Incident: Passenger Air Bag Failure in Land Rover Vehicles due to Software Issue

Published Date: 2014-08-13

Postmortem Analysis
Timeline 1. The software failure incident with the Land Rover vehicles happened when the National Highway Traffic Safety Administration documents were posted on Wednesday, as mentioned in the article [28933]. 2. The article [28933] was published on 2014-08-13. 3. Therefore, the software failure incident with the Land Rover vehicles occurred in August 2014.
System 1. Electronic system that determines whether someone is sitting in the passenger seat in Land Rover LR2 and Range Rover Evoque models [28933].
Responsible Organization 1. Jaguar Land Rover - The software failure incident in this case was caused by a problem in the electronic system that determines whether someone is sitting in the passenger seat, leading to the passenger-side air bag potentially failing to deploy in a crash [28933].
Impacted Organization 1. Owners of the affected Land Rover LR2 and Range Rover Evoque models in the United States were impacted by the software failure incident where the passenger-side airbag may fail to deploy in a crash [28933].
Software Causes 1. The software cause of the failure incident in the Land Rover recall was a problem with the electronic system that determines whether someone is sitting in the passenger seat, leading to signals being mistakenly sent to shut down the passenger airbag even if an adult is in the seat. Updating the software was identified as the solution to prevent this issue [28933].
Non-software Causes 1. The electronic system that determines whether someone is sitting in the passenger seat could fail, resulting in the front-seat passenger’s airbag being disabled [28933]. 2. A problem with the system's memory is suspected of causing faulty computer signals, leading to the failure incident [28933].
Impacts 1. The software failure incident in the Land Rover vehicles led to the potential failure of the passenger-side airbag to deploy in a crash, which could result in the airbag being totally or partly disabled, even if an adult is in the seat [28933]. 2. The faulty computer signals caused by the software issue could lead to the passenger airbag being mistakenly shut down, posing a safety risk to occupants in case of a crash [28933]. 3. The recall of over 40,000 Land Rover vehicles to fix the electronic system highlights the impact of the software failure incident on the automotive industry and the need for prompt software updates to prevent such issues [28933].
Preventions 1. Regular software updates and maintenance to ensure the electronic system determining passenger presence in the Land Rover vehicles is functioning correctly could have prevented the software failure incident [28933]. 2. Thorough testing and validation of the software algorithm controlling the passenger-side air bag in the Chevrolet Impala sedans could have prevented a similar failure incident [28933].
Fixes 1. Updating the software to prevent the problem could fix the software failure incident in the affected Land Rover vehicles [Article 28933].
References 1. National Highway Traffic Safety Administration documents [Article 28933] 2. Jaguar Land Rover letter to the agency [Article 28933] 3. Federal auto safety regulators [Article 28933] 4. Donald Friedman, an engineer at a California crash analysis company [Article 28933]

Software Taxonomy of Faults

Category Option Rationale
Recurring multiple_organization (a) The software failure incident related to the air bag system in Land Rover vehicles is not explicitly mentioned to have happened again within the same organization in the provided article [28933]. (b) The article mentions that federal auto safety regulators have intensified their focus on air-bag problems after General Motors' safety crisis involving defective ignition switches that could disable air bags [28933]. Additionally, the article reports that the National Highway Traffic Safety Administration opened an inquiry into the potential failure of passenger air bags in Chevrolet Impala sedans, tied to the same kind of electronic air-bag system at issue in the Land Rover recalls [28933]. This indicates that similar incidents related to air bag systems have occurred in vehicles from multiple organizations.
Phase (Design/Operation) design (a) The software failure incident related to the design phase is evident in the Land Rover recall mentioned in Article 28933. The article states that the issue with the passenger-side air bag not deploying correctly was due to a problem in the electronic system that determines whether someone is sitting in the passenger seat. This indicates a failure introduced during the system development or updates, leading to the incorrect signals being sent to shut down the air bag, even if an adult is in the seat. (b) The software failure incident related to the operation phase is not explicitly mentioned in the article.
Boundary (Internal/External) within_system (a) The software failure incident related to the Land Rover air bag recall is within_system. The issue was identified as a problem with the system's memory causing faulty computer signals, leading to the passenger air bag being disabled [28933].
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident related to non-human actions in the Land Rover recall was due to a problem with the system's memory causing faulty computer signals, which resulted in the passenger-side airbag potentially failing to deploy in a crash [28933]. (b) The software failure incident related to human actions in the Chevrolet Impala inquiry was prompted by a defect petition filed by an engineer, Donald Friedman, who investigated a crash where the passenger-side airbag did not deploy despite the passenger's weight being 170 pounds [28933].
Dimension (Hardware/Software) hardware, software (a) The software failure incident related to hardware: The article mentions that in the Land Rover recall, the problem with the system's memory is suspected of causing the faulty computer signals, indicating a hardware-related issue [28933]. (b) The software failure incident related to software: The article highlights that the Land Rover recall is due to a problem in the electronic system that determines whether someone is sitting in the passenger seat. The issue is with the software algorithm that controls the passenger-side airbag, indicating a software-related problem [28933].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident related to the Land Rover recall for the passenger-side air bag issue is categorized as non-malicious. The failure was attributed to a problem in the electronic system that determines whether someone is sitting in the passenger seat, leading to the air bag being disabled erroneously, even if an adult is present. The solution proposed by Jaguar Land Rover was to update the software to prevent such issues [28933].
Intent (Poor/Accidental Decisions) unknown The software failure incident related to the Land Rover air bag recall does not directly point to poor decisions or accidental decisions as the intent behind the failure. The issue with the air bag deployment was attributed to a problem in the electronic system that determines whether someone is sitting in the passenger seat, specifically related to the system's memory causing faulty computer signals [28933]. This indicates a technical fault rather than poor or accidental decisions being the primary cause of the failure.
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident related to development incompetence is evident in the article as it mentions a problem with the system's memory suspected of causing faulty computer signals in the Land Rover recalls [28933]. This indicates a potential issue with the software development process or implementation that led to the failure of the electronic system determining whether the passenger-side airbag should deploy. (b) The software failure incident related to accidental factors is highlighted in the article when it mentions that in the case of the Chevrolet Impala sedans, the problem being investigated is whether the software algorithm controlling the passenger-side airbag is faulty [28933]. This suggests that the failure may have occurred unintentionally due to a flaw or mistake in the software algorithm.
Duration temporary The software failure incident related to the air bag issue in Land Rover vehicles can be categorized as a temporary failure. The article mentions that the problem with the electronic system that determines whether someone is sitting in the passenger seat could cause signals to be mistakenly sent to shut down the passenger air bag, even if an adult is in the seat. Updating the software is mentioned as a solution to prevent this problem, indicating that the failure is not permanent but can be rectified by a software update [28933].
Behaviour crash, omission, value (a) crash: The software failure incident related to the Land Rover recall was due to a problem with the system's memory causing faulty computer signals, which could result in the passenger airbag being totally or partly disabled in a crash [28933]. (b) omission: The software failure incident involved the system mistakenly sending signals to shut down the passenger airbag, even if an adult is in the seat, leading to the omission of the airbag deployment when needed [28933]. (d) value: The failure was due to the system performing its intended functions incorrectly, as the electronic system that determines whether someone is sitting in the passenger seat was not functioning properly, leading to the disabling of the front-seat passenger’s airbag [28933].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence harm, property, non-human, theoretical_consequence, other (a) death: There were no reports of deaths related to the software failure incident [28933]. (b) harm: The software failure incident could potentially harm individuals as the passenger-side air bag may fail to deploy in a crash, resulting in the front-seat passenger’s air bag being totally or partly disabled [28933]. (c) basic: There is no information in the articles to suggest that people's access to food or shelter was impacted by the software failure incident [28933]. (d) property: The software failure incident impacted people's safety as the passenger-side air bag may fail to deploy in a crash, potentially leading to harm or injuries [28933]. (e) delay: There is no information in the articles to suggest that people had to postpone an activity due to the software failure incident [28933]. (f) non-human: The software failure incident affected the electronic system that determines whether someone is sitting in the passenger seat in Land Rover vehicles [28933]. (g) no_consequence: The software failure incident had consequences related to potential harm or injuries due to the failure of the passenger-side air bag to deploy in a crash [28933]. (h) theoretical_consequence: Theoretical consequences discussed in the articles include the potential failure of passenger air bags in Chevrolet Impala sedans due to a faulty software algorithm [28933]. (i) other: The software failure incident could lead to the passenger air bag being mistakenly shut down even if an adult is in the seat, potentially increasing the risk of injuries in a crash [28933].
Domain transportation (a) The failed system in the Land Rover vehicles was related to the transportation industry. The software issue affected the electronic system that determines whether someone is sitting in the passenger seat, potentially disabling the front-seat passenger's airbag [28933].

Sources

Back to List