feature article
Subscribe Now

Cheat Codes for Your Car

Volkswagen’s Firmware Kerfuffle Highlights Engineering Responsibilities

“Will no one rid me of this troublesome priest?” – King Henry II [1133 – 1189], referring to Thomas Becket, Archbishop of Canterbury

In Grand Theft Auto V you can press LB, LT, RB, RT, Left, Right, Left, Right, Right to fly like Superman. Or, in Plants vs. Zombies, you can type the word “future” to give the zombies funny 3D glasses. If you enter the correct cheat code on your PlayStation 4 you can change the players’ jerseys in NBA2K14. But on a Volkswagen Jetta you just have to take it to the shop to get smog tested.

Too soon?

By now you’ve no doubt read, heard, or tweeted about Volkswagen’s massive firmware fraud. The company admitted to gaming the engine-control code in its diesel-powered cars to fake the results of government-mandated emissions tests. In brief, the cars could detect when they were being tested (as opposed to being driven on the road normally), and they would temporarily switch to a super-clean, low-emissions mode to pass the test. Once the test was over, the cars reverted back to normal mode, which could spew as much as 30 times more nitrogen oxide and other pollutants than it does during the brief test. In short, VW cheated.

To his credit, Volkswagen CEO Martin Winterkorn admitted the wrongdoing almost as soon as it came to light, and then promptly resigned. He won’t spend the rest of his life destitute, but he’ll probably never work again. Then again, the 68-year-old Winterkorn probably doesn’t need to. But the company’s stock plunged 30% in just a few days. That’s billions of dollars of other people’s money wiped out in hours, on one piece of bad software news. VW is – or at least, it was – the largest automaker in the entire world, recently surpassing Toyota, so dropping almost one-third of its market capitalization is like misplacing the entire economy of a small country. 

So the question is, what did the company’s engineers really do? Who told them to do it, and who knew about it? CEO Winterkorn says he didn’t personally know anything about the scandal, but he took the fall anyway (or was pushed out by his board of directors). Surely something as complicated as modern engine-control firmware wasn’t hacked together by one rogue programmer. Several people had to be in on it. Did they fully realize what they were doing, or were the poor coders duped into adding a suspect feature under pressure from upper management?

Was this a bottom-up idea, or a top-down diktat? In other words, did the firmware developers come up with the idea and pitch it to their bosses, who then signed off on it, or did the neckties command their minions to install the backdoor regardless of their personal feelings on the matter?

Or maybe there was a third option: maybe everyone sat around in a weekly engineering meeting and brainstormed ways to pass the increasingly stringent US emissions requirements. “If only there were some way to pass the stupid test without actually choking off the engine and losing torque…”  Everyone casts skeptical glances at everyone else. Are you thinking what I’m thinking? Sensing a twinkle in the chief programmer’s eye, the boss says, “Make it so.” Everyone has plausible deniability. Nobody actually admitted to their colleagues that they’d cheat, only that they’d find an unorthodox workaround. Meeting adjourned. Back-slaps all around. Let’s get to work. 

So far, nobody has reverse-engineered the suspect firmware, so we don’t know exactly how it sidesteps the emissions test, or even how it knows it’s being tested. As possibilities, the firmware might detect when the hood is open, the rear wheels are turning but the front ones aren’t (or vice versa, in the case of a front-drive car), the steering wheel isn’t moving, and there’s no weight in the driver’s seat. If all four conditions are true, the car is being dyno tested, not driven, and it switches to super-secret “clean mode.”

Some observers have facetiously suggested that the cars could use also their onboard GPS to tell whether they’re inside a certified testing facility, or perhaps peer through the backup camera to look for shiny testing equipment. Maybe use Bluetooth microphones to listen for American voices discussing nitrogen oxide levels? With all the sensors and processors on a modern car, the possibilities are endless – and endlessly creepy.

It’s also not entirely clear why VW felt that it needed to cheat in the first place. Its diesel-powered cars obviously can meet US emissions standards without cheating; the test results prove that. So why cheat at all? Presumably, the affected cars get better gas mileage when they’re not in clean mode, and even a small 1 or 2 MPG difference can weigh heavily on a buyer’s mind at the sales lot. Or maybe the engine loses torque in clean mode, making the cars a bit less peppy (although that’s generally not a concern for economy-minded buyers of diesel-powered cars).

Looking at it from the point of view of the developers, it’s possible they felt they were getting boxed into a corner. Government regulations, as well as corporate marketing, dictate ever-better fuel economy, lower emissions, and longer durability. Maybe it wasn’t possible to deliver all those things with traditional mechanical engineering. Maybe VW’s diesel engines just aren’t able to deliver on all three fronts without a bit of creative assistance from the firmware.

This whole escapade exhibits all the symptoms of something we talked about in June: What gets measured gets done. The US emissions tests are very specific. You hook up the car to the test equipment like this, you exercise it like that, and you look for certain results. Cut and dried, just like a good testing procedure should be. But is that what you really want to measure? The car isn’t being tested on the road in real-world conditions, so VW didn’t optimize it for those conditions. It’s designed to pass the test, which it did. That’s a success from an engineering point of view, even if VW observed the letter of the regulations while ignoring the spirit. You could even make an argument that the test itself is fatally flawed and that the engineers responsible had no other option. “The regulations made me do it.”

Somewhere in Wolfsburg is a group of firmware engineers in fear for the jobs, if not their lives. Their work cost the company CEO his career and cost VW’s investors many billions of dollars. Their employer is now under federal investigation, with potential fines and penalties that could add additional billions more to the damage. The financial loss could derail R&D projects for decades. The PR fallout could tank VW sales for years, much the same way that specious or inaccurate reports of unintended acceleration, risks of rollover, or exploding tires have damaged other automakers. But this time, VW’s malfeasance is real, not just badly researched PR spin and hype mongering. The company admitted its guilt and promised to fix nearly a half-million affected vehicles.

In a few more months, we’ll no doubt learn many of the technical details of VW’s firmware workaround. It will be an interesting bit of forensic engineering. How did the developers detect testing conditions, how did they alter the car’s behavior, and how did they manage to cover their tracks, if at all? It’s currently illegal in most countries to disassemble a car’s onboard firmware, but I bet about a thousand shade tree mechanics/programmers are doing just that right now. Let’s see what we can learn from VW’s mistakes.

Volkswagen sister company Audi’s corporate slogan is “Vorsprung durch Technik,” or “progress through technology.” Oddly, the company uses that motto worldwide, except in the United States, where it’s replaced by “Truth in Engineering.” I’ll leave you to ponder the irony. 

Leave a Reply

featured blogs
Jun 6, 2023
Learn about our PVT Monitor IP, a key component of our SLM chip monitoring solutions, which successfully taped out on TSMC's N5 and N3E processes. The post Synopsys Tapes Out SLM PVT Monitor IP on TSMC N5 and N3E Processes appeared first on New Horizons for Chip Design....
Jun 6, 2023
At this year's DesignCon, Meta held a session on '˜PowerTree-Based PDN Analysis, Correlation, and Signoff for MR/AR Systems.' Presented by Kundan Chand and Grace Yu from Meta, they talked about power integrity (PI) analysis using Sigrity Aurora and Power Integrity tools such...
Jun 2, 2023
I just heard something that really gave me pause for thought -- the fact that everyone experiences two forms of death (given a choice, I'd rather not experience even one)....

featured video

Synopsys Solution for Comprehensive Low Power Verification

Sponsored by Synopsys

The growing complexity of power management in chips requires a holistic approach to UPF power-intent generation and low power verification. Learn how Synopsys addresses these requirements with a comprehensive solution for low-power verification.

Learn more about Synopsys’ Energy-Efficient SoCs Solutions

featured paper

EC Solver Tech Brief

Sponsored by Cadence Design Systems

The Cadence® Celsius™ EC Solver supports electronics system designers in managing the most challenging thermal/electronic cooling problems quickly and accurately. By utilizing a powerful computational engine and meshing technology, designers can model and analyze the fluid flow and heat transfer of even the most complex electronic system and ensure the electronic cooling system is reliable.

Click to read more

featured chalk talk

Achieving High Power Density with IGBT and SiC Power Modules
Sponsored by Mouser Electronics and Infineon
Recent trends in the inverter market have made high power density, scalability, and ease of assembly more important than ever before. In this episode of Chalk Talk, Amelia Dalton and Abraham Markose from Infineon examine how Easy & Econo power modules from Infineon can help solve common inverter design requirements. They explore the benefits and construction of these modules and how you can take advantage of them in your next design.
May 19, 2023