Incident: Antilock Brake Malfunction in Stellantis SUVs: Rollaway Risk Identified

Published Date: 2022-06-21

Postmortem Analysis
Timeline 1. The software failure incident of the antilock brake malfunction in Stellantis SUVs occurred when the National Highway Traffic Safety Administration announced the recall on 2022-06-21 [Article 129584].
System 1. Antilock brake system (ABS) module in Dodge Durango and Jeep Grand Cherokee SUVs from the 2018 and 2019 model years [129584].
Responsible Organization 1. Stellantis - Stellantis is responsible for the software failure incident as they are recalling the SUVs due to an antilock brake malfunction [129584].
Impacted Organization 1. Owners of Dodge Durango and Jeep Grand Cherokee SUVs from the 2018 and 2019 model years were impacted by the antilock brake malfunction [129584].
Software Causes 1. The software cause of the failure incident was a malfunction in the antilock brake system (ABS) module, which led to the illumination of brake lights and allowed the vehicle to start and shift out of Park without the brake pedal being applied [129584].
Non-software Causes 1. Malfunction in the antilock brake system (ABS) module leading to the illumination of brake lights and allowing the vehicle to start and shift out of Park without the brake pedal being applied [129584].
Impacts 1. The software failure incident in the antilock brake system of the Dodge Durango and Jeep Grand Cherokee SUVs led to the illumination of brake lights and allowed the vehicle to start and shift out of Park without the brake pedal being applied, posing a risk of the vehicle rolling away unexpectedly [129584].
Preventions 1. Implementing thorough testing procedures during the software development phase to detect and address any potential malfunctions in the antilock brake system (ABS) module before the vehicles are released to the market [129584]. 2. Conducting regular software updates and maintenance checks to ensure the proper functioning of the ABS module in the SUVs [129584]. 3. Implementing a robust monitoring system that can detect any anomalies or malfunctions in the ABS module in real-time to prevent potential safety hazards [129584].
Fixes 1. The fix for the software failure incident involving the antilock brake malfunction in the Dodge Durango and Jeep Grand Cherokee SUVs is currently under development, as stated by NHTSA in their recall bulletin [129584].
References 1. National Highway Traffic Safety Administration (NHTSA) [Article 129584]

Software Taxonomy of Faults

Category Option Rationale
Recurring unknown (a) The article does not mention any previous incidents of a similar nature happening again within the same organization (Stellantis) or with its products and services. Therefore, there is no information available to suggest that this software failure incident has happened again at the same organization. (b) The article does not provide information about similar incidents happening at other organizations or with their products and services. Hence, there is no indication that this software failure incident has occurred elsewhere.
Phase (Design/Operation) design (a) The software failure incident in this case is related to the design phase. The article mentions that the antilock brake malfunction in the SUVs is due to a malfunction in the antilock brake system (ABS) module, which was likely introduced during the system development or updates. The issue allows the vehicle to start and shift out of Park without the brake pedal being applied, indicating a design flaw in the system [129584]. (b) The article does not provide information indicating that the software failure incident was due to factors introduced by the operation or misuse of the system.
Boundary (Internal/External) within_system (a) The software failure incident related to the antilock brake malfunction in the Stellantis SUVs is within_system. The malfunction in the antilock brake system (ABS) module is causing the issue where the brake lights illuminate and the vehicle can start and shift out of Park without the brake pedal being applied, leading to the potential risk of the vehicle rolling away unexpectedly [129584].
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in this case is primarily attributed to a non-human action, specifically a malfunction in the antilock brake system (ABS) module. This malfunction causes the brake lights to illuminate and allows the vehicle to start and shift out of Park without the brake pedal being applied, leading to the potential risk of the vehicle rolling away unexpectedly [129584]. (b) Human actions are involved in the response to the software failure incident. Stellantis, the company responsible for the affected SUVs, is actively working on developing a remedy for the issue identified by the National Highway Traffic Safety Administration (NHTSA). Additionally, owners of the affected vehicles are expected to be notified by mail in late July about the recall, indicating human intervention in the communication and resolution process [129584].
Dimension (Hardware/Software) hardware (a) The software failure incident in this case is related to hardware. The article mentions a malfunction in the antilock brake system (ABS) module, which is a hardware component, causing the issue with the brake lights and the ability of the vehicle to start and shift out of Park without the brake pedal being applied [129584].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident mentioned in the article is non-malicious. The issue with the antilock brake system (ABS) module in the SUVs was described as a malfunction that could cause the brake lights to illuminate and allow the vehicle to start and shift out of Park without the brake pedal being applied. This could lead to the vehicle rolling away unexpectedly, potentially causing a crash or other problems. Stellantis, the company issuing the recall, stated that they were unaware of any accidents or injuries related to this issue, indicating that the failure was not intentional or malicious [129584].
Intent (Poor/Accidental Decisions) unknown The software failure incident related to the antilock brake malfunction in the Stellantis SUVs does not provide specific information about whether the incident was due to poor decisions or accidental decisions. The article mainly focuses on the technical details of the malfunction, the potential risks, and the recall process. Therefore, the intent behind the software failure incident is unknown based on the provided articles.
Capability (Incompetence/Accidental) accidental (a) The software failure incident in this case is not explicitly attributed to development incompetence. The article mentions that the antilock brake malfunction in the SUVs is due to a malfunction in the antilock brake system (ABS) module, which could allow the vehicle to start and shift out of Park without the brake pedal being applied. Stellantis is working on a remedy for the issue, and there have been no reported accidents or injuries related to this software failure incident. Therefore, there is no indication of development incompetence as the cause of the failure [129584]. (b) The software failure incident related to the antilock brake malfunction in the SUVs appears to be accidental. The article does not suggest any intentional actions or deliberate decisions leading to the malfunction. It describes the issue as a malfunction in the antilock brake system (ABS) module, which could potentially cause the vehicle to start and shift out of Park without the brake pedal being applied, leading to unexpected rolling away of the vehicle. Stellantis is working on a remedy for the issue, and there have been no reported accidents or injuries related to this accidental software failure incident [129584].
Duration temporary The software failure incident mentioned in Article 129584 is temporary. The article states that Stellantis is recalling 270,904 SUVs due to an antilock brake malfunction in the ABS module. The malfunction allows the vehicle to start and shift out of Park without the brake pedal being applied, which could lead to unexpected rolling away of the vehicle. The fix for this issue is under development, and owners are expected to be notified by mail in late July. This indicates that the software failure is temporary and can be rectified with a fix that is currently being developed [129584].
Behaviour value (a) crash: The software failure incident in this case can be categorized as a crash. The malfunction in the antilock brake system (ABS) module causes the brake lights to illuminate and allows the vehicle to start and shift out of Park without the brake pedal being applied. This unexpected behavior can lead to the vehicle rolling away unexpectedly, potentially resulting in a crash or other problems [129584].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence harm, property (a) death: People lost their lives due to the software failure (b) harm: People were physically harmed due to the software failure (c) basic: People's access to food or shelter was impacted because of the software failure (d) property: People's material goods, money, or data was impacted due to the software failure (e) delay: People had to postpone an activity due to the software failure (f) non-human: Non-human entities were impacted due to the software failure (g) no_consequence: There were no real observed consequences of the software failure (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? The consequence of the software failure incident in the reported articles is primarily related to potential harm and property damage. The malfunction in the antilock brake system of the SUVs could lead to unexpected rolling away of the vehicles, possibly resulting in a crash or other problems [129584]. While there were no reported accidents or injuries at the time of the article, the potential consequences of crashes or property damage highlight the harm and property aspects of the software failure incident.
Domain transportation (a) The software failure incident reported in Article 129584 is related to the transportation industry. Stellantis is recalling SUVs due to an antilock brake malfunction, which poses a safety risk by allowing the vehicle to start and shift out of Park without the brake pedal being applied, potentially leading to unexpected rolling away and crashes [129584].

Sources

Back to List