Electrolux Accidentally Bricks Thousands of Microwaves With OTA Update
It's a familiar feeling. One moment you are doing your regular day-to-day tasks, and the next you have your head in your hands wondering "How on EARTH did I mess up this badly." Maybe you just deleted your work without saving it, or maybe you almost nuked an entire system. Either way, mistakes happen, and it sucks.
With this in mind, you've got to feel for the AEG engineer who pushed out the Over The Air (OTA) update that bricked an as-yet-unknown number of microwave combi-ovens in Europe.
Translation:
"I think you sent a wrong update that made my new oven unusable. This morning no oven function anymore and f606 message, reboot does not work and if you want to turn on wifi (was suddenly off) you get f254 and it is on."
"Hi Ralph, there have indeed been several reports about this. We are working on fixing this as soon as possible (we hope to do this remotely). If you have already contacted our service department, you will be called as soon as the solution is available. 1/2"
The above tweet is among many user reports that their combi-ovens no longer have a microwave function, but have a mysterious new steam cooking function. It's not hard to see what happened here. Now, OTA updates are nothing unusual in the ever-expanding Internet of Things, but in this instance, the problem runs way deeper than an oven losing its sense of self-identity. Whatever OTA update was pushed out to thousands of ovens, across thousands of kilometers, also disabled further OTA updates.
AEG claims to be looking into a remote fix for this, but since it appears that Wi-Fi connectivity is bugged due to the botched update, it's hard to see how something like this gets fixed without physical access to the ovens.
The debate rages on as to whether things like microwaves need to be part of the larger Internet of Things, but the problem here isn't adding connectivity - it's adding it badly. A series of errors happened here at fundamental levels. Why was a device shipped without an onboard flasher the user could use in an event like this? Many devices can be reset by turning them on holding a certain button - surely OTA only devices need this more than any other? Perhaps even worse, how can any development team working on OTA updates have anything remotely close to broadcast that doesn't contain OTA back doors?
Only AEG has the answers, and while they are sending technicians out to fix it for free [Dutch], they aren't saying more about the circumstances that caused such a large oof.
OTA OTT
While this was one hell of a bad day for an engineer and a pretty annoying time for all owners of the doomed microwave in question, the fundamental question still stands. How does something like this happen?
A large number of connected systems - including those powered by the humble ESP32 - are capable of OTA updates. Pretty much the first thing you learn when doing OTA updates is the need to make sure every update you send retains OTA functionality.
The wrong update can stop OTA, but that's no problem right? Just plug in your USB cable and re-write the firmware? Well, yes, that's easy to do at home, on a breadboard. What happens when you are talking about a microcontroller buried deep in an oven, with no access to debug and programming pins? What happens when the person with the faulty tech isn't an engineer, but a consumer? A presumably hungry consumer?
These are all things you should think about while working on any wireless project for remote operation, and sadly, for whatever reason, something AEG didn't think enough about.
If you like stories from the Electrowire, you'll love the Electromaker Show, our weekly round-up of all things Maker and Embedded. Join us on YouTube or on all major podcast services.
Leave your feedback...