Hacker News new | past | comments | ask | show | jobs | submit login

While counter-intuitive, I have actually encountered this issue with other cars as well, specifically a Ford f150 where an internal problem in the APIM module (accessory protocol interface module, essentially the dash touchscreen controller) essentially bricked the truck by spamming the canbus with erroneous signals. Remember that modern automobiles are rolling networks with multiple interconnected controllers, some of which are required for the vehicle to function.

Note that this doesn't excuse Tesla here, since the situation I discussed is very rare, normally if that module fails the vehicle will still start and run. Tesla engineers should absolutely have been aware of this issue, as pointed out up thread there are multiple tutorials for ras-pi SD memory preservation, and I have trouble believing a competent EE shouldn't be aware of life issues due to eMMC. It also shouldn't brick the car, normally automotive electronics are designed very carefully to avoid single points if failure, with fallback routines and safety "limp-home" modes in case of problems.

bricked the truck by spamming the canbus with erroneous signals.

Wasn't preventing this one of the design goals/selling points of CAN?

Yes, that is one of the strong points of CANBUS. Like I said in the original post, this was a very rare failure. However, the APIM managed to spam the bus in just the right way where it de-synced modules; when I initially connected to the vehicle w/ a snap-on scan tool it was throwing codes for BCM and TCM non-comm, as well as codes that implied the ECM was seeing different speeds on the CKP & CMP (crankshaft & camshaft sensors). The CKP/CMP disagreement was what caused the vehicle to be 'bricked', since the engine management had no idea where the crankshaft & valves were in relation to each other.

Near as I could tell from my scope, the APIM was spamming the bus with exactly the right frequency to interrupt the ECM during it's scan of critical sensors. It was an extremely rare failure, and to Ford's credit they covered both the repair as well as my shop's diagnostic time.

edit: To make it clear, I have seen 2 vehicles that still operated with a direct CANBUS short to ground, as well as a vehicle that had CANBUS shorted to 12V+. In these cases, aside from expected failures (such as the BCM systems not responding, or transmission limp-home), modules were able to fall back into either safe states (limp-home, in the case of the TCM) or just a dashboard warning light (in the case of BCM no-comms).

Wow! Unbelievable. I mean, just SEPARATION.

Thanks for the anecdote!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact