Incident: Airbag Deployment Failure in Karma Revero Due to Disabled Sensors

Published Date: 2019-04-22

Postmortem Analysis
Timeline 1. The software failure incident with the Karma Revero's disabled rollover sensors happened when Karma Automotive was testing the second-generation 2020 Revero, leading to the discovery that the rollover sensors in those models were disabled. This discovery prompted an investigation of the current Revero, resulting in the stop-sale notice sent to dealers on April 11 and the recall action. The recall applies to the 2018 Karma Revero built after Sept. 1, 2017. The article was published on April 22, 2019 [83354]. Therefore, the software failure incident with the disabled rollover sensors likely happened in April 2019.
System 1. Rollover sensors in the 2018 Karma Revero built after Sept. 1, 2017 [83354]
Responsible Organization 1. Karma Automotive [83354]
Impacted Organization 1. Karma Automotive [83354]
Software Causes 1. The software cause of the failure incident was the disabled rollover sensors in the Karma Revero, which led to the side-curtain airbags not deploying as intended [83354].
Non-software Causes 1. The rollover sensors in the Karma Revero were disabled, violating federal rules requiring functional "occupant ejection" systems in new cars [83354]. 2. Lack of a readiness warning light in the car's dashboard for the rollover sensors [83354]. 3. Absence of information on the system in the car's owner's manual regarding the rollover sensors [83354]. 4. The flaw was discovered during testing of the second-generation 2020 Revero, indicating a failure in the initial testing and quality control processes [83354].
Impacts 1. The software failure incident in the Karma Revero resulted in a violation of federal rules requiring functional rollover sensors and occupant ejection systems in new cars, potentially compromising passenger safety in rollover crashes [83354]. 2. The failure to enable the rollover sensors led to a recall and stop-sale order for the affected Karma Revero plug-in hybrid vehicles, affecting 231 cars built after Sept. 1, 2017 [83354]. 3. As a consequence of the software flaw, Karma Automotive had to plan for the installation of a new airbag control unit in all affected cars and provide owners with a supplemental guide about the system's operation and warning light, aiming to address the safety issue and prevent potential injuries [83354].
Preventions 1. Implementing thorough testing procedures during the development phase to ensure all safety-critical systems, such as rollover sensors, are fully functional and enabled [83354]. 2. Conducting regular audits and checks on the software systems to verify that all safety features are operational and compliant with federal regulations [83354]. 3. Providing comprehensive training to employees involved in the design and implementation of software systems to ensure they are aware of safety requirements and standards [83354].
Fixes 1. Installing a new airbag control unit in all affected cars. 2. Providing owners with a supplemental guide about the system's operating, its warning light, and what to do if the warning light illuminates [83354].
References 1. Karma Automotive press release [83354]

Software Taxonomy of Faults

Category Option Rationale
Recurring unknown (a) The software failure incident related to the disabled rollover sensors in the Karma Revero plug-in hybrid is specific to Karma Automotive. There is no mention in the article of a similar incident happening before within the same organization. (b) The article does not mention any similar incident happening at other organizations or with their products and services.
Phase (Design/Operation) design (a) The software failure incident in this case is related to the design phase. Karma Automotive discovered that the rollover sensors in the 2020 Revero models were disabled during testing, leading to an investigation of the current Revero models. This design flaw resulted in the side-curtain airbags not deploying as intended in a rollover crash, violating federal rules and potentially increasing the risk of injury to passengers [83354]. (b) There is no specific information in the articles indicating that the software failure incident was due to factors introduced by the operation or misuse of the system.
Boundary (Internal/External) within_system (a) The software failure incident in this case falls under the within_system category. The article mentions that the rollover sensors in the Karma Revero were disabled, violating federal rules and leading to the airbags not deploying as intended. This issue was discovered during testing of the 2020 Revero, indicating an internal flaw within the system itself [83354].
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in this case is primarily due to non-human actions. The failure was caused by the rollover sensors in the Karma Revero being disabled, which violated federal rules requiring functional rollover sensors in new cars. This flaw was discovered during testing of the 2020 Revero, leading to a stop-sale order and recall for the affected 2018 Karma Revero models built after Sept. 1, 2017. The non-functional rollover sensors were a critical factor in the failure of the side-curtain airbags to deploy in a rollover crash scenario, potentially increasing the risk of injury to passengers [83354]. (b) While the software failure incident was primarily due to non-human actions as described above, it's important to note that the lack of functional rollover sensors, absence of a readiness warning light in the car's dashboard, and the omission of information on the system in the car's owner's manual were all human-related factors that contributed to the failure. These human actions or oversights in the design, testing, and documentation processes played a role in the software failure incident [83354].
Dimension (Hardware/Software) hardware (a) The software failure incident in this case is related to hardware. The article mentions that the recall and stop-sale order for the Karma Revero plug-in hybrid was due to the rollover sensors in the car not being enabled. This hardware-related issue led to the side-curtain airbags not deploying as intended in a rollover crash, which violates federal rules requiring functional "occupant ejection" systems in new cars [83354].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident in this case is non-malicious. The failure was due to the rollover sensors in the Karma Revero plug-in hybrid being disabled, which violated federal rules and could potentially lead to the side-curtain airbags not deploying in a rollover crash. This issue was discovered during testing of the 2020 Revero, leading to a recall and stop-sale order for the affected vehicles [83354].
Intent (Poor/Accidental Decisions) unknown The software failure incident related to the Karma Revero's rollover sensors not being enabled does not directly point to poor decisions or accidental decisions as the intent behind the failure. The article does not provide specific details indicating whether the failure was due to poor decisions or accidental decisions. Therefore, the intent behind the software failure incident remains unknown based on the provided information.
Capability (Incompetence/Accidental) development_incompetence (a) The software failure incident in the article can be attributed to development incompetence. Karma Automotive announced a recall and stop-sale order for its Revero plug-in hybrid because the rollover sensors, a critical component for deploying side-curtain airbags in a rollover crash, were never enabled. This violation of federal rules requiring functional rollover sensors in new cars was discovered during testing of the second-generation 2020 Revero, indicating a lack of professional competence in ensuring the proper functioning of safety systems [83354].
Duration temporary The software failure incident described in the article is more aligned with a temporary failure. The article mentions that the rollover sensors in the Karma Revero were disabled, which led to the airbags not deploying as intended. This issue was discovered during testing of the second-generation 2020 Revero, indicating that the failure was due to specific circumstances or factors that caused the sensors to be disabled. Additionally, the automaker plans to fix the problem by installing a new airbag control unit and providing owners with a supplemental guide, suggesting that the issue can be rectified rather than being a permanent, irreversible failure [83354].
Behaviour crash, omission, value (a) crash: The software failure incident in the article can be categorized as a crash. The article mentions that the rollover sensors in the Karma Revero were disabled, leading to a situation where the side-curtain airbags may not deploy in a rollover crash, which is a failure of the system to perform its intended function [Article 83354]. (b) omission: The software failure incident can also be categorized as an omission. The article highlights that the rollover sensors were never enabled in the Karma Revero, violating federal rules requiring certain safety systems to be functional. This omission of enabling the sensors led to the failure of the airbags to deploy as intended [Article 83354]. (c) timing: The software failure incident does not align with a timing failure. The issue was not related to the system performing its intended functions too late or too early, but rather the sensors not being enabled at all, leading to the failure of the airbags to deploy [Article 83354]. (d) value: The software failure incident can be categorized as a value failure. The system was performing its intended functions incorrectly due to the disabled rollover sensors, resulting in the airbags potentially failing to deploy in a crash, which could increase the risk of injury to passengers [Article 83354]. (e) byzantine: The software failure incident does not align with a byzantine failure. There is no mention of the system behaving erroneously with inconsistent responses or interactions in the article [Article 83354]. (f) other: The software failure incident does not fall under the "other" category as the behavior of the failure can be attributed to a crash, omission, and value failure based on the information provided in the article [Article 83354].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence harm, theoretical_consequence (a) death: People lost their lives due to the software failure (b) harm: People were physically harmed due to the software failure (c) basic: People's access to food or shelter was impacted because of the software failure (d) property: People's material goods, money, or data was impacted due to the software failure (e) delay: People had to postpone an activity due to the software failure (f) non-human: Non-human entities were impacted due to the software failure (g) no_consequence: There were no real observed consequences of the software failure (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? The consequence of the software failure incident in the article is related to potential harm (b) as the failure of the rollover sensors in the Karma Revero could lead to an increased risk of injury to the car's passengers if the airbags failed to deploy in a crash. However, the article mentions that there were no reports of real-world problems or injuries resulting from the sensor issue, indicating that the harm was theoretical and not actual [83354].
Domain transportation (a) The failed system in this incident was related to the transportation industry. The software failure incident involved the Karma Revero plug-in hybrid car's rollover sensors not being enabled, which could lead to the side-curtain airbags not deploying in a rollover crash, potentially endangering the car's passengers [83354].

Sources

Back to List