NASA on Toyota: Tin Whiskers May Be An Issue

The headline for the NHTSA/NASA report on the Toyota unintended acceleration, as widely reported, was that Toyota's electronics were not at fault, because the overwhelming evidence was that people were either pressing the wrong pedal, or the pedal was entrapped/stuck.

NASA evaluated Toyota's diagnostic strategy, and as I blogged about before, found that the only way to have an undetected failure with a runaway throttle would be a very specific mutli-point failure, virtually impossible in the real world.  This was professor Gilbert's trick, which I covered here

However, buried in the NASA report (here) was one interesting find.  One customer returned pedal, while it did not cause unintended acceleration, did result in "jerky" throttle response and sometimes did not set a fault.  It turned out that a "tin whisker" had grown between the pins of the two pedal position sensors.

Vehicle testing using a defective potentiometer accelerator pedal assembly from a VOQ vehicle with a resistive short, within a narrow range of values between the sensors outputs, identified a vulnerability that may compromise nominal limp home mode fail-safe operation on subsequent ignition key cycles and affect the malfunction indicator lamp (MIL) display and/or DTC  generation under certain specific conditions. Destructive physical analysis of this pedal assembly found tin whiskers, one of which had formed the resistive partial short circuit between the pedal signal outputs.  A second tin whisker  of similar length was also found in this pedal assembly that had not caused an electrical short.  If a resistive short between the potentiometer accelerator pedal signal outputs exists, the system  may be vulnerable to a specific second fault condition that could theoretically lead to UA.However, if resistive faults were occurring during normal use, DTCs would be expected from at  least the first ignition key cycle and the following cycles that did not meet the specific criteria.  Subsequent review of the warranty data does not support an observable failure signature of  pedal-induced DTCs. Electrical measurements on six VOQ vehicles found no indication of the resistive paths necessary for this failure scenario.

This condition must be very rare, and is not an explanation for the many UA cases that NHTSA investigated.  However, I think a smarter design would not have the two position sensor pins located next to one another.  If a tin whisker had grown between the sensor pin and ground, for example, a fault would have likely been triggered.