• United States



Contributing writer

The ‘autonomous,’ hackable car

Oct 09, 20139 mins
Application SecurityCar TechCybercrime

Driverless cars are coming, with almost magical convenience features. But experts say they are a long way from secure

It is time to start thinking of your car as another mobile device.

And that is both a good and bad thing. The almost magical capabilities of mobile devices help workers to be vastly more productive and collaborative, while keeping them much more entertained and connected during their off hours. A self-driving car could, in different ways, do the same.

[Your (not-so) smart home]

But those handheld devices also expose users to risks like the loss of assets and/or confidential information. Which raises the obvious question: If the best security available can’t protect your smartphone, how is it going to protect you in your car?

It’s one thing to have your credit card numbers stolen. It’s another thing entirely to have your brakes suddenly disabled as youre heading at high speed toward an overpass abutment or the truck in front of you.

Security experts are increasingly issuing warnings about those risks because, at least so far, securing those systems is not a priority. And computerized, connected “autonomous” cars are coming, perhaps more quickly than most people realize.

Internet search behemoth Google has already demonstrated an autonomous vehicle on a test course. Nevada already has a law, which took effect in March 2012, permitting the operation of autonomous vehicles on public roads. Florida followed that April, with a law that allows testing them on public roads, and California followed with a similar law last September.

Earlier this year Toyota unveiled its semi-autonomous Lexus Advanced Active Safety Research Vehicle, a car that while it does not drive itself, is, “designed to take over from you when an accident is imminent to keep you in one piece.”

Nissan has said it will have a car that can operate autonomously available by 2020. And surely it will not be alone. The IEEE (Institute of Electrical and Electronics Engineers) issued a press release last month predicting that 60 percent of vehicles on the road will be Internet connected by 2025. It also predicts that 75 percent of the cars on the road will be driverless by 2040.

[Privacy not in Eric Schmidt’s vision of the future]

French President Francois Hollande said just this week that he hopes development of new technologies like driverless cars will help to revive that nation’s industrial economy.

A next-generation, autonomous car will, obviously, be a mobile devicde in an entirely different way. You won’t carry it, as you would a smartphone or a laptop. It will carry you. It will be very smart and very observant — while the average human has a 200-degree range of view, it will see 360 degrees. It will make your current GPS capability look hopelessly obsolete. It will be part of the Internet of Things — connected to transportation infrastructure like signs and traffic lights, plus other vehicles.

That opens a stunning range of possibilities. Vehicles that are interconnected and not burdened by human error should be able to travel closer together at higher speeds without risk of collisions. Commuters should be able to get in their cars, set the destination and then sit back, have a cup of coffee and do some reading, as if they were riding the train. Your car should be able to find out about heavy traffic on one route, and take you on another that is less congested.

[Researchers show ways to bypass home and office security systems]

Elders who would otherwise have lost their licenses, and therefore their freedom to drive, would be able to have their vehicles take them safely to any number of destinations — doctor appointments, shopping and social events. Nobody would have to worry about speeding violations. Insurance premiums would go down. And who wouldn’t like the error-free version of a designated driver to take them home after a night of hard partying?

But that also illustrates the problem: Cars with such crucial capabilities are not guaranteed “error-free” yet. Kevin Curran, IEEE Senior Member and professor of Computing and Engineering at the University of Ulster, U.K., notes what many of his colleagues note — this kind of connectivity means that, “a breach in one network may cause havoc in another. Hackers could potentially have the ability to affect audio features, disable the vehicle’s ignition, override braking systems and infect the software with Trojans and viruses.”

“Anything with communication chip on board can be remotely accessed,” Curran said in an interview. “Given enough sophistication and the person compromising it having the expertise — there’s the worry,” he said.

Indeed, earlier this summer, hackers Charlie Miller and Chris Valasek demonstrated their ability to hack into the Electronic Control Units (ECU) of a Toyota Prius and a Ford Escape. They didn’t do it remotely, but the message was clear: with the right access, a hacker can take control of a car’s fundamental systems — the gas, the brakes, the steering wheel and more.

[Will your next car steal itself?]

So, given that this technology is still in its infancy, it would seem that this is an opportunity to build security into the systems from the ground up. But most experts say that wont happen — that history will repeat itself and security will be an afterthought.

The focus instead, Curran said, “will be convenience and features,” in part because of, “a lack of people (in development) who specialize in security. It’s hard to convince management to spend on security when everything is going fine.

“You may know how easy it is to hack. But how do you convince the boss?” he said.

Stan Kiefer, senior security architect at The Hacker Academy, agrees. “Across many sectors, history has proven even when given the opportunity, security is usually bolted on top of functionality,” he said. “Most times, security is not a requirement, its a checklist or test done at the 85-100% mark of engineering.”

[Australian-developed vehicle accident prevention technology to hit world stage]

Roger Thornton, CTO of AlienVault, says essentially the same. “This is something we, as a species and an industry, have a very bad track record for,” he said.

But, he adds that nothing is totally secure. “The field of cyberdefense is one of cat-and-mouse, where our latest defenses simply become the base line for our adversaries’ next innovations,” he said.

“To make any technical endpoint – a car, phone, PC – truly secure is a virtual impossibility while still leaving it useful to the user. The saying goes, the only secure computer is unplugged and buried in 20 feet of concrete. The same would go for a connected car.”

That is Kiefer’s view as well. “Given the speed at which vulnerabilities are found and exploited these days, compared to the engineering/production cycle of vehicles, a car designed secure two years ago will be easily hacked once it hits the road,” he said.

“The major task will be to develop an autonomous framework that has been designed with security in mind, and then build upon it. A lot could be learned from existing security frameworks such as those for nuclear weapons or highly reliable systems used in the U.S. space program,” he said.

James Arlen, senior security consultant with Leviathan Security Group and a hacking expert, offers a reminder that American roads are not exactly safe now, with individual drivers presumably in control.

[Car hack highlights march toward remote control of critical systems]

“Honestly, in a system where your ability to drive is tested only at ages 16 and 80, with ineffective, revenue driven enforcement for the interval, I’d feel safer having MS Clippy (the old, now defunct Microsoft Office Assistant) at the wheel,” he said. “With around 40,000 road deaths in the U.S. every year alone, anything at all would be safer.”

Still, even if a driver (or rider) is statistically safer in an autonomous car, will owners trust it enough to give up control without some major security assurances?

Kevin Curran believes it will happen – gradually – as people become accustomed to the idea and also because manufacturers and developers will be confronted by liability risks.

“The motivation for security will be there,” he said. “Everyone involved in the design could be held liable in a collision. Litigation could go back to third-party software design.”

Stan Kiefer agreed, noting that in every industry, security becomes a priority when it has an impact on investment and profit. “The cost/risk balance will be mitigated to the level it makes economic sense,” he said.

Roger Thornton believes it will take improvements in three areas – digital, connected and autonomous – to gain the trust of the average driving public. The technological capability of an autonomous car, he said, will likely drive the vehicle much better than a human could. The greater risks are in the digital and connected areas.

[Computerized conveniences make cars next target for hackers]

“Any digital car is going to have issues with CPUs crashing,” he said. “I had one of the original BMWs that came with navigation system, and that version had numerous software problems that they eventually corrected. I am sure cars will eventually be on the side of the road due to digital failures too — they may have already.”

But, he said the auto industry, like aviation, will, “introduce digital controls into complex systems without incurring catastrophes through effective design and use of redundancy.

“A secure car will start with a security concept we call ‘CIA’ — not the spy agency, but confidentiality, integrity, availability. That means making sure that the communications channels are restricted to a well-known authenticated server and its failover systems over a secure channel that is always available. This has proven very difficult to do, but has effectively been put in practice already today in many fields,” he said.

Kiefer said trust in security will increase with redundancy. “The security system would need to be built upon a secure communication protocol by which only authorized participants could talk,” he said.

But, in the event of compromised communication, “a series of checks and balances would need to be put in place using independent verification methods. In other words, if one method tells the car to do something, at least two other methods would validate the requested action using other means to determine if the requested action is safe and secure,” he said.