The cybersecurity risk of self-driving cars
Ten million self-driving cars will be on the road by 2020, according to an in-depth report by Business Insider Intelligence. Proponents of autonomous vehicles say that the technology has the potential to benefit society in a range of ways, from boosting economic productivity to reducing urban congestion. But others—including some potential consumers and corporate risk managers—have voiced serious concerns over the cybersecurity of the so-called fleet of the future. As one tech reporter put it: “Could cybercriminals remotely hijack an autonomous car’s electronics with the intent to cause a crash? Could terrorists commandeer the vehicles as weapons? Could data stored onboard be unlocked?”
We asked professor Engin Kirda —a systems, software, and network security accomplished who holds joint appointments in the College of Computer and Information Science and the College of Engineering—to assess the cybersecurity risk of self-driving cars, with a particular concentrate on how carmakers are working to keep autonomous vehicles safe from hackers.
Experts say that self-driving cars will be particularly susceptible to hackers. What makes them so vulnerable?
The response to this question depends on what kind of a self-driving car we are talking about and how connected the car is to the outside world. If the car does any significant computations by connecting to the outside world via the cloud, needs some sort of internet-connectivity for its functionality, or entirely relies on outside sensors for making all decisions, then yes, it might be susceptible to hackers.
In principle, any computerized system that has an interface to the outside world is potentially hackable. Any computer scientist knows that it is very difficult to create software without any bugs—especially when the software is very elaborate. Bugs may sometimes be security vulnerabilities, and may be exploitable. Hence, very elaborate systems such as self-driving cars might contain vulnerabilities that may be potentially exploited by hackers, or may rely on sensors for making decisions that may be tricked by hackers. For example, a road sign that looks like a stop sign to a human might be constructed to look like a different sign to the car. In fact, more and more research papers have been appearing lately that are demonstrating such tricks against machine learning systems.
“A cyber incident is a problem for every automaker in the world,” General Motors CEO Mary Barra said in a speech last year. “It is a matter of public safety.” How are automakers working to ensure that malicious actors do not take remote control of self-driving cars and, say, turn them into weapons of terror?
Unluckily, researchers have introduced several efficient hacks against some current carmakers. For example, a team of researchers at the University of California San Diego published a series of papers about five years ago in which it demonstrated hacks that could even activate the violates of a car while the car was traveling. Similarly, at Blackhat in 2015, Charlie Miller demonstrated a hack against a carmaker where he was able to remotely hijack the car.
As a result, car manufacturers, like other industries, are attempting to come up with defense technologies that can prevent attacks against their systems. I am not a car accomplished, but clearly, the less security vulnerabilities you have in your software, the less vulnerable you become to hacker attacks. Hence, I would imagine that a lot of effort is being put into designing secure, reliable systems. I would also guess that just like in passenger airplanes, cars of the future would also have different computer networks so that one network that is potentially compromised will not affect the car’s other sensitive computer networks.
Last fall, the Department of Transportation released guidelines for the development of self-driving cars and made cybersecurity part of a 15-point safety assessment of autonomous vehicles. In your opinion, what role should government regulators play in keeping self-driving cars safe from hackers? What about startups, a number of which have raised millions of dollars to develop software aimed at protecting autonomous vehicles from malicious attacks?
I am not sure the security problem can solely be solved by regulation. The government, in my opinion, needs to be involved, but it is amazingly difficult to test an existing complicated system and certify that it is secure. Rather, I think the government could check if car manufacturers are adhering to some predefined secure coding practices while ensuring they have taken some basic security precautions.
The security market is hot today, so it is not surprising to see startups raising money to address the secure car problem. However, I would take what a lot of these companies are promising with a grain of salt. I would need to see what they are doing or how they are planning to do it. Unluckily, the security company landscape is total of snake oil.
Would you feel safe in a self-driving car?
In 2017: Absolutely not if the car is downright autonomous. In 2027: Possibly. I think a lot will depend on how mature the technology will become. Right now, self-driving cars exist, but the human is in the loop to hop in if the car makes a mistake or needs input. Recently, a Tesla driver died in a self-driving car accident because he downright trusted the car to make the right choices. We do not truly have self-driving cars yet. Rather, we have semi-automated self-driving cars.
Provided by: Northeastern University
Daimler to supply self-driving cars for Uber
German auto giant Daimler on Tuesday said it had struck a partnership with Uber to supply self-driving cars for the US ride-hailing company.
Hack my car? Most believe it can happen
Most Americans have some concerns that self-driving cars can be hacked to cause crashes, disable the vehicle in some way or even be used as weapons by terrorists, according to researchers at the University of Michigan.
Connected, self-drive cars pose serious fresh security challenges
In a world where motor vehicles can be weapons and cars increasingly depend on internal computers and internet connections, automakers are under enlargening pressure to find ways to guard against cyber-attacks.
Lack of cyber security poses threat to modern cars
Cars are becoming increasingly smarter and are connected with each other and their surroundings to an enlargening extent via their on-board systems. From April 2018, it will be mandatory for all fresh cars manufactured in the .
Tesla fixes security in Model S after Chinese hack
Tesla said Wednesday that it had stationary a software vulnerability in its luxury electrified Model S sedan after a Chinese security team hacked a car’s systems and remotely managed it.
Honda, Google in talks on self-driving vehicle partnership
Honda is in talks with Google to install the tech company’s self-driving technology in Honda vehicles.