Last month Kia Motors announced a large recall due to possibly defective airbag controller units (ACU). The recall spans many models and model years — in the United States alone it covers over 400K cars, and over half a million cars worldwide. From the NHTSA report we learn that the problem happened at assembly when the cover of some ACUs interfered with the pins of an EEPROM chip. This can cause some of the pins to open-circuit. If your car had this problem, a warning light would come on, but more seriously, the airbags would not deploy in an accident. Kia estimates that less than 1% of the cars using this ACU have this issue. Cars which have this fault will get a new ACU, and other cars will get a firmware upgrade to keep this from happening should the EEPROM pins break loose in the future.
We think this EEPROM is used for logging errors and crash events, and is therefore not in the critical path for airbag deployment. The original firmware apparently prevented deployment if the EEPROM had a fault. Presumably, after this patch, if pins break in the future, the fault indicator still lights up but you’ll have functioning airbags.
It’s not clear if these broken EEPROM pin solder joints were present from the start and the factory test procedures didn’t catch the problem. Or did the pins left the factory intact and were subsequently broke due to bumps and vibrations. Hardware issues aside, having safety critical firmware perform its primary function even when faults exist in non-essential parts of the circuit seems like a requirement that should have been applied to the ACU from the beginning.
This is a reminder of the importance of enclosure design and making sure your PCB layouts take into account all clearances necessary for the entire assembly. How many times have you got your PCB back and realized you forgot to even put mounting holes?
We covered a similar issue a couple of years ago regarding the Takata airbag fiasco. If you have a Kia, this form on their website tells you whether your vehicle is subject to the recall or not.
It looks like the ACU can detect the failure and set a code/dash light. So you’ll know if your airbag will have a problem. But 1% failure rate is super high for vehicles – 400,000+ units. I’m not sure how this escaped vibration testing.
I think the obvious answer is “that testing never happened” based on the fact that KIA said nothing.
or worse it did happen but the higher ups figured the lawsuit would cost less then proactively fixing the problem
The more I think about it, it’s conceivable that this issue could have snuck through a well-implemented test program, meaning the pins didn’t break off the board until after they left the factory. But I wonder if this could have been caught in assembly stage of the module, presumably made at a subcontractor’s factory. Visual inspections or feedback from the assembly workers (“some of these lids don’t quite fit”).
I think the biggest issue is that the firmware passed reviews and this wasn’t caught — if the logging eeprom is damaged, let’s not deploy the airbags. Or maybe it was discussed and there is some rationale, but in hindsight they got it wrong?
I’m also puzzled why this was a recall. As a motorist, when the airbag fault sensor on my car turns on, I have zero expectations that my airbags are functioning or that the airbag system will properly store crash information in the event of an accident.
Hi Everyone,
I have well had a 2014 kia soul and was in an accident on Saturday 3/12/2022 and it was bad enough that the airbags should have gone off which probably would have prevented some of the injuries that me and my husband walked away if the airbags would have gone off. i wish i would have known about this prior to driving my car
Sounds like $$$$ if you are in US. Time to lawyer up.
Fault ECU should put on check engine light and throw hands up.
KIA motors “announced”
Yeah like Epstein “announced” that he was going to visit jail.
No wait both were forced. Because they’re both criminals
I mean, your premise is correct, but I wouldn’t compare incompetence/laziness/cost-cutting to running a human trafficking ring…
Also errors can pop up that were not caused by any of the above, you can test the first 100 off the production line, and then a random one or two in every 100 from then on and not find a rare flaw for decades – even a flaw that happens something like 1% of the time could take a huge number of units before its found (if it ever is) by the random deep dive QC checks and you can’t test for years of real world use in a lab either – There are always going to be small failures in engineering for a global market no amount of testing will find as there are too many variables. Like recently I saw something about a really neat looking small Scanning electron microscope that the reviewer couldn’t operate at full power because of the altitude he was working at, not a normal consideration for a bit of lab equipment, and not one its obvious could be an issue even in hindsight really…
So I’d say their premise is largely incorrect there is nothing criminal in there being a flaw in a product that passes all the pertinent safety inspections, and in this case sounds like it does actually tell you its broken. The only thing criminal is if a company actively hides such flaws and won’t honour warranties – by doing the recall that is fixed as far as I’m concerned.
Let’s hope nobody will become KIA (= killed in automobile) from it…
Ba-dum tish!
Ah, sorry, airbag won’t deploy, so that’s:
Ba-dum splat
A large consideration for BGA packages is solder joints breaking when the pcb is put under mechanical stress, as they don’t have as much “flex” as a metal pin. There are ways to get around this, such as by potting with epoxy, trying to match physical characteristics between the PCB and IC, etc. I’d wager this is what was happening.
In this case surely that’s a major design consideration? The one time it actually has to work is when it is likely under significant mechanical stress!
I bought a pedestal fan once that had a sticker that read – warranty void if used in a hot environment.
I know high energy vibration testing is common but I wonder how common G force testing is??? It’s highly appropriate in this situation.
My wife just spent multiple days trying to get our local Kia dealership to resolve the last recall and I had a moment of “Dear God not again” but thankfully we aren’t impacted. Pro tip for dealerships, don’t schedule a recall repair without verifying you have the gosh darn part. And if you do, don’t leave a woman sitting in your waiting room for 3 freaking hours before coming out and telling her that she’ll have to come back. (And they did basically the same thing twice before getting it right with our last visit to the dealership that we were actually paying for. To answer the obvious question, if there’s a next time I’m going to take a day off so I can drive an extra 90+ minutes to go to a different dealership and so my wife doesn’t have to deal with it).
Sorry your wife had to deal with this. Unfortunately I don’t see which models are impacted in this article.
Yeah, sorry you are dealing with a shitty dealer. We had nothing but great experiences since our first 2008 Rondo. We moved and had two different dealerships, nothing but the best service from both. We are on my fifth Kia now. Only one recall, it was on our 2015 Soul and I didn’t even know they did the recall as they scheduled it within the regular maintenance schedule. Every manufacturer has recalls, some more severe and often than others.
Aaron, thankfully I was lucky. My Kia Ray (a “box-on-wheels” model not sold in the US) didn’t have the alarm and only a firmware upgrade was needed. They told me it would take 20 minutes but I was out in 15. There was no part to replace, and they clearly already had the patch on-hand. I kinda wish they did replace the ACU, because I wanted to take apart the old one and see inside. In fact, I’m tempted to go back and ask the guy if he has any defective units I could have.
Arguably they did fail safe by not deploying the airbag in an unknown situation – airbags are tricky things. Fail to deploy in a crash and – if you’re in the window between “would survive anyway” and “won’t survive regardless”, the failed airbag could kill you. But deploy at the wrong time, and it could also injure or kill you.
Frankly, I’m just glad I don’t have to be responsible for safety-critical systems.
The art of making things with predictable failure modes or even intrinsically safe are lost now.
Not putting mounting features in is a sign of an amateur designer.
bUt ThEyRe BeTtEr CaRs ThAn A bMw REEEEEEEEEEEEE lol
Dacia have an issue where the SRS microcontroller overheats and burns itself out (IIRC I have seen the same defect on some renaults and VAG products, visibly obvious as you can actually see the leadframe and die scorch-marks on the surface of the package) but in their wisdom if theres a fault in the SRS it wont let the car start! itll actually leave you stranded. Just nuts. .. So yes, kia put a light on. but it could be worse lol
Looks like a safety goal has to be redefined. I know that ACU is a safety module rated as ASIL D, what about the FMEDA and beyond that, the DFMEA results?
>It’s not clear if these broken EEPROM pin solder joints were present from the start and the factory test procedures didn’t catch the problem. Or did the pins left the factory intact and were subsequently broke due to bumps and vibrations.
We need a hero to get one, tear it down and do an analysis.