🗺️Autowist Report 106

Volvo's Tech Stack, MBUX Vulnerabilities, GM, TATA Motors, KPIT Earnings Call

Author

Harikrishnan Radhakrishnan
January 30, 2025

IN TODAY’S REPORT

💼BRIEFING

Top insights and analysis that is moving the needle in the automotive industry

Unpacking Volvo’s Tech Stack

💻Computing and Software:
➡️Centralized core computer (NVIDIA Orin NX) handling all vehicle functions.
➡️Qualcomm Snapdragon user experience computer.
➡️Unified Superset tech stack across all future models.
➡️Over-the-air updates for 2.5 million vehicles.
➡️Powered by QNX OS/Hypervisor

🤖ADAS and Sensors:
➡️Redundant systems for braking, steering, and compute.
➡️Luminar Technologies LiDAR for long-range perception and automation.
➡️Ultrasonic sensors, cameras, radar, and interior sensors (e.g., capacitive steering wheel, torque control, pressure sensors).

🎋Sensing and APIs:
➡️APIs for accessing actuators and sensors across the car for innovation and feature development.
➡️Interior sensing includes driver monitoring cameras and radars for occupant safety.

🖥️Infotainment and User Experience:
➡️Google’s Android Automotive OS and Google Automotive Services, with the help of HaleyTek AB.
➡️Wireless Apple CarPlay (coming via OTA).
➡️Large touchscreens (up to 14 inches) with updated UIs.
➡️Seamless updates for vehicles since 2021 to harmonize UI experiences.
➡️Volvo on Call feature, hosted on Amazon Web Services (AWS)

🔋Energy and Propulsion:
➡️Contemporary Amperex Technology Co., Limited is their main battery supplier
➡️In-house development of drive units, battery management systems, and charging algorithms.
➡️Standardized propulsion and energy roadmap.
➡️Battery passports together with Circulor

🤝Collaborations:
➡️Strong partnerships with Google, Qualcomm, NVIDIA, Bosch, and others for integrated technologies and emerging standardization.

🔮Future Hardware:
➡️Planned upgrades to NVIDIA Thor, Qualcomm chips, and scalable sensing systems.
➡️Steer-by-wire technology integration on the roadmap.

🟪(Pieced together from various interviews and publicly available information)

Mercedes Vulnerabilities in MBUX (Link)

A security report by Kaspersky has uncovered 13 vulnerabilities in the first-generation Mercedes-Benz User Experience (MBUX) infotainment system. If exploited, these flaws could allow hackers to:

  • Launch denial-of-service (DoS) attacks

  • Escalate user privileges

  • Steal data

  • Unlock paid services

  • Disable anti-theft protections (only if they have physical access)

MBUX Architecture

Takeaways:

  • Most vulnerabilities require local USB or Ethernet access, making remote exploitation difficult.

  • Memory corruption issues (heap/stack overflows, NULL pointer dereference) dominate, potentially leading to crashes or data exposure.

  • File processing weaknesses in profile import/export pose risks of arbitrary file writes and information leaks.

  • Network-related flaws enable deeper system compromise if physical access is obtained.

Vulnerability Descriptions

  1. An issue was discovered on Mercedes Benz NTG 6.  A possible integer overflow exists in the user data import/export  function of NTG 6 head units. To perform  this attack, local access to USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.

  2. An issue was discovered on Mercedes Benz NTG 6.  A possible heap buffer overflow exists in the user data import/export function of Mercedes-Benz NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.

  3. An issue was discovered on Mercedes Benz NTG 6.  A possible heap buffer overflow exists in the user data import/export function of Mercedes-Benz NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.

  4. An issue was discovered on Mercedes Benz NTG 6 through 2021.  A possible NULL pointer dereference in the Apple Car Play function  affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address, an attacker can connect via the internal network to the AirTunes / AirPlay service. With prepared HTTP requests, an attacker can cause the Car Play service to fail.

  5. An issue was discovered on Mercedes Benz NTG 6 through 2021. A possible stack buffer overflow in the Service Broker service affects Mercedes-Benz NTG 6 head units. To performthis attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address, an attacker can connect via the internal network to the Service Broker service. With prepared HTTP requests, an attacker can cause the Service-Broker service to fail.

  6. Head-unit NTG6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed.

  7. Head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference.

  8. Head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.

  9. Head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer.

  10. Head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is  encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory.

  11. Head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.

  12. Head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be acquired and attacker can spoof “UserData” with desirable file path and access it though backup on USB.

  13. Head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection vulnerability.

💹FINANCIALS

A focused look at recent automotive company financials

GM Earnings Call Highlights

  1. Strong 2024 Performance:

    • Revenue grew by 9% year-over-year, reaching $187 billion.

    • Achieved record EBIT-adjusted ($14.9 billion), free cash flow ($14 billion), and EPS-diluted adjusted ($10.60, up 38% YoY).

    • GM led U.S. retail, fleet, and total sales markets with a 16.5% market share (up 30 basis points YoY).

  2. EV Growth:

    • GM produced 189,000 EVs in North America in 2024, doubling its market share and becoming variable profit positive in Q4.

    • New EV models like Cadillac LYRIQ, Escalade IQ, and Sierra EV supported this growth.

    • Super Cruise adoption grew, with subscription revenue expected to double in 2025, targeting $2 billion annually within five years.

  3. Profit Sharing and Bonuses:

    • Employees received record profit-sharing payouts ($640 million total, up to $14,500 per person).

  4. Cruise and Autonomous Strategy:

    • Ceased robotaxi development, saving $1 billion annually, while integrating Cruise employees into broader GM operations.

    • Focus shifted to Level 2+ and 3 autonomy technologies for personal vehicles.

The biggest miss in GM’s spread out product lines and rising cost, even the full sized SUV segment.

TATA Motors Earnings Call

Key Financial Highlights:

  • Revenue: ₹113.6K Cr (YoY +2.7%)

  • EBITDA Margin: 13.7% (YoY +60 bps)

  • Profit Before Tax (PBT) Before Exceptional Items: ₹7.7K Cr

  • Free Cash Flow (FCF - Auto): ₹4.7K Cr

  • Net Auto Debt: Reduced to ₹19.2K Cr (from ₹22.0K Cr in Q2 FY25)

  • Return on Capital Employed (ROCE): 19.6% (JLR), 38.1% (Tata CV)

Segment-Wise Performance:

Jaguar Land Rover (JLR)

  • Revenue: £7.5B (Record Q3 Revenue)

  • EBIT Margin: 9.0% (Highest Q3 EBIT margin in a decade)

  • PBT (Before Exceptional Items): £523M (-17% YoY due to FX impact and higher costs)

  • Wholesale Volumes: 104K units (+20% QoQ)

  • Free Cash Flow: £157M (after £1B investment spend)

  • ROCE: 19.6%

  • Net Debt: Reduced to £1.1B (-£0.5B YoY)

Tata Commercial Vehicles (CV)

  • Revenue: ₹18.4K Cr (-8.4% YoY)

  • EBITDA Margin: 12.4% (+130 bps YoY)

  • PBT Before Exceptional Items: ₹1.7K Cr

  • Wholesale Volumes: 97.4K units (- YoY)

  • Market Share: Improved in most segments except Small Commercial Vehicles (SCV)

  • Electric Mobility: 3500+ electric buses deployed, 7200+ Tata Ace EVs in operation

Tata Passenger Vehicles (PV)

  • Revenue: ₹12.4K Cr (-4.3% YoY)

  • EBITDA Margin: 7.8% (+120 bps YoY)

  • PBT Before Exceptional Items: ₹0.3K Cr

  • Wholesale Volumes: 140K units (-YoY)

  • EV Segment:

    • Market share: 53% in Q3 FY25

    • Tata EV network expansion with CCS2 and AC Type-2 chargers

    • Highest-ever personal segment registrations for EVs in Q3

    • EV EBITDA margin improved, reaching positive territory at 10.0%

Major Developments:

  • Demerger Plan:

    • Expected completion by October-December 2025.

    • Stock exchange & SEBI approvals anticipated soon.

    • Separation into distinct Passenger Vehicles and Commercial Vehicles entities.

  • Production Linked Incentive (PLI) Benefits:

    • Received ₹142 Cr for FY24, ₹209 Cr accrued for FY25.

    • EBITDA Margin boost of 90 bps (CV) and 150 bps (PV) in Q3 FY25.

  • New Product Announcements:

    • JLR: Range Rover Electric testing completion, new Jaguar Type 00 concept.

    • Tata Motors at Auto Expo 2025:

      • CV: 11 cargo carriers, 3 passenger carriers, 6 intelligent solutions.

      • PV: 18 new cars & SUVs, 11 tech innovations.

      • EVs: Harrier.ev, Avinya X, Punch Flex Fuel.

Debt and Cash Flow Management:

  • Tata Motors Domestic Business: Free cash flow of ₹2.5K Cr in Q3.

  • JLR: Maintained strong liquidity of £5.1B (including £1.6B undrawn RCF).

  • Investment spending: ₹2.0K Cr in Q3 (PV+EV: ₹813 Cr, CV: ₹1,213 Cr).

Outlook:

JLR: Wholesales expected to improve in Q4 FY25.

  • Tata CV: Growth expected in Q4 due to increased infrastructure spending.

  • Tata PV: SUV demand remains strong; focus on improving dealer network and launching refreshed models.

KPIT Technologies Ltd. - Q3 FY25 Investor Update (January 29, 2025) Summary

Key Financial Highlights:

  • Revenue: ₹14,779.58M ($176M), YoY Growth: +18.1% (CC Growth: +17.4%)

  • EBITDA Margin: 21.1% (vs. 20.8% in Q2 FY25)

  • Net Profit: ₹1,870M, YoY Growth: +20.4%

  • Free Cash Flow: Strong cash generation with Net Cash Balance at ₹14.2B

  • EPS: ₹6.89 (Basic), ₹6.83 (Diluted)

$236M in New Engagements Closed:

  • Autonomous Driving: Leading European carmaker selected KPIT for strategic projects.

  • Electric Powertrain & Architecture: Engagements with top European OEMs.

  • Vehicle Diagnostics & Mechatronics: Partnership with a leading American Commercial Vehicle OEM.

  • Connected & Body Electronics: Strategic deals with a leading Asian Car OEM.

  • Semiconductor Collaboration: Joint go-to-market engagement with a top American semiconductor company.

⚡ROUNDUP

Key headlines shaping the auto industry this week

  • General Motors Shares Plunge as Profit Falls 40.6% in 2024 (Link)

  • Two major tech upgrades soon in new Volvo cars (Link)

  • GM’s EV sales surged as the Chevy Equinox becomes a top-seller: Can it keep it up in 2025? (Link)

  • Lucid Gravity Is The First Non-Tesla With NACS, And It Can Charge Faster Than Any Supercharger Is Able To (For Now) (Link)

  • Neusoft partners with Zenrin to boost Japanese navigation solutions (Link)

  • Stellantis, Volkswagen and Volvo Most at Tariff Risk, Moody's Says (Link)

  • GM releases full-year and fourth-quarter 2024 results and 2025 guidance (Link)

  • G.M. Has Plans Ready for Trump’s Canada and Mexico Tariffs (Link)

  • Volvo Finally Adds Plug & Charge, Software UX To Its Most Popular EVs (Link)

  • SDVerse provides an ‘Amazon’ for automotive software (Link)

  • Honda to set up electric motorcycle factory in India by 2028 (Link)

  • Are fast charging batteries the answer to range anxiety? (Link)

  • Rivian Says Automakers Are Eyeing Its VW Co-Developed Software Tech (Link)

  • Tesla Benefitted Big From Biden’s Federal EV Charger Grants (Link)

  • Mitsubishi considers an exit from Honda-Nissan merger (Link)

  • JLR INVESTS £65M IN SUSTAINABLE EXPANSION OF LUXURY PAINT OPERATIONS (Link)

  • Subaru Starlink infotainment system compromised by security flaw (Link)

  • Stellantis to produce B-segment EVs based on STLA small platform in Spain (Link)

  • Nio’s Firefly EV Spotted in Sweden As it Prepares for European Launch (Link)

  • BYD first, Mercedes-Benz second, Volkswagen third in 2024 Chinese passenger vehicle sales revenue ranking (Link)

  • Tesla refuses to do the right thing about ‘Full Self-Driving’ transfers (Link)

  • Indian startup KOGO launches universal voice assistant with MapmyIndia (Link)

  • Honda Developing Sub-$30K EV For North America (Link)

  • GM expects to save $1B by shutting down Cruise robotaxi (Link)

  • KPIT reiterates revenue outlook and increases EBITDA outlook to 21%+ for FY25 (Link)

  • Infineon expands EiceDRIVER family with new ICs for EVs (Link)

  • Bosch gearing up to launch innovative brake-by-wire system later this year (Link)

  • Porsche-owned consultancy says transition to digital sales model 'irreversible’ (Link)

  • Euro NCAP publishes 2024 Year in Numbers (Link)

  • Volvo Cars takes full ownership of Novo Energy (Link)

  • Audi simulates global power grids to test EV charging (Link)

🔬PATENT WATCH

Fresh Innovations from global automotive OEMs

GM: Electric Vehicle Range Management


The disclosed method enhances electric vehicle (EV) range management by integrating temperature forecasts, charging station locations, and user destinations. It calculates the vehicle's range based on forecasted temperatures, determines distances to charging stations and intended destinations, and alerts users if the range is expected to fall below a critical threshold. Additionally, it identifies nearby stationary and mobile charging options to prevent the vehicle from running out of charge.

Key Features:

  1. Temperature-Based Range Estimation:

    • The system predicts EV range by factoring in ambient temperature forecasts, recognizing that battery efficiency varies with temperature.

  2. Charging Station Proximity Alerts:

    • It determines the nearest charging stations and informs users if their EV’s projected range is insufficient to reach these locations.

  3. User Notification:

    • The system notifies drivers of potential range limitations over the forecasted time period and provides suggestions for charging options.

  4. Integration with User Destinations:

    • The system considers distances to user-specified or inferred destinations (e.g., workplace, home) and alerts the driver if range is inadequate.

  5. Mobile Charging Services:

    • It can identify and recommend mobile charging services if the vehicle's range is critically low.

  6. Dynamic Route and Charging Suggestions:

    • The method suggests compatible charging stations along the driving route or near intended destinations, considering temperature effects on range.

  7. Safety Thresholds:

    • The system incorporates safety margins to ensure the vehicle always has enough charge to reach a charging station or intended destination.

System Components:

  • Temperature Forecast Integration: Acquires ambient temperature data to adjust range estimates.

  • Vehicle Controllers: Multiple vehicle controllers collaborate to perform calculations and communicate with external services (e.g., charging stations, mobile apps).

  • User Interface: Drivers receive alerts and charging suggestions via a mobile app or the vehicle's display.

Enhancements and Variations:

  • Mobile App Integration: Drivers can input destinations or rely on the system to infer regular destinations.

  • Customized Charging Recommendations: Offers time and cost estimates for charging options, including Level 1 and Level 2 chargers.

  • Route Optimization: Takes into account the temperature at various points along the route to refine range estimates.

Application:
The system aims to mitigate "range anxiety" by providing EV drivers with proactive alerts and charging solutions, especially in varying temperature conditions. It addresses the critical factors influencing battery performance and ensures users are informed and prepared for potential range limitations.

📈MARKET SNAPSHOT

This week’s key movers in the automotive stock market

📆CALENDAR

Upcoming auto industry events and and earnings calls