Fortinet’s Mark Weir looks at the cyber threats facing driverless cars, as well as what it will take to secure the car of the future.
Cars are an essential part of our everyday life, and are crucial to transporting thousands of commuters on a daily basis through busy towns and cities, and from one country to another. With “smart” vehicles playing such a major role in our day-to-day lives, it’s no surprise that semi- and fully-autonomous transportation and the potential for driverless cars have become hot topics. Countries such as the United Kingdom, France, and Switzerland are already testing forms of autonomous cars on public roads. According to Gartner, driverless vehicles will represent approximately 25 percent of the passenger vehicle population in use in mature markets by 2030.
While highways full of driverless cars may be a shining vision of the future for some, from a hacker’s perspective they represent yet another opportunity to wreak havoc. Driven home by the rise in increasingly sophisticated cyberattacks and data breaches over the past several years, ensuring driver safety from cyberthreats has become a major development focus and challenge in the automotive and security industries.
A driverless car is a very advanced mode of transportation, possibly even without a readily available steering wheel. They have considerably more electronic components than “traditional” cars, and rely on sensors, radar, GPS mapping, and a variety of artificial intelligence to enable self-driving. These new guidance and safety systems must be integrated into the electronic onboard systems already present in modern day vehicles, connect wirelessly to the manufacturer, and probably even offer third-party services via the Internet. And that’s where the problems begin: with hackers remotely accessing a vehicle and compromising one of its onboard systems, resulting in a range of risks from privacy and commercial data theft, to actual physical risks to people and property.
Here are some attacks that are likely to be targeted at highly connected and autonomous cars:
Privilege escalation and system interdependencies:
Not all systems and in-car networks will be created the same. Attackers will seek vulnerabilities is lesser-defended services, such as entertainment systems, and try to “leap” across intra-car networks to more sensitive systems through the integrated car communications systems. For instance, a limited amount of communication is typically allowed between an engine management system and an entertainment system to display alerts (“Engine fault!” or “Cruise Control is Active”) that can potentially be exploited
System stability and predictability:
Conventional, legacy car systems were self contained, and usually came from a single manufacturer. As new autonomous cars are developed, they will very likely need to include software provided by a variety of vendors – including open source software. Information technology (IT), unlike industrial controls systems such as legacy car systems, are not known for predictability. IT systems, in fact, tend to fail in unpredictable manners. This may be tolerable if it is just a matter of a web site going down until a server re-boots. It is less acceptable in the event of a guidance systems being degraded even slightly when an adjacent entertainment or in-car Wi-Fi systems crashes or hangs.
Also expect to see known threats be adapted to this new target, expanding from common Internet platforms like laptops and smart phones an IoT device like an autonomous car. For instance:
Ransomware is certainly on the rise on PCs and mobile phones. But driverless cars represent an almost ideal target. Imagine the following scenario: a hacker uses the in-car display to inform the driver that his car has been immobilized and that a ransom must be paid to restore the vehicle to normal operation. While a laptop or tablet may be restored relatively easily with potentially no damage, assuming backups are available, a car is a very different story. The owner may be far from home (the ransomware could be programmed to only launch when the car is a predetermined distance from its home base.) Naturally, few dealerships would be familiar with resolving this sort of problem, and specialist help would most likely be required to reset affected components. The cost of such a ransom is expected to be very high, and will likely take time. In the meantime, the vehicle may have to be towed. So the question is, what is the amount of the ransom demand that we expect to see? Estimates are that it is likely to be significantly higher than for traditional computer ransomware, but probably less than any related repair costs so that the car owner is tempted to pay.
Perhaps a more attractive target for hackers is collecting data about you through your car. Driverless cars collect massive amounts of data, and know a lot about you – including your favorite destinations, your travel routes, where you live, how and where you buy things, and even the people you travel with. Imagine a hacker, knowing that you’re traveling far from home, sells that information to a criminal gang who then breaks into your home, or uses your online credentials to empty your bank account.
That last risk exists because your driverless and connected vehicle is likely to become a gateway for any number of electronic transactions, such as automatic payment of your daily morning coffee, or parking charges, or even repairs. With sensitive information stored in the car, it becomes another attack vector to obtain your personal information. And with RFIDs and Near Field Communications (NFC) becoming commonplace in payment cards, accessing their details through your car would be another way to capture data about you and your passengers.
And last but not least, there are legal and authenticity issues. Can we consider the location data of the car as authentic? That is, if your car reports you opened it, entered it, and traveled to a particular location at a certain time of the day, can we really assume everything happened as recorded? Will such data hold up in court? Or can this sort of data be manipulated? This is an issue that will need to be addressed. Similarly, if cars contain software from several different providers, and spends the day moving from one network to another, who is accountable or liable for a security breech and resulting losses or damage? Was it a software flaw? Was it negligent network management? Was it on-board user-error or lack of training?
So, the question becomes, how do we secure autonomous cars?