10 Oct The Real Obstacle to Driverless Cars: Hackers
The race to launch a level 5 fully automated car, one that is capable of handling every automotive task a human would, is underway with all the big guns in the industry like Google, Uber, Tesla and Audi, making huge technological advancements.
When it comes to a car that is being operated by a computer, the number one priority is of the safety of its passengers. To ensure the autonomous car is always aware, manufacturers have designedand incorporated visual systems like Lidar and Cameras, analytics systems like Telematics and computing systems like Artificial Intelligence. As manufacturers continue to advance, they are quickly realizing thata bigger threat to safety lies outside the car.
A few years ago, Charlie Miller and Chris Valasek demonstrated the hacking of a Jeep Cherokee with WIRED magazine’s writer Andy Greenberg in the driver’s seat. As Andy drove on a highway, Charlie and Chris took remote control of the car from their apartment miles away. They first played little tricks like turning on the radio to full volume and switching on the windscreen wipers. But to fully show the power a hacker has over an autonomous car, they killed the engine and even with a human hitting the gas pedal, the car came to a stop in the middle of a highway packed with zooming cars.Since this demonstration, engineers have applied extra efforts into the overall cybersecurity of an autonomous vehicle.
How do hackers actually take control of an autonomous car?
Where There is Technology, There is Vulnerability
No computing device, unfortunately, can be made a hundred percent safe. Vulnerability is just the price we pay for technological development. As the number of electronic devices increases, so does the chances for being hacked.
While an autonomous car’s critical components like the AI or the ABS system can be tightly secured, there are smaller electronic systems like the track player or the GPS system that manufacturers sometimes pay less attention to. If a hacker gains controller of even the smallest component, they can quickly take over the car through the CAN bus that connects all microcontrollers, even the one on the hacked component.
Car manufacturers intend to launch driverless taxis to make the entire transport system simpler and cleaner. Hackers take taxi rides too. A hacker can easily insert or convince the driver to insert a USB device with the pretext of playing music, and discreetly upload malicious files.
How To Safeguard Such a Complex Machine?
Granted, manufacturers will probably never be able to promise a hundred percent guarantee of safety, but there are precautionary steps that can be taken to come close.
1. Safeguard Vulnerable Points:
An autonomous car’s most vulnerable points are the Bluetooth, Telematics (CDMA/3G/4G/LTE), Wi-Fi, Tire Pressure Monitoring System (TPMS), Remote Keyless Entry and downloaded apps. Hackers mainly focus on first corrupting on of these systems and then take over the car. While the working of each of these components is proprietary and not privy to a hacker, they can simply buy a car and embed sniffers to learn the technology.
2. Added Security to Control Units:
Although hackers look to corrupt vulnerable points like the Wi-Fi system, they cannot cause much damage with it. Through this entry point, however, they look to enter the CAN Network which essentially is the spine of an autonomous car. Every microcontroller in the car communicates via the CAN bus and access to it means access to every component. Once taken over, hackers will look to control the ABS, Transmission, Engine, Steering, Self-Parking and Sensors. Each of these systems give hackers remote control to the speed and safety of the vehicle, and need to be especially secured.
3. Controlled Updates:
The autonomous cars safety does not begin and end with the manufacturer. Owners are expected not to simply download apps and updates that are not yet verified. Third party applications and devices are almost always the root for hacks.
4. Cryptographic Keys:
Charlie Miller and Chris Valasek point out that they hacked the Jeep Cherokee via its vulnerable third party devices. In this case, it was a Harman manufactured Uconnect system. While manufacturers of cars and devices never give out system information, the white-hackers simply bought a device, opened it up and uploaded a sniffing software. This just goes to show that every device involved can be a potential threat and needs to be considered as one. One form of security could be to install cryptographic keys to every device that only the manufacturer can decode, making it extra secure.