Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

GM Recalls Millions of Cars After Critical Bug Found

General Motors has been forced to recall over four million cars following a software defect linked to at least one death.

The bug forces the air bag sensing and diagnostic module (SDM) software to activate a diagnostic test if it encounters certain driving conditions, according to the National Highway Traffic Safety Administration (NHTSA).

Doing so means the front air bags and “seat belt pretensioners” won’t deploy in the event of a crash, the agency claimed.

The affected vehicles are:

“Model year 2015-2017 Chevrolet Silverado 2500 HD, 3500 HD, Tahoe, Suburban, GMC Sierra 2500 HD and 3500 HD, GMC Yukon, GMC Yukon XL, Cadillac Escalade and Cadillac Escalade ESV vehicles and 2014-2017 Chevrolet Corvette, Silverado 1500, Trax, Caprice Police Pursuit Vehicle, GMC Sierra 1500, Buick Encore, and 2014-2016 Buick Lacrosse, Chevrolet Spark EV and SS vehicles.”

General Motors is set to notify owners of the affected models to take their car to their local dealer, who will reflash the SDM firmware free of charge.

Security researcher Scott Helme argued that it’s unacceptable for car manufacturers to build vehicles containing software which can’t be updated over-the-air (OTA).

He likened the situation to owning a laptop which can only get updates by taking it back to the shop where it was bought.

“As we increase the amount of software in any system we increase the likelihood of bugs being introduced. Unfortunately for GM it seems that they don't have any OTA update capabilities and will now have to physically recall the 4.3 million vehicles for update, which likely carries a substantial financial cost,” he told Infosecurity.

“As vehicles continue to adopt more and more complex software systems I think it's essential that they are able to receive OTA updates, especially in a case like this where the update is safety critical. GM could do a staged roll out and have the vehicles updated within a matter of days or weeks, compared to what is likely to be months or more for a recall, if some vehicles get recalled at all."

What’s Hot on Infosecurity Magazine?