The fear of malicious actors taking control of glaring flaws in smart cars is on the rise. This threat is therefore considered to be one of the major technical challenges confronting the automotive industry today.
Car Manufacturers
Initially, car manufacturers were not very familiar with the cyber security community. From a hacker’s perspective, as more and more cars are connecting to the internet, the attack surface area increases drastically.
Remote access to vehicles could be gained through vulnerabilities in the connected ecosystem. With the series of controlled hacking demonstrations on autonomous vehicles leading to discovery of fundamental flaws, companies are starting to notice the potential security threats.
“Such incidents could demolish public confidence in autonomous vehicles overnight and undo years of costly research and development,” says Jan Mohr, who co-authored a research report on driverless cars.
Things are definitely changing and many manufacturers are starting to take notice.
Uber recently hired two security researchers who discovered the famous Fiat Chrysler flaw. In an article published by the Telegraph, Mohr says: “It is impossible to eliminate cyber security attacks, [so the industry] must shift its focus to managing them,” adding that people should be encouraged to find flaws with the security.
During the 23rd DEF CON, Tesla’s CTO personally thanked the hackers who uncovered six serious vulnerabilities in Tesla Model S sedan computer system and also announced the maximum payout of $10,000 for its bug bounty program.
Difference Between Autonomous and Driverless Vehicles
A blog post by The Economist highlighted the main difference between an autonomous and a self-driving car. It defined an autonomous car as a usual modern car with steering wheel and forward-facing seats, with the addition of features that assist the driver, such as automated breaking, adaptive cruise control and self-parking.
On the other hand, a self-driving or driverless car is very advanced, with no steering wheel and a complete driverless experience that relies on sensors, radar and GPS mapping.
Driverless Cars and Personal Information
Driverless cars relies heavily on external sensors, such as LiDAR, which is used in Google’s driverless cars.
A security researcher from the firm Security Innovation has written a paper on how to exploit LiDAR sensors using a low-powered laser. He will be presenting a talk on ‘Self-Driving and Connected Cars: Fooling sensors and tracking drivers’ at BlackHat Europe during November this year.
Apart from internal system hacking threats, privacy and exposure of sensitive data is another issue when it comes to customer safety in driverless cars. Personal information stolen from car system could be either sold or leaked to the public.
Driverless cars collect massive amount of data and essentially know everything about you – from the places you frequently travel to, your home and even the person you are traveling with. Imagine an array of cameras and sensors recording data every second. In the future, connected cars can pick up your personal behaviors and movements much similar to current smartphones.
In a video from Google’s self-driving car test during 2012 shows Steve Mahan drive from his house to a local Taco Bell. He is 95 percent blind. This shows the benefits of autonomous vehicles.
Imagine a drunk man reaching home safely in a self-driving car – there is no doubt this technology will improve passenger safety, as well as decrease accidents and bad driving habits.
But can these cars identify if you are drunk or blind, and accordingly prohibit switching or giving controls to the driver? Who is at fault if the car crashes?
Recently, Volvo confirmed that the company will "accept full liability" for collisions involving its autonomous vehicles.
Security will always remain a challenge for newly introduced technology. The car manufacturers should encourage security researchers in identifying vulnerabilities in the vehicle. This is a far better approach than waiting for an open vulnerabilities to be exploited by a bad hacker.
About the Author:
Ashiq JA (@AshiqJA) is a cyber security consultant and security writer with solid experience in the security field and expertise in risk management for banking applications, vulnerability management, security audits and assessments, security policies and procedures, risk mitigation, application penetration testing and secure software development. In his previous role as a security consultant, he performed application and network penetration tests, secure code reviews, server and device hardening checks, and conducted regular server and device configuration audits to ensure that systems are secured as per the security policy and plan, performed vulnerability assessments for identifying inconsistencies that may indicate various types of security loopholes.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.