24 Aug Cybersecurity: The Speed Bump for Driverless Cars
Cyber security has been priority one since the day the internet was invented and with the rise in Artificial Intelligence and its seamless integration into everyday products the need for cybersecurity has shot up exponentially.
If there’s anything we have learnt from the WannaCry and recent Ransomware attacks, it is that even with high tech antivirus and cybersecurity solutions, the internet is still a vulnerable place. Wired magazine’s reporter Andy spoke of his experience riding in a hacked autonomous car. The hack itself was an experiment by white-hat hackers and Andy agreed to be the lab rat. His autonomous car was hijacked by two researchers, who first took over little commands like the radio and air conditioning but finished off by having complete control over the ECU, which meant access to the accelerator and braking system. Imagine the havoc they could have caused.
How Are Autonomous Cars Hacked
When it comes to a computerized machine there’s more than one point of vulnerability. Every port and function that connects to the internet is a potential gateway.
An OBD is a system that collects diagnostic data so the owner or a repairman can access it and find or fix problems with the car. By regulation it should be within 2 feet of the steering wheel and is usually located under the dashboard. The ‘fix engine’ light that comes on on your dashboard is a result of the OBD. The OBD has a connection to the ECU (engine control unit) in order to collect vital information, which is the first red flag for a cybersecurity engineer.
Over the years the function of the OBD has evolved and today, because it accesses all the computerized systems in the car, a number of devices can be connected to the OBD for information. Some are as simple as a USB device and some are sophisticated, like telematics devices. Because of its connection to every computerized unit and the ECU, and its easy accessibility, the OBD becomes a hotspot for hacking. Inserting a contaminated pen drive can be enough to hack the OBD system.
Controller Area Network
The CAN Bus is an internal communications network in a vehicle. Every microcontroller, chip and device connects to the CAN Bus and relays information through this network. The need for this level of interconnectivity is because of the large number of processors in today’s vehicles. There’s one for ABS, power steering, airbags, cruise control etc and they need to each communicate with other ECUs and the CAN Bus makes this possible.
This connected network is what becomes a massive vulnerability. Hackers can take over computer networks, sometimes even without directly connecting physical components. If they find a way to take over the network and gain access to the CAN Bus, they essentially gain access to every processor within the vehicle.
Every electronic device connects to the internet, even refrigerators! Vehicles connect to the cloud for telematics or to the internet for information. There is constant flow of wireless data and this becomes a potential point for hacking. This is why Waymo, Google’s autonomous car division hinted their self-driving cars will have minimal contact with the internet.
What are the Repercussions?
A hacked autonomous vehicle is a ticking time bomb. For starters, hackers can access the ECU to control the cars accelerator and braking system and basically control the car. They can ‘blind’ sensors, which essentially are the eyes of an autonomous car. A car sensor can be tricked to ignore a stop sign or a speed limit sign.
The good news is that the government has been actively regulating manufacturers and there are policies in place to ensure safety. Companies dedicated to cybersecurity have been designing network, ECU and processor security tools and there seems to be a positive movement in securing autonomous cars.