Software Update Bricks Some Jeep 4xe Hybrids Over the Weekend
Key topics
A recent software update bricked some Jeep 4xe hybrids, sparking concerns about the reliability and safety of modern automotive software, with commenters criticizing the industry's approach to over-the-air updates and the lack of rigorous testing.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
24m
Peak period
141
0-12h
Avg / period
26.7
Based on 160 loaded comments
Key moments
- 01Story posted
Oct 13, 2025 at 10:28 AM EDT
3 months ago
Step 01 - 02First comment
Oct 13, 2025 at 10:52 AM EDT
24m after posting
Step 02 - 03Peak activity
141 comments in 0-12h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 20, 2025 at 4:43 AM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
[1]: https://en.wikipedia.org/wiki/MISRA_C
The infotainment system should be completely isolated from the driving system.
Also, batteries may need to be preconditioned if too hot or cold. A lot of EVs let you set your ideal departure time in a widget as opposed to using a remote though.
It can be started just like all the other gas cars.
Although even with full EVs, there's a reasonable concept of a "start". Some even let you essentially unlock and allow driving remotely, even if the local driver doesn't have a key. That's useful sometimes.
This is a OTA vehicle update. It has the ability to update the infotainment, ECU, ECM, TCM, and BCM. Multiple manufacturers have been able to release recalls that fix major vehicle defects (safety, reliability, and performance). That wouldn't be possible without OTA updates that update core vehicle computer systems.
Unclear where this idea that OTA = Infotainment came from. I'd go as far as to say that most manufacturers can do this in 2025.
What does that have to do with OP's comment? And their point is still valid, and OTA update should not be able to brick a vehicle, regardless of the system receiving the update. And regardless if "they all can do it".
If OTA updates can update core vehicle computer systems, in ways that can correct safety, performance, and reliability problems then they can also brick that vehicle.
The manufacturer has the ability to push an update that reprograms computers that control how physical components behave in a vehicle. By the very nature of that; they can push good or evil updates.
You misunderstood what OP was saying. They claimed that an update to the infotainment system shouldn’t be able to brick the other systems in the car. The response points out the car’s OTA update subroutine has access to update every critical system in the car by design. It’s flawed logic to assume that OTA updates only affect the infotainment system.
Because to some people, the idea of an OTA update being allowed to change mission critical parts of a machine automatically without a solid rollback system is absurd, and the best way to do that is to never do OTA updates of mission critical parts at all.
First trip the repairman replaced all of the defroster parts and sensors. It failed again with the same code 18 hours later. The second time he replaced the main board and at least one other part. It now works great and I have effectively a new fridge aside from the compressor for less than $400.
Compressor still has three years of warranty left and we expect to move before then. It can (hopefully) be someone else's problem.
Main idea was locking updates to once or twice a year and resort to HomeAssistant.
It's at 33% execution stage so no idea on the feasibility.
Unusable devices are technically the most secure ones.
Why wouldn't it be possible without OTA? It would just require someone to go somewhere, or do something, to get this installed.
While their assumption is incorrect, your conclusion is incorrect.
> The automaker pushed out a telematics update for the Uconnect infotainment system that evidently wasn't ready
Just like dosage can be the difference between medicine and poison, OTA updates that can fix major safety, reliability, and performance problems can also cause them. The power is too great, and simply shouldn’t be allowed.
> The buggy update doesn't appear to brick the car immediately. Instead, the failure appears to occur while driving—a far more serious problem.
It's not worth it, but it's necessary.
[0] https://www.nhtsa.gov/report-a-safety-problem
Now with hybrid or electrical drives, a motor controller is basically a package that runs its own software, which then interfaces with the rest of the car. And OTA updates can overwrite its firmware.
The only manufacturer that has avoided most issues is Toyota, since they have been doing hybrids for quite some time. Other companies are just starting on this path and to catch up, they can't be bothered to do software deep dives and figure shit out.
I can also put the car into valet mode so it won’t go fast. If I forget the valet mode password I am told I have to buy a very expensive replacement because it can’t be unlocked by a dealer.
That is what I surmised from listening to the "don't do this until we fix it please" notice from Stellantis from this weekend.
> or something
Maybe do some research into the problem you're confidently asserting was trivial / read the article you're commenting on:
"...others claim to have experienced a powertrain failure at highway speeds."
https://www.reddit.com/r/Jeep/comments/1o47064/jeep_4xe_shut...
There's a reason their slogan is "(you don't understand), It's a jeep thing"
They're a lifestyle product and have been for decades. Most of Stellantis is.
Hah, curious to think that cars now have bootloaders...
Because they work fine without them.
If any car could be the champion of OpenSource, it is a Jeep Wrangler, but they're using an OS made by SiriusXM for some reason.
I don't know that anyone has broken the head unit firmware though.
My Mazda 3 (2018) just had a class action lawsuit for its infotainment system which, completely at random after years of normal operation, starts clicking on menu items and scrolling about the settings (only to stop and not do it again for a couple of months). It can get so bad you just have to disconnect any devices and drive in silence/with the AM/FM radio.
Gotta remember that the car radio has always been a cheap gimme.
Not really. Some of the hardware that you could get in the 1950s-1970s timeframe was great. Heavy chrome knobs and bezels, permeability-tuned front ends with separate RF stages... electromechanical mechanisms that seemed like witchcraft when I took them apart as a kid, and would still be cool to play with today.
I know software and embedded systems well enough to know all of the issues I found were preventable, if anyone cared.
The car seems well built in many other respects. It doesn't look like the problem is engineering ability.
(See also: Set-top box GUIs that are painfully slow to render menus, scroll, search etc. on hardware that I know can render 10-100x faster when programmed to.)
But it was still a surprise to see this a lack of attention to detail in the infotainment system, in a car where the brand itself is all about giving a lot of attention to detail in everything else that's visible, the comfortable mouldings, pleasant interior lighting, different kinds of cup holders, nice place to wirelessly charge your phones, seat controls and sensors, etc.
With cars, you don't get to get a new device, it has to be consistent and keep working and you had better make it all work with a skeleton crew.
Tesla was revolutionary because they actually had inhouse software developers, who could build software.
Our OTAU architecture uses A/B system updates [1]. Core idea is that both the kernel and the rootfs (read-only) partitions had 2 different bootslots in storage, and the OTAU would only write to the bootslot that is unused. Hence, if something went wrong, the system would automatically fallback to the previous version by just switching the bootslot used. Over the numerous years that that architecture was used, I couldn't find a single post-mortem that resulted in devices being bricked. Something to note is that the rootfs partition was overlaid with a writable partition for persisting state data etc.
Now that was a $two-figure USD device, not a $5/6-figure USD electric SUV. Is this a cost-cutting measure? At those price levels, doubling your NAND size is not even half of a percent of the total cost of the vehicle.
Unless there was a serious issue that the used bootslot corrupted the unused bootslot, then I don't see how this could have happened.
It's saddening that car manufacturers are so unserious about the code they're deploying.
[1] https://source.android.com/docs/core/ota/ab
It's totally possible that the update corrupted the other bootslot as well. If those blocks aren't off-limits to the updater program, it's just an off-by-one error waiting to happen. Slot 0 or slot 1?
Another possibility is that the updated version booted up just enough not to trigger the automatic fallback, and then got stuck in a loop.
Could just be a competence and priorities problem. If it's cost cutting, it feels way more likely that some PM cut some story from a sprint to hit a deadline (and objections were either not raised or ignored), than they did some engineering analysis and explicitly decided to save $3 per vehicle by cutting the NAND size.
Edit: Actually, I don't think that technique would have helped, the problem wasn't a botched update, but a seriously buggy one. From the OP:
> The buggy update doesn't appear to brick the car immediately. Instead, the failure appears to occur while driving—a far more serious problem.
That and combined with general refusal of new automotive bootloaders to downgrade. You can go only up in versioning. So even that you could have working version on second partition, it will never get loaded because it has lower version than currently one you are running.
The only American-made vehicle that sold in any volume outside the US was Tesla and that is already over.
What could easily have happened is that the negotiators didn't include A/B updates in their spec, or they only specced A/B updates at 1GB OTA size.
They do their usual hammering on price, and the head unit or ECU manufacturer gave them some savings by cutting storage space to the bone.
Maybe it was still enough for A/B updates, until the usual software bloat took the updates past the critical limit.
They could still do a safe update by doing an A/B/A update (where B is a shrunken, update-only OS), but that requires development time, and the engineers should already be working on the next vehicle.
(Most computers in a car don't need duplicate partitioning because they can be bootstrapped from a central computer)
We just never bothered to develop a new term. Maybe 'soft-bricked?' 'Semi-bricked?' I would like journalists at least to start using more accurate terms, but 'bricked' I imagine gets a lot more engagement and ad impressions, so here we are.
https://en.wikipedia.org/wiki/Brick_(electronics)#Soft_brick
The big auto OEMs are just as sensitive to absolute BOM cost optimization, regardless of the percentage increases. I don't think this was a bootslot issue though, regardless of the word "bricked". Even as backwards and ill-advised as auto software can be, generally accepted practice is that updates are impossible while the vehicle is in motion. This is usually enforced by systems shared across multiple OEMs through the tier system.
The situation sounds more like a disastrously buggy new firmware.
I wouldn't put either past stellantis though. The auto industry already scrapes the bottom of the proverbial barrel sometimes, and stellantis isn't exactly known for their top of market compensation.
How has your experience been?
There are some minor annoyances with the software, but their infotainment system is better than most. I was surprised when I test drove some other brands and the UIs in NEW cars were visibly dropping frames.
The only bummer is that they're more oldschool than brands like Tesla/Rivian when it comes to software updates. When a new generation of the vehicle comes out, older cars don't get feature parity with the new software, just maintenance updates. There's a few inexplicable bugs that have never been fixed in my car and most likely never will. None of them are show stoppers, just irritating.
> When a new generation of the vehicle comes out, older cars don't get feature parity with the new software, just maintenance updates.
That would be nice yes, wouldn't it? A man can dream..
1) Total cost of the vehicle does not matter. What does matter is the operating margin. Half a percent of the total cost of the vehicle will move them from 2% margin to 1.5% margin. (Ford has operating margin of 2% as an example)
In other words an increase in 0.5% cost of total vehicle will reduce their profits by 25%.
That’s a huge number now! Note also that car manufacturers are in a bad spot because their volumes are fairly low (smartphone = 1M/yr, car = 40k/yr) and have harsher requirements for chips, driving the cost way up.
2)AB updates are great, but they can still fail or get soft locked. Especially important around code when you configure the slot to be good and when bad.
It's also more dynamic than your presentation. They have a little bit of pricing power, so a small increase doesn't all come out of the margin.
I’m not sure on the pricing power. If they had more leeway on making car more expensive why not set it to that point in the first place?
That's the hard part though.
It's shockingly common in my experience to have an A/B boot setup, but no actual logic in the userspace application to switch back to the other partition if something goes wrong. It's just a defense against somebody pulling the plug during the OTA, it doesn't protect against software bugs at all.
I'm curious if failing to do that opens Jeep up to legitimate lawsuits.
It definitely reduces the risk of updates, but it absolutely doesn't eliminate it.
The A/B updater itself is a surface area - especially if the logic is complex and there are other child devices that are updated at the same time (likely for cars). In that case you're not just coordinating between two independent partitions, you're coordinating between 2 * N partitions, half of which have dependencies on each other.
Also, the key bit of the mechanism is that upon successful boot the new partition is flagged as "good", which causes flags to be set to assert that the update was successful and the backup partition is no longer needed. That logic can (and does) fail - if your failure point occurs after this checkpoint you're hosed still because you're past the point of no return.
Making that worse is that in most systems you want the "it's all good" checkpoint to occur early - you don't want to, for example, wait multiple minutes for all user services to come up. But that also means that if a critical failure happens in said services, you're past the checkpoint.
They implemented a dual redundant system similar like the dual BIOS for motherboard since 1999.
https://teslamotorsclub.com/tmc/threads/tesla-software-updat...
Even if every software update was perfect, you would see individual stories like the one you linked to. There are millions of Teslas in the world, and they all get updates frequently, so a hardware failure will sometimes coincide with a software update. If a bad update were shipped to customers, it would be a story similar to this Jeep issue: thousands of cars affected at once, lots of furious customers, and news articles about the failure.
Luckily we were near a location of the rental car company—rather than deep in the middle of nowhere where we were headed—and exchanged it for another of the same model, which was all they had available. The next 1000-something miles we drove were filled with endless weird glitches:
- When a passenger plugged in their Steam Deck in the back, the entire infotainment system cut out and went black, including the instrument panel, and then started glitching in and out until they unplugged it.
- When parking, the driver's seat would retract slightly to make it easier to get out, but it never moved forward again, so the seat would get further back at each stop until it was manually repositioned.
- The entire drive the system flashed an un-dismissable error about a rear seat latch, which seemed completely functional.
- The TPMS light went on and off periodically as it seemingly lost and then regained signal from one wheel or another.
- The system flashed errors related to the automated cruise control being unavailable/broken at random times.
- The electronic parking brake kept applying itself while briefly paused in parking lots.
- There was something inscrutably wrong with the climate control that we never really figured out where sometimes it'd just get hot inside the car despite no change to the AC settings.
When we got back I found tons of people online talking about similar (often worse) issues. Incredibly terrible for any new vehicle, never mind one that costs $80k.
Still there is no excuse for how terrible the electronics are in Jeep / Dodge (I'm assuming all Chrysler) vehicles. And it's been that way for decades.
I rented a Jeep Liberty or Compass circa 2018 whose headlights were permanently in DRL mode: couldn’t turn them off or on. Fortunately I didn’t need to drive at night.
In 2017, rented a 300 with 500 miles on it; the infotainment was completely broken, which hosted the controls for the seat heaters and temperature setting. It was well below zero in Minneapolis but we had to drive around with our windows down because the fancy climate system defaulted to max heat blast + max heated seats based on ambient temperature.
Long ago I had a 1996 Neon where the wiring harness started to fail, and the speedometer would stop working. Later on the oil light would come on despite oil pressure being fine. Eventually the entire car just quit running at all at random - nothing but a dim oil light. I sold the car for scrap for $65 since I got tired of being randomly stranded.
So what I’m saying is that it sounds like Chrysler has managed to actually keep doing the same thing for 29 years: electrically unreliable vehicles.
The point is that stable ground connections are notoriously hard on something that by design shakes, rattles, and rolls with all of the vibrating and bouncing on our "modern" streets. It's also a very easy thing to misdiagnose unless you're a mechanic that specializes in automotive electrical systems. It also takes time for new year models to display their warts enough that non-dealer mechanics gain experience repairing them.
Back in the day I was buying these, around 2005' or so, for $300-400 non stop and repairing that, the dash that cracked and misc cosmetics.
They were great cars, the R/T model in manual was fantastic in gas, reliability and safety (sadly crashed it.) but boy was 16-20yr old me happy with these neons. Can't believe they sold shy of $9,999 when new (for base of course)
Just reading your post took me back 2 decades, wow.
In late 2000s, the problem was finally fixed by Dodge switching to a multi-layer steel head gasket. They had previously used a cheaper option. No more oil leaks.
Gotta love penny pinching.
Absolute dogshit cars. Mine ran better when you first started it up in the dead of winter at -10f because then the tolerances were actually good! Once it warmed back up it ran like shit again.
They handled outright abuse very well though. My sister drove it up state to deliver it to me for 400 miles with zero oil and she does not drive slow. It once threw the alternator belt while I was driving and I couldn't understand why the electrics were acting so weird, at least until I turned off the windshield wipers and headlights and CD player and things worked better. The OEM belt we bought to replace it basically did not fit and we had to move the alternator to the absolute extent of its travel to make it work. But work it did. It also never ran on more than 3 cylinders except in the freezing cold.
Probably one of the best "For your young child" cars ever produced. That was before everyone had to armor up little Timmy in a Pershing Tank though, so now we all suffer from worse roads, more expensive cars, and lack of tiny car market. It was weirdly good in the snow, which is funny because the tires were $34 at walmart, but it weighed almost nothing so it didn't need traction.
I have a somewhat bad back and want something that I can occasionally work from, so a big space, comfy middle seats, a wide center console. Car makers for some reason refuse to make essentially a Tahoe but shorter wheelbase / 2 row which would be ideal. Instead you have to go with the full size to get full-width.
But out of those, only American brands seem to understand the utility of blocky interiors. Armada and all the Japanese and Korean large SUVs always use swooping rounded edges which really reduce utility.
But the American brands are all less reliable and struggle with consistent quality.
This is AWESOME.
October is SPOOKY month for Stellantis software, apparently.
Overall it sounds like changes were applied, internally, and not reverted - as if they changed something in the Transaction handling for multi-step car systems updates.
You mention something about it continuously getting hotter ..
> it'd just get hot inside the car despite no change to the AC settings
.. which is also f'in nuts.
So of course every hour when the boys weren't paying attention POP the driver would unlatch their seats and headrests lmao
Horrible safety guardrails but a good time was had by all.
- As of Monday 8am ET, zero legitimate communication from any Jeep-related accounts on any social media platform, or any other form of acknowledgement from the company (unless I've missed something?)
- I only found out about the issue after finally searching a few Jeep groups on Facebook (of all places) to see if anyone else was experiencing the weird failure mode I was after the update.
- The only remotely-official info was from a 'JeepCares' account (which is ran by Jeep) on some random off-roading forum? We were seriously all living off of screenshots from this forum, and the advice coming from the JeepCares accounts was contradictory: they claimed that the Uconnect update was separate from the telematics update, and that there was no way to stop the telematics update if the vehicle received it. Later they gave advice to defer the Uconnect update, making it sound like they were coupled.
- Due to the lack of info from Jeep, people were coming up with all kinds of "if you reboot Uconnect while the Jeep's in ACC mode, it clears the check engine light". This probably did clear the CEL but didn't fix the fault.
- There is no way to tell if you received the bad update.
- There is no way to tell if you received the 'fix' either.
- Dealerships have literally no idea what is going on.
- You're basically at risk of your Jeep going limp (power loss, unable to safely make it to the shoulder) and being stranded on the highway, even as I write this.
However in classic Jeep style they just can't get reliability down, and the PHEV part seems too complicated for them.
If it was just reliable it would still be the best selling PHEV in America, they let that go.
There is no sign of the 2026 Wrangler 4XE it might be canceled like the Gladiator version...
162 more comments available on Hacker News