Auto companies recall more than 1.5 million vehicles for control system cyber issues
A cyber incident is defined as electronic interactions among systems, or among systems and people (displays), that can affect confidentiality, integrity or availability. A cyber incident does not need to be malicious. IT systems generally have cyber diagnostics, and cybersecurity personnel are generally well-trained to identify cyber incidents. But control systems (including those found in cars) have minimal cyber forensics, and those responsible for them tend to have minimal training to recognize incidents as being cyber-related.
My Oct. 8, 2024, blog described how 144,500 Ford Mavericks were recalled over concerns that the rearview camera display could show a frozen image while backing up. The recalled 2022-2024 model Maverick trucks had "Connected Touch Radios," according to a Sept. 13, 2024, recall report submitted to the National Highway Traffic Safety Administration (NHTSA). In the report, Ford said a frozen rearview camera display image could lead to a "false representation of where the vehicle is relative to its surroundings, increasing the risk of a crash." The automaker linked the potential issue to "improper memory handling" within the Connected Touch Radio software resulting in delayed images being displayed.
Nov. 14, 2024, NHTSA announced that Ford will have to pay up to $165 million for failing to comply with federal recall requirements and also required Ford to start a broad look back at all vehicle recalls over the last three years to make sure the automaker covered the right number of affected cars and trucks, and if not, expand the scope of recalls to include more vehicles.
The most recent recall is focused on a persistent failure of Ford's backup camera system, according to the May 9, 2025, NHTSA recall documents. Specifically, Ford stated that a software error may cause the rear-view camera image to delay, freeze or not display when the vehicle is in reverse, which is a safety problem. It is unclear if the backup alarm will actuate if the camera doesn’t indicate a problem, but the NHTSA recall states that there is no warning that this camera issue can occur. According to the Road and Track article, the automaker's filing says 100% of these backup cameras are liable to fail. The recall affects 1,075,299 vehicles.
According to Ford, this re-coded software will properly handle operational sequencing within the wireless communication subsystem better than the initial version.
Get your subscription to Control's tri-weekly newsletter.
It is not just Ford. Volvo recalled 413,151 vehicles because of backup camera issues due to a fault code that may be set under certain conditions, which could result in the backup camera image not being available for the rest of the driving cycle. Audi issued recalls for more than 44,000 cars due to a software error that can shut off instrument indications on the control panels.
The backup camera systems and instrument panel displays are monitoring and “operator display” systems. Consequently, the frozen back-up camera incidents were control system cyber incidents, since memory issues caused the loss of availability and integrity of the camera systems’ ability to provide correct displays of the current conditions. The same issues occurred with the Audi displays. However, neither NHTSA, Ford, Volvo nor Audi identified these incidents as being cyber incidents. Even though these incidents were unintentional, and somewhat akin to the CrowdStrike unintentional cyber incidents, the impact was like the Stuxnet man-in-the-middle attack used to mislead the operators by replaying “good” rather than actual real-time conditions of the centrifuges in Iran.
