Nothing about this story makes sense, and it's so sketchily sourced I'm surprised to see it here on HN.

For starters if the problem was with cruise control, how would opening the drivers side door 'slightly' slow the car to half it's speed? Setting aside the physics here, cruise control would simply increase the throttle until it got back to it's set speed.

Also questionable is the idea that MB would be able to remotely control the vehicle when every system other than the throttle had failed. Brakes failed, ignition failed, transmission failed, but the throttle and cruise control were still hunky-dory? That sounds a lot more like either a complete fabrication or someone who screwed up while trying to hack their car's CAN-BUS...

So I'd be really interested in knowing how a failure like this happens in a human-safety-critical application.

I assume every software engineer under the age of ~50 would have learned about events like the Therac-25 incidents during their education. Is there genuinely no robust software quality regime in place for critical systems like this in vehicles?

There are so many worrying things here: such a bad failure occurring in the first place; the lack of any physical fallback or failsafe; the ability of the dealer to remotely control the car's operation (!!) – any of these by themselves fills me with dread.

Feels difficult to believe. He reduced speed by 60kmh by opening a door “slightly”? Why did the cruise control not compensate for it? Both brake systems failed at the same time? In addition, the automatic gearbox was somehow stuck in D? Sorry, but I’m sure it’s either human error or a publicity stunt

Edit: I didn’t know the C class has any remote control capabilities. Does anyone know more?

This is a somewhat misleading title. The car was intentionally set to cruise control by the owner, but the cruise control could not be turned off until Mercedes remotely found a way to disable it about 100km later.

That headline is misleading. I read it as them controlling it for 1 hour which wasn't the case.

I am a little surprised that the brakes didn't work. Are brakes "fly-by-wire" now? Otherwise you should be able to slam the brakes even if the car is full throttle. I have tried this with several cars and the brakes we always stronger than the engine.

I'm not sure how much i believe a post from facebook from "People's Daily, China". The video can for sure be named: "Police high speed chase through toll booth"

I'm skeptical:

During a tense time of waiting and praying, Xue, an amateur car racer himself, tried opening the car door slightly to help slow the car down, which slowed to 60km/h, but nothing else could be done

If the car was trying to maintain 120kph, I'm skeptical that opening a door partially (or even all the way) slowed it to 60kph.

While this newish whiz-bang Mercedes Benz might be too modern to have a physical ignition lock these stories always make me wonder: why do all these people who are confronted with runaway vehicles forget the simple solution of switching off the engine? Just turn the key in the lock to the 'off' position but don't remove it, the engine will switch off and the car or motorbike will come to a halt. I've done this several times with my motorbike when one of the Bowden cables between the throttle grip and a carburetor froze during travel (as in 'water in cable freezes to ice', I ride the thing in wintertime here in Sweden). By switching the lock between 'on' and 'off' I've used it in a similar way as the 'blip switch' in early airplanes with rotary engines which lacked an adjustable throttle, they were either 'on' or 'off' and could be pulsed on landing by using the 'blip switch'.

When I mention this people often start about losing power steering but that is of no concern, power steering is only effective at lower speeds anyway. Servo brakes are powered by the intake vacuum so that won't be an issue either, even it the vacuum fails or the power comes from another source (e.g. an electric or engine-driven pump) there is generally a pressure reservoir which holds enough pressure for several brake actions. And even in case the servo totally fails the brakes still work, as does the parking brake.

To conclude, as long as you're in a vehicle with a physical ignition lock the first thing to try is just to switch off the engine. As long as you keep the key in the lock the steering lock should not engage (something to test next time you turn off the engine).

Sorry for the misleading title. I tried my best to contain the title short enough to submit. Please change the title for a better one. Or suggest a better one, I will change it ASAP. Thanks.

In the "good" old days there were several things you could do:

- turn off the ignition (now purely software-controlled in keyless systems)

- put transmission to neutral (a physical link doesn't necessarily exist anymore in automatic transmissions, still possible in manuals)

- jump on the brake pedal as hard as you can (I suspect that a hydraulic link to brakes must still exist, possibly by law, but there are ABS and stability control units in between that can add to or remove from the brake pressure so it's not entirely driver controlled anymore, could lead to a failure path)

- use parking brake to assist in braking (now often controlled by an electric motor automatically, doesn't engage while driving)

There were occasional similar failures like the accelerator pedal getting stuck under the floor mat or throttle cable getting stuck but you could do a number of things listed above. Cruise controls systems were heavily designed to disengage at the slightest disturbance because they were separate control modules: early vacuum-operated designs could—plausibly, I don't have first hand knowledge—have a microswitch in the brake pedal that would just pull a relay to shut off current from the control module, restoring normal accelerator operation. Pretty much bullet proof.

Software is indeed capable of creating failure modes that were pretty much unimaginable previously.

I'm not sure what is more disturbing here, the fact that the car had such a dangerous malfunction in the first place, the fact that there was no reliable hardware-based mechanism to bring it safely to a halt when the software failed catastrophically, or the fact that the service team could remote in and take control of the vehicle. Everything about this is not just bad in itself but betrays a more fundamental lack of safe and secure design.

Why couldn't you just hit the ignition to turn the engine off?

Interestingly this has nothing to do with self driving. Though, if the dealer could control is remotely why did it take an hour to do so?

What I mostly took away from this is that automakers can remotely force stop your vehicle if they so desire. Kind of creepy.

Reminds me of reading the Fortean times when I was younger. Sounds like a made up or exaggerated story.

Telltale statement > “According to a local media report”. So this is a report of a report. Hmmmm.

FWIW, this happened to a friend's Ford explorer with faulty electronics, self driving cars don't have a monopoly on automobile malfunctions

The fact that it was able to be remotely controlled is exposing it to a whole world of bugs and hacks

Covert intelligence operation (hit-job) gone awry? Maybe the driver was a target of the CIA ..

This makes me want less software control in my vehicle. Ideally none.