steering is only effective at lower speeds anyway. Servo
brakes are powered by the intake vacuum so that won't be an issue either, even
it the vacuum fails or the power comes from another source (e.g. an electric
or engine-driven pump) there is generally a pressure reservoir which holds
enough pressure for several brake actions. And even in case the servo totally
fails the brakes still work, as does the parking brake.

To conclude, as long as you're in a vehicle with a physical ignition lock the
first thing to try is just to switch off the engine. As long as you keep the
key in the lock the steering lock should not engage (something to test next
time you turn off the engine).

------
LiweiZ
Sorry for the misleading title. I tried my best to contain the title short
enough to submit. Please change the title for a better one. Or suggest a
better one, I will change it ASAP. Thanks.

------
yason
In the "good" old days there were several things you could do:

\- turn off the ignition (now purely software-controlled in keyless systems)

\- put transmission to neutral (a physical link doesn't necessarily exist
anymore in automatic transmissions, still possible in manuals)

\- jump on the brake pedal as hard as you can (I suspect that a hydraulic link
to brakes must still exist, possibly by law, but there are ABS and stability
control units in between that can add to or remove from the brake pressure so
it's not entirely driver controlled anymore, could lead to a failure path)

\- use parking brake to assist in braking (now often controlled by an electric
motor automatically, doesn't engage while driving)

There were occasional similar failures like the accelerator pedal getting
stuck under the floor mat or throttle cable getting stuck but you could do a
number of things listed above. Cruise controls systems were heavily designed
to disengage at the slightest disturbance because they were separate control
modules: early vacuum-operated designs could—plausibly, I don't have first
hand knowledge—have a microswitch in the brake pedal that would just pull a
relay to shut off current from the control module, restoring normal
accelerator operation. Pretty much bullet proof.

Software is indeed capable of creating failure modes that were pretty much
unimaginable previously.

~~~
4a0508659f7c6a1
I'd start pulling fuses, Die Hard style.

------
Silhouette
I'm not sure what is more disturbing here, the fact that the car had such a
dangerous malfunction in the first place, the fact that there was no reliable
hardware-based mechanism to bring it safely to a halt when the software failed
catastrophically, or the fact that the service team could remote in and take
control of the vehicle. Everything about this is not just bad in itself but
betrays a more fundamental lack of safe and secure design.

~~~
cevn
Totally agreed. Why can't he just slam the brakes? I thought they are supposed
to be stronger than the engine?!

~~~
olliej
Electronic control - it’s not a direct physical connection anymore.

Follow on for mechanics/mechanical engineers: if the accelerator is down and
you’re already moving, can the brakes stop a car? It seems like you’d either
not stop or “break” abs and force the wheels to lock which is also bad at
speed...

~~~
vegardx
This is complete nonsense, go into any car without starting it and pump the
breaks.

~~~
Skunkleton
Its not.
[https://en.wikipedia.org/wiki/Drive_by_wire](https://en.wikipedia.org/wiki/Drive_by_wire)

------
ag56
Why couldn't you just hit the ignition to turn the engine off?

~~~
telesilla
New cars these days don't all have this option: electronic starters have
keyless ignition, activated when the key is nearby.

[http://www.worldwidemotors.com/blog/how-to-use-push-
button-s...](http://www.worldwidemotors.com/blog/how-to-use-push-button-start-
in-your-mercedes-benz/)

Personally, I'm concerned there is no manual brake override.

If I drove a Mercedes I'd test using manual ignition, maybe pulling the key
out would stop the car.

~~~
gruez
>activated when the key is nearby.

throw the key out the window?

~~~
ceejayoz
I tested this when my dad got one of the push-button start cars. Doesn't work,
at least not in his Acura.

~~~
vegardx
Give it a few minutes and it will start to complain, and then you will lose
engine, but not electrical power.

------
yalogin
Interestingly this has nothing to do with self driving. Though, if the dealer
could control is remotely why did it take an hour to do so?

~~~
ptero
May be the (designed) logic flaw. My guess is on a safety override that
painted itself into a corner. For example, no remote override of a cruise
control while moving.

------
oliv__
What I mostly took away from this is that automakers can remotely force stop
your vehicle if they so desire. Kind of creepy.

~~~
Humdeee
I don't find it more or less creepy than what we discover companies doing
under the hood on our smartphone apps, computers, sharing personal info, etc.

------
sjclemmy
Reminds me of reading the Fortean times when I was younger. Sounds like a made
up or exaggerated story.

Telltale statement > “According to a local media report”. So this is a report
of a report. Hmmmm.

------
rusbus
FWIW, this happened to a friend's Ford explorer with faulty electronics, self
driving cars don't have a monopoly on automobile malfunctions

------
m3kw9
The fact that it was able to be remotely controlled is exposing it to a whole
world of bugs and hacks

------
mmjaa
Covert intelligence operation (hit-job) gone awry? Maybe the driver was a
target of the CIA ..

------
tritium
This makes me want _less_ software control in my vehicle. Ideally none.

~~~
mulmen
So carburetors and no abs or traction control?

~~~
Skunkleton
Im not saying I agree with OP, but you picked three things that existed in
cars before computers.

~~~
mulmen
ABS uses software, I'm not aware of a mechanical ABS.

Limited slip differentials in all their varieties still don't do what
stability control and traction control do. You need software for the systems
to perform in a way we have come to expect.

A car without any software at all would be carbureted and have no ABS or
traction/stability control.

~~~
Skunkleton
[https://en.wikipedia.org/wiki/Anti-
lock_braking_system#Early...](https://en.wikipedia.org/wiki/Anti-
lock_braking_system#Early_systems)

[https://en.wikipedia.org/wiki/Fuel_injection#Mechanical_inje...](https://en.wikipedia.org/wiki/Fuel_injection#Mechanical_injection)

I'm not saying computers don't do these things better.

~~~
mulmen
From your link:

> A fully mechanical system saw limited automobile use in the 1960s in the
> Ferguson P99 racing car, the Jensen FF, and the experimental all wheel drive
> Ford Zodiac, but saw no further use; the system proved expensive and
> unreliable.

Those systems were used in aircraft, not cars. The operation was significantly
different as well.

Anyone who owns a car with mechanical fuel injection will tell you how much
more reliable carburetors are.

My point is simple: we have used software in automotive systems for decades
and those systems have proven to be reliable. Removing _all_ software from a
car will not make it safer just because new automation systems are poorly
built.

